A study of the processes and technologies used in the collection, preservation, and analysis of digital evidence in local, networked, and cloud environments. Discussion covers validating data, reporting evidence, and preparing depositions, as well as recovering information from encrypted, obscured, or deleted sources. Topics also include emerging forensic issues in computer, peripheral, and mobile environments and their global implications.
At the end of this course, students should be able to
Develop and utilize a methodology for digital evidence collection, preservation, and analysis.
Develop incident response plan and procedures for a variety of digital forensic situations.
Evaluate environment for global/international influences and determine implications on forensic procedures.
Analyze file systems and integrate understanding into digital artifact recovery processes.
Appraise appropriate digital forensic techniques for Network, Internet, and Cloud-based environments.
Formulate search and evaluation criteria for target media and interpret results.
Construct procedures for recovery of encrypted, obscured, and/or deleted artifacts.
Incorporate validated forensic results into appropriate action plans, reporting, information sharing, and information archiving procedures.
The materials within this course focus on the Knowledge Skills and Abilities (KSAs) identified within the Specialty Areas listed below. Click to view Specialty Area details within the interactive National Cybersecurity Workforce Framework.