Digital Forensics: Foundations

Paths

Digital Forensics: Foundations

Authors: Ricardo Reimao, Christopher Rees, Bobby Rogers

Digital Forensics is defined as the process of preservation, identification, extraction, and documentation of computer evidence which can be used by the court of law. It is a... Read more

The courses that will be delivered in this skill are as follows:

  • Incident Forensics: Digital Media Acquisition (NICE KSA's covered K0002, K0003, K0042, K0155, K0156, , K0042, S0047, T0175)
  • Coming soon - Enumerating computer systems, peripherals and devices as a forensics analyst (NICE KSA's covered K0109, K0122, S0074, T0286)
  • Threats, Attacks, and Vulnerabilities for CompTIA Security+ (NICE KSA's covered K0004, K0005, K0006, K0070, K0119, K0179, K0184, K0187, K0624)
  • Coming soon - Investigating encrypted systems and hashed or digitally signed material (NICE KSA's covered K0060, K0077, K0078, K0117, K0122, K0128, K0132, K0133, K0167, K0224, T0027, T0216)
  • Coming soon - Enumerating operating systems as a forensics analyst
 (NICE KSA's covered K0060, K0077, K0078, K0117, K0122, K0128, K0132, K0133, K0167, K0224, S0067, S0075, T0027, T0216)
  • Legal and Ethical Considerations for Digital Forensics (NICE KSA's covered K0003, K0155, K0156, K0167, K0168)

Pre-requisites

  • Knowledge of basic networking concepts (CompTIA Network+)
  • Knowledge of fundamental information security concepts (CompTIA Security+)
  • Basic knowledge of LInux and Windows operating systems

Digital Forensics: Foundations courses

The 6 Digital Forensics: Foundations courses in this skill are the first of 3 skills that will form the underlying knowledge needed to perform the role of a Digital Forensics Analyst. This skill been created based on the NIST NICE Cybersecurity Workforce Framework knowledge, skills, abilities (KSA's) and tasks outlined in the Cyber Defense Forensics Analyst work role (IN-FOR-002) and the DoD Cyber Workforce Framework (DCWF) Cyber Defense Forensics Analyst work role (ID: 212)

The courses that will be delivered in this skill are as follows:

  • Introducing the Digital Forensics Analyst Role Based on the NIST NICE Cybersecurity Workforce Framework
  • Incident Forensics: Digital Media Acquisition
  • Enumerating computer systems, peripherals and devices as a forensics analyst (coming soon)
  • Threats, Attacks, and Vulnerabilities for CompTIA Security+
  • Investigating encrypted systems and hashed or digitally signed material (coming soon)
  • Enumerating operating systems as a forensics analyst
 (coming soon)
  • Legal and Ethical Considerations for Digital Forensics

Incident Forensics: Digital Media Acquisition

by Ricardo Reimao

Jul 26, 2019 / 1h 31m

1h 31m

Start Course
Description

The acquisition of digital media (such as laptops, hard drives, and USB sticks) is the first step in a cyber forensic case. The acquisition should be conducted in such a way that all the pieces of evidence are reliable enough to be presented in court if necessary. In this course, Incident Forensics: Digital Media Acquisition, we cover every single step of a digital media acquisition, including not only the technical part but also the overall forensic methodology that should be followed. First, you will be presented with some vital forensic concepts, such as chain of custody. Next, you will explore all the pre-requisites before the data acquisition. After, we show through demos how to image the most common digital media types using a professional forensic methodology. Finally, you will discover how to organize all of the evidence and create work copies for the forensic investigators. All the forensic acquisition task follows strict processes and procedures that ensure that the data will not be tampered with and the evidence is reliable. Throughout the course, you will follow a real-world scenario in which an employee was selling confidential information to competitors. By the end of this course, you will be prepared and have the knowledge to be the forensic technician responsible for acquiring the data related to any case.

Table of contents
  1. Course Overview
  2. Digital Media Acquisition Process
  3. Preparing for the Data Acquisition
  4. Arriving at the Site
  5. Acquiring the Data
  6. Organizing Evidence

Threats, Attacks, and Vulnerabilities for CompTIA Security+

by Christopher Rees

Oct 24, 2017 / 3h 22m

3h 22m

Start Course
Description

This course covers domain one of the CompTIA Security+ certification exam. In this course, Threats, Attacks, and Vulnerabilities for CompTIA Security+, you'll learn about the various types of threats and attacks every company faces. First, you'll learn the ins and outs of Malware, ransom-ware, viruses, Trojans, rootkits, social engineering attacks, application vulnerabilities, and DDoS attacks. Next, you'll also learn the characteristics of the various types of threat actors, the skills they have and the tools they use. Finally, you'll learn about penetration testing and vulnerability scanning and how they're used to help tighten security and mitigate potential breaches. By the end of this course, you'll have a solid understanding of the various threats you're likely to face and what tools are available to mitigate these threats.

Table of contents
  1. Analyzing Indicators of Compromise & Determining Malware Types
  2. Comparing & Contrasting Attacks Types
  3. Exploring Threat Actor Types and Attributes
  4. Defining the Penetration Testing Process
  5. Defining the Vulnerability Scanning Process
  6. Impacts Associated with Types of Vulnerabilities

Legal and Ethical Considerations for Digital Forensics

by Bobby Rogers

Apr 27, 2020 / 2h 8m

2h 8m

Start Course
Description

Digital forensics investigators are charged with analyzing technology such as computers, smart phones, tablets, and other everyday devices to determine if they have been used to commit a crime, abuse the resources of an organization, or harm other individuals. In this course, Legal and Ethical Considerations for Digital Forensics, you’ll gain the ability to work with the various types of digital evidence and their admissibility in both a courtroom and a corporate setting. First, you’ll explore investigator qualifications and ethical responsibilities in presenting evidence that may convict or exonerate a suspect. Next, you’ll discover the challenges of international cybercrime law. Finally, you’ll learn how to perform an actual investigation in a corporate environment in a case study of corporate abuse. When you’re finished with this course, you’ll have the skills and knowledge of digital forensics needed to to determine the who, what, where, when, how, and why of a technology crime or incident.

Table of contents
  1. Course Overview
  2. Understanding Legal and Ethical Aspects of Digital Forensics
  3. Collecting and Handling Evidence
  4. Presenting Digital Evidence
  5. Navigating the US Legal System in Digital Forensics
  6. Understanding International Issues in Digital Forensics
  7. Case Study: Litigating a Digital Crime