MODULE 1 – COMPUTER FORENSICS
The field of Computer Forensic or Cyber Forensic is still in its emerging periods. This course module is based on computer forensic in today's world. It would introduce you to computer forensic, evolution of computer forensics, its objectives, and benefits, forensic readiness planning, cyber-crimes, computer crimes, cybercrime investigation techniques and tools, role of a forensics investigator, digital evidence in forensic investigation, corporate investigations, explain the key concepts of enterprise theory of investigation (ETI), discuss various legal issues and reports related to computer forensic investigations.
MODULE 2 – FIRST RESPONDER PROCEDURES
Under this module, students would be taught the definition of electronic evidence, overview on how to collect and store the electronic evidence, first responder tool kit, overview on how to collect and secure the electronic, conduct preliminary interviews, collection and preservation of electronic evidence, checklist for the first responder and mistakes of the first responder’s.
MODULE 3 – SEARCHING AND SEIZING COMPUTERS
Under this module, students would be taught about the methods of searching and seizing computers without a warrant, the Fourth Amendment’s “Reasonable Expectation of Privacy”, consents, scope of consent, the steps involved in searching and seizing computers with a warrant, the basic strategies for executing computer searches, Privacy Protection Act, drafting the warrant and affidavit, the post-seizure issues, Electronic Communications Privacy Act, voluntary disclosure, Electronic Surveillance in Communications Networks, how content is different from addressing information and overview of evidence and authentication are the main points of consideration in this module.
MODULE 4 – DIGITAL EVIDENCE
Digital evidence is evidence transmitted in binary form that may be presented on in court. It can be found in a computer, CDs, hard drive, a mobile phone, PDA, a flash card in a camera etc. Digital evidence is usually allied with electronic crime such as child pornography, credit card fraud and many more. The module formerly cover aspects of digital evidence and explains its role in case of a computer security incident, the characteristics of digital evidence, digital data, federal rules of evidence, the international principles for computer evidence, Scientific Working Group on Digital Evidence (SWGDE), the considerations for collecting digital evidence from electronic, the overview of digital evidence examination processes and steps and digital evidence consideration by crime category.
MODULE 5 – UNDERSTANDING HARD DISKS AND FILE SYSTEMS
In this module, the students will be introduced with hard disk drive, explain solid-state drive (SSD), overview of physical and logical structure of a hard disk, various types of hard disk interfaces, examine the components of a hard disk, disk partitions, explain windows and Macintosh boot process, introduction of file system, various types of file systems, explain an overview of windows, Linux, mac OS x, and sun Solaris 10 file systems, CD-ROM/DVD file system, raid storage system and raid levels and the file system analysis using the sleuth kit.
MODULE 6 – WINDOWS FORENSICS
Windows forensics examination emphases on building in-depth digital forensic information of the Microsoft windows operating structures. In this module, the students will be introduced with volatile information, network and process information, non-volatile information, memory dump, Parsing Process Memory, different techniques for collecting nonvolatile information such as registry settings and event logs, various processes involved in forensic investigation of a Windows system such as memory analysis, registry analysis, IE cache analysis, cookie analysis, MD5 calculation, Windows file analysis, and metadata investigation, IIS, FTP, and system firewall logs, importance of audit events and event logs in Windows forensics, the static and dynamic event log analysis techniques, different Windows password security issues such as password cracking, analyze restore point registry settings, cache, cookie and various forensics tools.
MODULE 7 – DATA ACQUISITION AND DUPLICATION
Data acquisition and duplication module will explain various types of data acquisition systems, various data acquisition formats and methods, determine a best acquisition method, contingency planning for image acquisitions, static and live data acquisition, an overview of volatile data collection methodology, various types of volatile information, disk imaging tool, Linux and windows validation methods, raid disks and list of various data acquisition software and hardware tools.
MODULE 8 – COMPUTER FORENSICS INVESTIGATION PROCESS
Computer forensic investigation process discuss some of the most vital issues and concerns that cyber forensic investigators face today. Module will explain overview of computer crime investigation process, investigation methodology, steps to prepare for a computer forensic investigation, evaluation and securing the scene of crime, collection and preservation of evidence, different techniques to acquire and analyze the data, the importance of evidence and case assessment, report writing and testimony in the court as an expert witness.
