MODULE 1 - COMPUTER FORENSICS
This module introduces you to the field of computer forensics, including its evolution, objectives, and benefits; various computer crimes, need for forensic investigation, cyber crime investigation process, and the role of a forensic investigator in computer and cyber crimes.
You will also gain insights into how to access computer forensics resources, the intricacies of corporate investigations, and the significance of enterprise theory of investigation (ETI). Finally, you will learn the importance of forensic readiness planning and the legal aspects and reporting associated with computer forensic investigations.
MODULE 2 - FIRST RESPONDER PROCEDURES
In this module, you will learn about the crucial role and responsibilities of a first responder in computer forensics, the type and nature of electronic evidence, the essential toolkit for the first response process, and how first responders and laboratory staff collaborate.
The module also explores the collection, storage, preservation, packaging, and transportation of electronic evidence, the significance of a preliminary interview for effective investigation, detailed documentation of the electronic crime scene along with a checklist for first responders, the common mistakes to avoid, and the importance of preparing a comprehensive report.
MODULE 3 - SEARCHING AND SEIZING COMPUTERS
This module covers the legal aspects and procedures involved in searching and seizing computers, along with the steps involved in carrying out the process without a warrant. You will also know about the Fourth Amendment’s "Reasonable Expectation of Privacy”, the scope of consent in searches, and steps to execute searches with a warrant, including the drafting of warrants and affidavits.
Strategies for the effective execution of computer searches and legal frameworks such as the Privacy Protection Act and the Electronic Communications Privacy Act are covered, along with the concept of voluntary disclosure.
You will gain insights about post-seizure issues, electronic surveillance in communication networks, the differentiation between content and addressing information, and an overview of evidence and authentication in computer forensics investigations.
MODULE 4 - DIGITAL EVIDENCE
In this module, you will gain insights about the role, characteristics, and types of digital evidence, types of digital data that can be encountered, and legal aspects, including the Best Evidence Rule, the Federal Rules of Evidence, and international principles for handling computer evidence.
The module also covers the significance of the Scientific Working Group on Digital Evidence (SWGDE) in promoting best practices, considering electronic crime and digital evidence across different crime categories, ways to collect digital evidence from electronic crime scenes, and the steps involved in the examination of digital evidence.
MODULE 5 - UNDERSTANDING HARD DISKS AND FILE SYSTEMS
This module covers the concept of digital storage devices, with a particular focus on hard disk drives (HDD) and solid-state drives (SSD), including their historical evolution. You will learn in-depth about HDD’s physical and logical structure, types of HDD interfaces, the components that make up a hard disk drive, disk partitions, and the boot processes of Windows and Macintosh operating systems.
The module also explores file systems and their history, an overview of file systems used in Windows, Linux, Mac OS X, and Sun Solaris 10, along with knowledge of CD-ROM and DVD file systems, RAID storage systems, and different RAID levels. The module concludes with insights into file system analysis using the Sleuth Kit.
MODULE 6 - WINDOWS FORENSICS
In this module, you will learn about Windows forensics, types of information (volatile, non-volatile, and network and process), non-volatile data collection like registry settings and event logs, parsing process memory, and memory dump analysis.
The forensic investigation of Windows systems is discussed, including IIS, FTP, and system firewall logs, highlighting the importance of audit events and event logs in Windows forensics along with techniques for static and dynamic event log analysis.
Topics like Windows password security, analysis of restore point registry settings, cache, cookie, and history analysis, account management events evaluation, searching with Event Viewer, and various forensic tools required for conducting investigations in the Windows environment.
MODULE 7 - DATA ACQUISITION AND DUPLICATION
This module introduces you to data acquisition and duplication in digital forensics, types of data acquisition systems, formats, and methods, best data acquisition practices, static and live data acquisition, the importance of contingency planning for image acquisitions, and different types of volatile information.
