National CAE Designated Institution
  • Classroom
  • Online, Instructor-Led
Course Description

This course studies techniques and tools in computing investigation, digital evidence collection, recovery, and analysis.

Topics include: Legal issues relating to digital evidence, recover deleted files and discover hidden information, reconstruct user activity from e-mail, temporary Internet files and cached data, assess the integrity of system memory and process architecture to reveal malicious code.

Offered fully online or hybrid (1 lecture/week), 3 Credit hours. Instructor led.

Learning Objectives

  1. Define and explain the role of digital forensics in the incident response and investigatory process.
  2. Identify the requirements for proper evidence collection, handling and storage.
  3. Identify and explain basic techniques to properly collect and analyze evidentiary data using appropriate tools and techniques in common scenarios.
  4. Organize and present evidentiary data and investigatory findings for use in corporate or legal proceedings.

Framework Connections

The materials within this course focus on the Knowledge Skills and Abilities (KSAs) identified within the Specialty Areas listed below. Click to view Specialty Area details within the interactive National Cybersecurity Workforce Framework.

Feedback

If you would like to provide feedback for this course, please e-mail the NICCS SO at NICCS@hq.dhs.gov.