MODULE 9 – RECOVERING DELETED FILES AND DELETED PARTITIONS
Under this module, students would be taught how to recover files in Windows, MAC, and Linux, file recovery tools for Windows, MAC and Linux, how to identify creation date, last accessed date of a file, and deleted sub-directories and How to recovering the deleted partitions and list partition recovery tools.
MODULE 10 – FORENSICS INVESTIGATION USING ACCESS DATA FTK
Forensics investigation using access data FTK would be comprises the forensic toolkit and discuss its various features, FTK installation steps, FTK case manager, restore an image to a disk, explain FTK examiner user interface, how to verify drive image integrity, how to mount an image to a drive, the functions of FTK interface tabs, the steps involved in adding evidence to a case, local live evidence, remote device management system, imaging drives, mount and unmounts a device and decrypt EFS files and folders.
MODULE 11 – FORENSICS INVESTIGATION USING ENCASE
Introduction to EnCase forensics, its uses, and functionality, EnCase forensics modules, how to configure EnCase, case management, verification process of evidence files, source processor, various types of bookmark and report writing would be comprises in this module.
MODULE 12 – STEGANOGRAPHY AND IMAGE FILE FORENSICS
Steganography and image file forensics summarizing the steganography and its types, list of application of steganography, how to detect steganography, various steganography detection tools, image file formats, compress data, locate and recover image files, how to identify unknown file formats and picture viewer and image file forensic tools.
MODULE 13 – APPLICATION PASSWORD CRACKERS
It first presents the password crackers terminologies, the functionality of password crackers, various types of passwords then discuss the work of password cracker, password cracking techniques, types of password attacks, applications of software password cracking, define default passwords and its cracking tools.
MODULE 14 – LOG CAPTURING AND EVENT CORRELATION
Computer security logs, logon event in Window, DHCP logs, ODBC logging, legality of using logs, log management, centralized logging, Syslog, NTP, NIST time servers and log capturing and analysis tools will be elaborate in this course module Log capturing and event correlation.
MODULE 15 – NETWORK FORENSICS, INVESTIGATING LOGS AND INVESTIGATING NETWORK TRAFFIC
Network forensics, investigating logs and investigating network traffic would be introduce you to the network forensics concepts, its mechanism, IDS, firewall, honeypot, network vulnerabilities, network attacks, new line and timestamp injection attack, logs as evidence, Network Traffic, DNS poisoning techniques, ARP table and List various traffic capturing and analysis tools.
MODULE 16 – INVESTIGATING WIRELESS ATTACKS
In this module, students will be accustomed to the advantages and disadvantages of wireless networks, components of wireless networks, types of wireless networks, MAC filtering, SSID, wireless encryption, wireless attacks, investigate of wireless attacks and wireless forensics tools.
MODULE 17 – INVESTIGATING WEB ATTACKS
This module focusses on web applications, its architecture, Web logs, web servers, Internet Information Services (IIS), apache web server logs, Web attacks, investigation process of web attacks in windows-based servers and various tools for locating IP.
MODULE 18 – TRACKING EMAILS AND INVESTIGATING EMAIL CRIMES
Tracking emails and investigating email crimes explain the email system, email clients, email servers, mail message, importance of electronic records management, types of email crimes, email header, steps involved in investigation and tools of Email crimes and different laws and acts against email.
MODULE 19 – MOBILE FORENSICS
Nowadays electronic device mobiles are very common. Module will introduce you to the hardware and software characteristics of mobile devices, cellular network, mobile devices, mobile operating system, mobile forensics challenges, various memory considerations in mobiles and tools and techniques to investigate the crimes related to mobile.
MODULE 20 – INVESTIGATIVE REPORTS
Importance of reports and need of an investigative report, salient features of a good report, layout of an investigative report, guidelines for report writing and report using FTK and pro discover will be cover in this module investigative reports.
MODULE 21 – BECOMING AN EXPERT WITNESS
In this module, the students will be introduced with Expert Witness, role and types of an expert witness, scope of expert witness testimony, differences between Technical Witness and Expert Witness, evidence processing, expert witness qualification, general ethics while testifying and testify during direct and cross-examination.
MODULE 22 – COMPUTER FORENSICS LAB
Course module computer forensics lab would comprise the establishments of computer forensic labs such as how to set up a computer forensics lab, discuss the investigative services in computer forensics, the basic hardware requirements in a forensic lab, list of various hardware forensic, the basic software requirements and software forensic tools in a forensic lab.