You will also learn about the requirements for disk imaging tools, validation of data acquisitions, insights about validation methods for both Linux and Windows systems, the procedure for acquiring RAID disks, and a selection of software and hardware tools used in data acquisition processes.
MODULE 8 - COMPUTER FORENSICS INVESTIGATION PROCESS
This module provides an overview of the computer crime investigation process and methodology for conducting forensic investigations, the steps involved, like obtaining a search warrant, evaluating and securing the crime scene, collecting and preserving the evidence, and the techniques used for data acquisition and analysis.
You will also gain insights about the importance of evidence and case assessment, how to prepare the final investigation report, and the role of expert witness testimony in court proceedings, focusing on an elaborate approach to computer crime investigations from start to finish.
MODULE 9 - RECOVERING DELETED FILES AND DELETED PARTITIONS
This module delves into file recovery in Windows, MAC, and Linux operating systems, including the identification of creation dates, last accessed dates of files, and deleted sub-directories. It further explores the recovery of deleted partitions, lists partition recovery tools, and provides insights into file recovery techniques and tools across different operating systems. This module equips you with the knowledge needed to retrieve and analyze potentially valuable digital evidence, enhancing your capabilities in computer crime investigations.
MODULE 10 - FORENSICS INVESTIGATION USING ACCESS DATA FTK
This module highlights carrying out forensic investigations using the Access Data FTK toolkit. It covers FTK installation steps, FTK case management, image restoration to a disk, drive image integrity verification, and the mounting of images to drives.
It further elaborates on the steps required to create a case, the functions of FTK interface tabs, adding evidence to a case, acquiring local live evidence, and remotely collecting data using the Remote Device Management System (RDMS).
It elaborates on the steps required to create a case, how to work with different interface tabs, the steps to add evidence to a case, the method to acquire local live evidence, and the remote collection of data using the Remote Device Management System (RDMS).
Additionally, the module covers steps for imaging drives, mounting and unmounting devices, steps involved in conducting index and live searches, and decrypting EFS files and folders.
MODULE 11 - FORENSICS INVESTIGATION USING ENCASE
In this module, you will learn about EnCase forensics, including different modules within EnCase forensics, its installation process, and the crucial configuration steps; an overview of case structure and case management, including adding and acquiring devices, verifying evidence files, and utilizing the source processor.
The module also covers setting up case options, file searching and analysis, viewing file content, the process of creating various types of bookmarks, the method to create reports using the Report Tab, and the technique to export the report.
MODULE 12 - STEGANOGRAPHY AND IMAGE FILE FORENSICS
This module covers a detailed overview of steganography, an art of concealing data within various digital media, its types and applications, digital steganography techniques, the concept of steganalysis for detecting hidden information, and tools used for detecting steganography.
You will also explore image file formats, data compression, the process of forensic image analysis using MATLAB, locating and recovering image files, identifying unknown file formats, picture viewer tools, and image file forensic tools that play an integral role in digital forensic investigations related to steganography.
MODULE 13 - APPLICATION PASSWORD CRACKERS
In this module, you will be introduced to the concept of password cracking, the significance of password crackers in digital forensics, types of passwords, the working methodology of password crackers, multiple password cracking techniques, and types of password attacks. The module also highlights the relevance of password cracking in various systems and the application of software password cracking, issues related to default passwords, and invaluable password cracking tools in the field of digital forensics.
MODULE 14 - LOG CAPTURING AND EVENT CORRELATION
The module focuses on computer security logs, logon events in Windows, various specific log types such as IIS logs, DHCP logs, and ODBC logs, the legal framework related to log usage, the significance of log management, and associated challenges. You will also learn about centralized logging and the role of synchronization in computer times, implementing Network Time Protocol (NTP), different NIST time servers, event correlation approaches, and a range of tools designed for log capture and analysis in digital forensics.
