One of the most common skills needed and tasks conducted in a cyber security program is digital forensics and incident response. In order to properly collect and analyze digital data in support of IT investigations requires equal parts of technical mastery, investigation prowess, legal understanding, and business understanding. This requires deep knowledge of operating systems and file systems, attacker methodologies and threat landscape, location and meaning of forensic artifacts, and legal implications of conducting various types of investigations. This course will introduce students to the tools, techniques, and procedures employed by digital investigations teams found at various sizes and types of organizations in order to be able to properly assess the effectiveness of these teams and how they fit into the larger picture of the IT security program. This is course is extracted from a course that prepares students for the CCFP, CCE, and CHFI certifications that has been specifically tailored to the FDIC's course requirements. Students will learn basics of various digital forensics tools, techniques, and procedures. Students will learn the skills necessary to properly collect digital evidence, how to properly handle that evidence, what artifacts to look for in that evidence, and to properly report the findings. Specific attention will be placed on various industry best practices and when different practices should and should not be applied in order to prepare students to understand and audit the effectiveness of forensics teams.
This course is only available on-site at your location.
- Introduction and Background, What is forensics, Why do we need/use forensics, When should we not use forensics, Senior management/Board involvement, Organizational Team Structure,
- Legal and Ethical Principles, Justification for investigation, Authority to investigate, Nature of Evidence, Rules of Procedure, Role of Expert Witness, Codes of Ethics,
- Investigations, Investigative Process, Evidence Management, Criminal Investigations, Civil Investigations, Administrative Investigations, Response to Security Incidents, e-Discovery,
- Forensic Science, Fundamental Principles, Case Planning, Forensic Methods, QA, Control, Management,
- Digital Forensics, Media and File System Forensics, Operating Systems Forensics, Network Forensics, Mobile Devices, Multimedia and Content, Virtual System Forensics, Forensic Techniques and Tools, Anti-Forensic Technology and Tools,
- Application Forensics, Software Forensics, Web, Email, and Messaging, Database Forensics, Malware Forensics,
- Hybrid and Emerging Technologies, Cloud Forensics, BYOD, Social Networks, Big Data Paradigm, Control Systems, Critical Infrastructure, Virtual/Augmented Reality
The materials within this course focus on the Knowledge Skills and Abilities (KSAs) identified within the Specialty Areas listed below. Click to view Specialty Area details within the interactive National Cybersecurity Workforce Framework.
If you would like to provide feedback for this course, please e-mail the NICCS SO at NICCS@hq.dhs.gov.