Learning Path

Digital Forensics Concepts

Learn the theories and skills used by professional digital forensic examiners.
8 hours, 33 minutes
Start a Free Trial

What you will learn

In the Digital Forensics Concepts path, the student will learn about legal considerations applicable to computer forensics and how to identify, collect and preserve digital evidence. This path dives into the scientific principles relating to digital forensics and gives the student a close look at on-scene triaging, keyword lists, grep, file hashing, report writing and the profession of digital forensic examination.
 

Syllabus

Digital Forensics Concepts Skill Assessment

Assessment - 29 questions
Introduction to Digital Forensics

Course - 01:04:00
This intro course provides a broad overview of computer forensics as an occupation by exploring methodologies used surrounding digital forensics. In addition, the student acquires open-source forensic tools to use throughout this path.
Legal considerations and search authority

Course - 00:39:00
Multiple state and federal laws apply to the field of digital forensics, as well as ethical concerns. This course demonstrates information commonly needed in a search warrant and a preservation request. The scope of search authority is covered, as well as the limitations of a consent search and guidelines surrounding wiretaps.
The investigative process

Course - 00:16:00
This course covers scientific principles that apply to digital forensics. The student learns about transfer of evidence, the difference between a witness and an expert witness and "big data" concerns and solutions.
Recognizing and collecting digital evidence

Course - 00:28:00
In addition to forensic examinations, most digital investigators must understand how to manage physical evidence before, during and after leaving the scene. This course explores what to bring to a scene and how to prepare and label digital evidence for documentation purposes. You'll also examine how to collect and preserve the evidence for transportation and secure storage.
Preservation of evidence/On scene triage

Course - 00:28:00
Triaging a digital device is essential knowledge. Proper on-scene triage prevents the loss of volatile data and the collection of unnecessary devices. This course discusses capturing RAM, recognizing and dealing with encryption and destructive processes and triaging devices with a forensic boot media.
Hash values and file hashing

Course - 00:20:00
In this course, the student learns how to use hash values as a way to include or exclude files from an investigation. The course includes a discussion of different types of hash algorithms and how to hash individual files versus hashing drives.
Creating a disk image

Course - 01:02:00
Forensic examiners need to be meticulous in their work to avoid cross-contamination when creating a bit-stream copy. This course explains the importance of sterilizing media, how to validate tools, proper application of the write-blocker and validating the forensic bit-stream copy.
Key word and grep searches

Course - 00:33:00
How to conduct a keyword search using automated tools and how to establish a keyword list is covered in this course. The student receives an overview of grep, as well as completing a grep search using an automated tool.
Network basics

Course - 00:26:00
This course describes what a network is, how it functions, what IP addresses are and an IP address’s function on the network. This course also explores what a MAC address is and why it is vital to network forensics. Internet protocols are also covered.
Reporting and peer review

Course - 00:29:00
Report writing and peer review are of utmost importance. In this course, the student examiner learns what information to include and what does not belong in a final report. The student views several example reports, as well as generates a report using forensic software.
Digital Forensics Project

Course - 02:38:00

Meet the author

In addition to being an Infosec instructor, Denise Duffy teaches computer forensics worldwide to European law enforcement through the European Anti-Fraud Office. During her 25-year career at the Middletown Police Department, Denise underwent extensive training in specialized computer and mobile device forensics, including widespread access data courses, multiple IACIS trainings, U.S. Secret Service Training at the National Computer Forensics Institute, BlackBag Technologies Training, many National White Collar Crime (NW3C) courses, an X-Ways online course and considerable Internet Crimes Against Children Training (ICAC) courses.

Denise currently holds the following certifications: CFCE (Certified Forensic Computer Examiner), CCFE (Certified Computer Forensics Examiner), CMFE (Certified Mobile Forensics Examiner) and CEH (Certified Ethical Hacker). She is most proud of her two sons who joined the U.S. Military, as Denise is a Desert Shield/Desert Storm veteran herself.

Learn More

The details

Learning path insights

How to claim CPEs

Should you complete this learning path, you’ll be able to download a certificate of completion. Use this to claim your CPEs or CPUs.

Associated NICE Work Roles

All Infosec training maps directly to the NICE Workforce Framework for Cybersecurity to guide you from beginner to expert across 52 Work Roles.

  • All-Source Analyst
  • Mission Assessment Specialist
  • Exploitation Analyst

No software. No set up. Unlimited access.

Skip the server racks and spin up a realistic environment with one click. Infosec Skills cyber ranges require no additional software, hardware or server space so your team can spend less time configuring environments and more time learning. Unlimited cyber range access is included in every Infosec Skills subscription so your team can skill up however they learn best.

Get Demo

Plans & pricing

Infosec Skills Personal

$299 / year

Buy Now 7-Day Free Trial
  • 190+ role-guided learning paths (e.g., Ethical Hacking, Threat Hunting)
  • 100s of hands-on labs in cloud-hosted cyber ranges
  • Custom certification practice exams (e.g., CISSP, Security+)
  • Skill assessments
  • Infosec peer community support

Infosec Skills Teams

$799 per license / year

Book a Meeting
  • Team administration and reporting
  • Dedicated client success manager
  • Single sign-on (SSO)
    Easily authenticate and manage your learners by connecting to any identity provider that supports the SAML 2.0 standard.
  • Integrations via API
    Retrieve training performance and engagement metrics and integrate learner data into your existing LMS or HRS.
  • 190+ role-guided learning paths and assessments (e.g., Incident Response)
  • 100s of hands-on labs in cloud-hosted cyber ranges
  • Create and assign custom learning paths
  • Custom certification practice exams (e.g., CISSP, CISA)
  • Optional upgrade: Guarantee team certification with live boot camps

Unlock 7 days of free training

  • 1,400+ hands-on courses and labs
  • Certification practice exams
  • Skill assessments
Start a Free Trial