Cyber Forensics, IT-S 538
About this Course:
This course will address methods to properly conduct a computer and/or network forensics investigation including digital evidence collection and evaluation and legal issues involved in network forensics. Technical issues in acquiring court-admissible chans-of evidence using various forensic tools that reconstruct criminally liable actions at the physical and logical levels are also addressed. Technical topics covered include detailed analysis of hard disks, files systems (including FAT, NTFS and EXT) and removable storage media; mechanisms for hiding and detecting hidden information; and the hands-on use of powerful forensic analysis tools.
IT-S 448 Cyber Security Technologies or equivalent experienced is required for enrollment.
Who Should Attend:
Individuals who are interested in learning how to properly conduct a computer and/or network forensics investigation with various forensic tools.
Upon completion of this course, participants should be able to perform cyber forensic analysis.
- Introduction to network and computer forensics
- Forensic tools and tool systems
- Data acquisition and image creation
- EnCase and AccessData forensic tools and crime forensic analysis
- SleuthKit, hard disks, volumes and partitions
- Master Boot Record (MBR) partitions and FAT file system
- NTFS file system and GPT partitions
- Linux boot, disk and partition
- Linux file systems
- Flash file systems
- Image files and steganography, JPEG steganography and steganography