MODULE 15 - NETWORK FORENSICS, INVESTIGATING LOGS, AND INVESTIGATING NETWORK TRAFFIC
In this module, the focus will be on network forensics, the analysis of network forensics mechanisms, and the utilization of Intrusion Detection Systems (IDS), firewalls, and honeypots to safeguard networks.
Topics like various network vulnerabilities, types of network attacks like New Line injection attack and Timestamp injection attack, and the importance of searching for evidence and handling logs as crucial evidence will also be discussed.
In the concluding part, the module outlines techniques for condensing log files and investigating network traffic, traffic acquisition using DNS poisoning techniques and ARP table examination, and various traffic capture and analysis tools.
MODULE 16 - INVESTIGATING WIRELESS ATTACKS
This module covers the concept of wireless networks, their advantages and disadvantages, components that constitute a wireless network, different types of wireless networks and standards, the significance of elements like MAC filtering, Service Set Identifier (SSID), types of wireless encryption methods, and types of wireless attacks and their investigation methods.
You will also learn about requirements for tool design and best practices in the field of wireless forensics, along with knowledge of various wireless forensics tools commonly used for investigating.
MODULE 17 - INVESTIGATING WEB ATTACKS
The module introduces you to web applications and their architectures, why web servers are susceptible to compromise, the significance of web logs, logs of Internet Information Services (IIS) and Apache web servers, different types of web attacks and their investigation processes on Windows-based servers, the investigation of IIS and Apache logs, and the occurrence of web page defacement. You will also learn about various security strategies to protect web applications, web attack detection tools, and tools for locating IP addresses.
MODULE 18 - TRACKING EMAILS AND INVESTIGATING EMAIL CRIMES
This module covers email systems, including components like email clients, email servers, and the structure of email messages; the importance of electronic records management, and various types of email crimes.
Topics like the significance of email headers, examples of common headers used in email messages, steps involved in the investigation of email crimes, the use of various email forensics tools, and the legal aspects related to email, which are crucial for the investigative process, are also addressed.
MODULE 19 - MOBILE FORENSICS
This module covers the field of mobile device forensics, the hardware and software characteristics of mobile devices, various types of mobile operating systems, cellular network understanding, functionalities that could be exploited by criminals using mobile phones, and the challenges faced by forensic investigators.
You will also gain insights about memory considerations in mobile devices, precautions to be taken before conducting a mobile forensic investigation, the mobile forensics process from data acquisition to analysis, and an overview of the hardware and software tools used in this specialized field.
MODULE 20 - INVESTIGATIVE REPORTS
In this module, you will be introduced to the aspects of investigative reports, the significance and need of reports in digital investigations, the salient features of an effective investigative report, the use of a computer forensics report template, different types of reports, the layout of the report, and guidelines for writing comprehensive reports.
The module also covers the investigation of report format, documentation of a case report, best practices for investigators to ensure accurate and reliable reporting, and reporting methods for specific tools like FTK and Rediscover.
MODULE 21 - BECOMING AN EXPERT WITNESS
This module highlights the role of an expert witness in the field of computer forensics, the different types of expert witnesses, various aspects of expert witness testimony, the scope of expert witness testimony, key differences between technical witnesses and expert witnesses, the steps involved in processing evidence, and the preparation of a report for expert witness testimony.
You will also get introduced to the rules and qualifications required to serve as an expert witness, the ethics involved while testifying, tips to give testimony in both direct and cross-examination, and the findings and responsibilities of a computer forensic expert witness in a legal context.
MODULE 22 - COMPUTER FORENSICS LAB
In this module, you will learn how to set up a computer forensics laboratory, essential components required to facilitate forensic investigations, various investigative services that a computer forensics lab can provide, fundamental hardware prerequisites for a forensics lab, an overview of the different hardware forensic tools used in this context, software requirements in a forensics lab, and various software forensic tools needed. You will get an in-depth understanding of the infrastructure and tools necessary for effective computer forensic investigations.
