This course provides students with the latest techniques and methods needed for extracting, preserving and analyzing volatile and nonvolatile information from digital devices. Students will gain exposure to the spectrum of available computer forensics tools along with developing their own tools for special need situations. The core forensics procedures necessary for ensuring the admissibility of evidence in court, as well as the legal and ethical implications of the process, will be covered on both Unix and Windows under multiple file systems.
Describe court admissibility investigative process and procedures.
Identify, analyze, and demonstrate current and emerging technologies used in digital forensics.
Identify and apply appropriate tools for memory forensics acquisition and analysis.
Demonstrate the capability of applying and modifying programs to enhance the retrieval and analyzing of digital evidence.
Write and present a forensics report.
The materials within this course focus on the Knowledge Skills and Abilities (KSAs) identified within the Specialty Areas listed below. Click to view Specialty Area details within the interactive National Cybersecurity Workforce Framework.