An introduction to the fundamental concepts behind the collection and analysis of the digital evidence left behind in a digital crime scene. Topics include the identification, preservation, collection, examination, analysis, and presentation of evidence for prosecution purposes. Discussion also covers the laws and ethics related to computer forensics and challenges in computer forensics. Network forensics is briefly explored. A specific project on computer forensics or network forensics in a hypothetical scenario based on the inputs from government agencies and commercial organizations is assessed by a team of experts who are working in the field.
Upon successful completion of the course, the student should be able to:
Define computer forensics, digital forensics, and network forensics.
Explain computer/technology law related to computer forensics, digital forensics, and network forensics.
Discuss major legal issues related to criminal prosecution and civil actions.
Explain the importance of ethics and professional conduct in a digital forensic investigation.
Explain the rules for digital evidence.
Apply a systematic approach to an investigation.
Demonstrate a proper course of action for conducting a digital forensics investigation.
Describe guidelines for acquiring digital evidence at a computer incident or crime scene.
Explain Chain of Custody in the context of an actual case.
Illustrate methods of digital evidence identification, acquisition, authentication, examination, analysis, and presentation.
Develop a written report that outlines the evidence admissible in a court of law, identifies the source of that evidence, and produces a timeline for that evidence.
The materials within this course focus on the Knowledge Skills and Abilities (KSAs) identified within the Specialty Areas listed below. Click to view Specialty Area details within the interactive National Cybersecurity Workforce Framework.