This course studies techniques and tools in computing investigation, digital evidence collection, recovery, and analysis.
Topics include: Legal issues relating to digital evidence, recover deleted files and discover hidden information, reconstruct user activity from e-mail, temporary Internet files and cached data, assess the integrity of system memory and process architecture to reveal malicious code.
Offered fully online or hybrid (1 lecture/week), 3 Credit hours. Instructor led.
- Define and explain the role of digital forensics in the incident response and investigatory process.
- Identify the requirements for proper evidence collection, handling and storage.
- Identify and explain basic techniques to properly collect and analyze evidentiary data using appropriate tools and techniques in common scenarios.
- Organize and present evidentiary data and investigatory findings for use in corporate or legal proceedings.
If you would like to provide feedback for this course, please e-mail the NICCS SO at NICCS@hq.dhs.gov.