This 40-hour course presents a detailed and methodological approach to computer forensics and evidence analysis. This will enable candidates to understand the often complex issues associated with investigating cyber-crimes, handling of digital evidence, detection methods and proof, in a variety of digital forensic contexts, including computers, networks and portable digital devices. Each module will build upon the knowledge gained from previous modules. This course will introduce cutting edge technologies and methodologies, alongside fundamental building blocks, allowing candidates to simultaneously understand the theory and practical aspects in dealing with digital investigations.
The primary topics covered in the course are intended to prepare candidates to:
- Understand the function and limitations of forensic investigations.
- Understand procedures used in conducting forensic investigations.
- Guide first responders towards successful data acquisition and preservation.
- Describe digital forensics and relate it to an investigative process.
- Explain the legal issues of preparing for and performing digital forensic analysis. based on the investigator's position and duty.
- Be aware of (digital) evidence storage preparation and requirements.
- Perform basic digital forensic investigations.
- Demonstrate use of digital forensics tools and their underlying principles.
- Size and set up a digital forensic lab.
- Conduct simple binary analysis on files with unknown and possible malicious functionality.
- Recognize the state of the practice and the gaps in technology, policy, and legal issues.