Computer hacking forensic investigation is the process of detecting hacking attacks and properly extracting evidence to report the crime and conduct audits to prevent future attacks. Computer forensics is simply the application of computer investigation and analysis techniques in the interests of determining potential legal evidence. Evidence might be sought in a wide range of computer crime or misuse, including but not limited to theft of trade secrets, theft of or destruction of intellectual property, and fraud. Computer forensic investigators can draw on an array of methods for discovering data that resides in a computer system, or recovering deleted, encrypted, or damaged file information. This includes recovering deleted email, restoring erased images, and more.
After completing this course, students will be able to:
- Implement the process of investigating cybercrime, laws involved, and the details in obtaining and executing a search warrant.
- Identify different types of digital evidence, rules of evidence, digital evidence examination process, and electronic crime and digital evidence consideration by crime category.
- Assume the role of first responder to IT security incidents. This includes building and using the first responder toolkit, securing and evaluating electronic crime scene, conducting preliminary interviews, documenting electronic crime scene, collecting and preserving electronic evidence, packaging and transporting electronic evidence and reporting the crime scene.
- Recover deleted files and deleted partitions in Windows, Mac OS X, and Linux.
- Recover deleted email, images, documents, and other files containing relevant evidence.
- Conduct a forensic investigation using Access Data FTK and Encase.
- Identify the use of steganography and its techniques, and conduct steganalysis.
- Analyze image files for forensic data.
- Use password cracking tools and various types of password attacks to investigate password protected file breaches.
- Identify different types of log capturing techniques, log management, time synchronization and log capturing tools.
- Investigate logs, network traffic, wireless attacks, and web attacks.
If you would like to provide feedback for this course, please e-mail the NICCS SO at NICCS@hq.dhs.gov.