Digital Forensics Basics, Web-Based
This course covers investigative methods and standards for the acquisition, extraction, preservation, analysis and deposition of digital evidence from storage devices. This course
offers a wide array of forensics situations that are applicable to the real world. Students will learn how to find traces of illegal or illicit activities left on disk with computer forensics tools and manual techniques, and how to recover data intentionally hidden or encrypted by perpetrators.
At the end of this course, participants will be able to:
• Demonstrate the ability to differentiate the value of data versus information and the terms bit and byte
• Demonstrate knowledge of how related data "chunks" are organized as files, why files are organized into directories or folders, and how directories are organized into partitions.
• Demonstrate knowledge of the organization of bits in disk and flash media.
• The trainee will demonstrate knowledge of highly available storage media, computer's boot process, and the cooperative role of the process manager and memory manager.
• Demonstrate knowledge of the file-system and the file-system drivers.
• Demonstrate knowledge of how data and metadata are stored and how data can be hidden on storage media.
• Demonstrate knowledge of the default file system structure of Windows and UNIX/Linux.
• Demonstrate knowledge of general forensics and evidence and digital forensics and digital evidence.
• Demonstrate knowledge of the triad of computer forensics.
• Demonstrate knowledge of why and how to plan in preparation for investigations and to journal the steps of an investigation.
• Demonstrate knowledge of case reviews or post-mortems.
• Demonstrate the ability to describe the work environment of a digital forensics investigator.
• Demonstrate knowledge of the tools required to perform investigations, why continuing education is required, and separation of duties of forensics investigations.
• Demonstrate knowledge of how procedures impact the forensics investigation.
• Demonstrate the ability to discuss how to prepare for evidence gathering.
• Demonstrate knowledge of how to maintain the chain of custody, acquire and reconstruct digital evidence, and validate digital image evidence.
• Demonstrate knowledge of strategies for extraction of evidence and how software tools can assist in extraction.
How this course is offered:
This is an internet-based course that can be accessed at www.teexwmdcampus.com.
Prerequisites & Other Information:
Information Security Basics or equivalent knowledge and/or experience
No tuition is charged.
Emergency Medical Service
Public Safety Communications
Texas Division of Emergency Management