This course studies techniques and tools in computing investigation, digital evidence collection, recovery, and analysis.
Topics include: Legal issues relating to digital evidence, recover deleted files and discover hidden information, reconstruct user activity from e-mail, temporary Internet files and cached data, assess the integrity of system memory and process architecture to reveal malicious code.
Define and explain the role of digital forensics in the incident response and investigatory process.
Identify the requirements for proper evidence collection, handling and storage.
Identify and explain basic techniques to properly collect and analyze evidentiary data using appropriate tools and techniques in common scenarios.
Organize and present evidentiary data and investigatory findings for use in corporate or legal proceedings.
The materials within this course focus on the Knowledge Skills and Abilities (KSAs) identified within the Specialty Areas listed below. Click to view Specialty Area details within the interactive National Cybersecurity Workforce Framework.