This course begins with lectures discussing the laws and rights to privacy by individuals and what organizations may or may not do. Online ethics are considered. It then moves on to understanding incident handling and how incident response teams work, managing trouble tickets, and basic analysis of events to determine if an incident has occurred. It concludes with computer forensics issues and practices, and rules of evidence.
- Given a scenario, explain the appropriate actions and activities in each phase of the incident
- handling life cycle.
- Explain the methods of integrating forensics in the incident handling process.
- Explain the investigative process and reconstruction.
- Explain the use of digital evidence in a courtroom.
- Demonstrate the use of FTK Imager to make a forensically sound duplication of a given media.
- Demonstrate the use of FTK Imager to mount and image and use other tools to process evidence.
If you would like to provide feedback for this course, please e-mail the NICCS SO at NICCS@hq.dhs.gov.