Gedetailleerde cursusinhoud
- Module 1 – Computer Forensics Incidents, Origins of digital forensic science, Differences between criminal and civil incidents, Types of computer fraud incidents, Internal and external threats, Investigative challenges, Industry Standards
- Module 2 – Computer Forensic Investigative Theory, Investigative Theory, Investigative Concepts, Behavioral evidence analysis (BEA) & Equivocal Forensic Analysis (EFA)
- Module 3 – Computer Forensic Investigative Process, Investigative Prerequisites, Scene Management, The digital forensics process, ISO 27043
- Module 4 – Digital Acquisition and Analysis Tools, Acquisition Procedures, Computer forensics field triage process model (CFFTPM), Acquisition Authentication, Forensic Tools
- Module 5 – Disks and Storages, Disk OS and Filesystems, Spinning Disks Forensics, SSD Forensics, Files Management, Handling Damaged Drives
- Module 6 – Live Acquisitions, Live Acquisition, Apple Acquisition, Linux/UNIX Acquisition
- Module 7 – Windows Forensics, Windows Event Viewer Overview, EVTX and EVT Logs, Logs Analysis to Identify Breaches and Attacks
- Module 8 - Linux Forensics, Linux Artifacts o File System Structure o Basic Identifiers o Common Log Files
- Module 9 – MAC Forensics, OSX Artifacts o File System Structure o Core Storage o Default Apps o Other Artifacts
- Module 10 – Forensic Examination Protocols, Science Applied to Forensics, Cardinal Rules, Alpha 5, The 20 Basic Steps of Forensics, Scientific Working Group on Digital Evidence (SWGDE) Standard, International Organization on Computer Evidence (IOCE) Standard
- Module 11 – Digital Evidence Protocols, Digital Evidence Categories, Evidence Admissibility
- Module 12 – Digital Evidence Presentation, The Best Evidence Rule, Hearsay, Authenticity and Alteration
- Module 13 – Computer Forensic Laboratory Protocols, Forensics Lab Standard Operating Procedures o Quality Assurance o Quality Control o Peer Review o Annual Review o Deviations o Lab Intake
- Module 14 – Specialized Artifact Recovery, Forensics Workstation Prep, Windows Components with Investigative Interest, Files Containing Historical Information, Web Forensics
- Module 15 – Advanced Search Strings and File Signatures, Search Strings, RegEx, File Signatures
- Module 16 – eDiscovery and ESI, Electronically Stored Information Rules o Legal System o Disclosure o Rule 37 o eDiscovery Tools
- Module 17 – Mobile Forensics, Cellular Network, Forensic Process, Tools, Paraben Forensics
- Module 18 – Incident Handling, What is an Incident?, Incident Handling Steps o Preparation o Identification and Initial Response o Containment o Eradication o Recovery o Follow-up
- Module 19 – Digital Forensics Reporting, Report Sections and Content"