MODULE 1 – COMPUTER FORENSICS
This module covers computer forensics evolution, objectives, and benefits; computer-related crimes, the forensic investigation process for cybercrimes, and the role of a forensic investigator. You will also learn ways to access computer forensics resources, the concept of corporate investigation and electronic trading information (ETI), the importance of planning, and legal issues and reports related to computer forensic investigations.
MODULE 2 – FIRST RESPONDER PROCEDURES
In this module, you will learn about the role of first responders in handling electronic evidence and the steps they must follow, the components of a first responder toolkit, the role of laboratory staff in the initial response, the checklist needed for first responders, guidelines for packaging and transporting electronic evidence, and common mistakes to avoid. The module also covers the process of collecting, storing, and preserving electronic evidence, along with the skills to conduct preliminary interviews and document the electronic crime scene.
MODULE 3 – SEARCHING AND SEIZING COMPUTERS
This module focuses on legalities associated with searching and seizing computers, conditions under which searches can be performed and objects can be seized without a warrant (emphasizing the Fourth Amendment's "Reasonable Expectation of Privacy" concept), searching and seizing computers with a warrant, steps to execute computer searches in accordance with privacy protection acts like the Electronic Communications Privacy Act, post-seizure issues, electronic surveillance in communication networks, and ways to differentiate content from information and evidence authentication in computer forensics.
MODULE 4 – DIGITAL EVIDENCE
In this module, you will learn about the significance of digital evidence in computer security incidents, the types and characteristics of digital evidence, the Best Evidence Rule and the Federal Rules of Evidence that outline how to use digital evidence during legal proceedings, international principles for computer evidence, and the role of the Scientific Working Group on Digital Evidence (SWGDE). The module also covers considerations related to digital evidence across different crime categories and the steps involved in collecting and examining digital evidence from crime scenes.
MODULE 5 – UNDERSTANDING HARD DISKS AND FILE SYSTEMS
This module focuses on hard disk drives and their history, solid-state drives (SSD), the physical and logical structure of hard disks, different types of hard disk interfaces, components, and disk partitions, and the boot processes of Windows and Mac operating systems. You will also learn boot processes for Windows and Macintosh, file systems and their histories, an overview of file systems (Windows, Linux, Mac OS X, and Sun Solaris 10), CD-ROM and DVD file systems, RAID storage systems, RAID levels, and how to analyze file systems using the Sleuth Kit.
MODULE 6 – WINDOWS FORENSICS
This module covers an overview of window forensics, volatile information, network and process information, non-volatile information, collection of non-volatile data (registry settings and event logs), memory dump analysis, and parsing process memory. You will also learn about forensic investigation of Windows systems (IIS, FTP, and system firewall logs), the importance of audit events and event logs, static and dynamic event log analysis techniques, Windows password security, analysis of restore point registry settings, and various forensic tools.
MODULE 7 – COMPUTER FORENSICS INVESTIGATION PROCESS
This module focuses on investigating computer crimes, computer forensic investigation methodology, steps to obtain a search warrant, evaluating and securing the crime scene, and collecting and preserving evidence. You will also explore several techniques implemented by computer forensic experts for acquiring and analyzing data, the significance of the gathered evidence, and case assessment methods. The module also highlights the steps to prepare a final investigation report and the role of expert witness testimony in court.
MODULE 8 – RECOVERING DELETED FILES AND DELETED PARTITIONS
In this module, you will learn about file recovery on Windows, MAC, and Linux systems using specific file recovery tools tailored for each platform. The module also covers techniques to identify creation dates, last accessed dates of files, and deleted sub-directories to aid in the recovery process. Additionally, the module also highlights techniques for recovering deleted partitions and provides a list of partition recovery tools for this purpose.
MODULE 9 – FORENSICS INVESTIGATION USING ENCASE
This module covers Encase Forensics and its modules, its installation and configuration process, an overview of case structure and case management, adding and acquiring devices, the verification process of evidence files, and configuring source processors. You will also learn about setting up case options, analyzing and searching files, viewing file content, and creating different types of bookmarks. Also, the methods to create a report using the Report Tab and export a report for forensic investigations are taught.
MODULE 10 – APPLICATION PASSWORD CRACKERS
This module introduces you to the concept of password crackers, types of passwords, password cracker tools and their functionality, the workings of password crackers, different password cracking techniques, and types of password attacks. You will also learn about the application of password cracking in various systems and software, the significance of default passwords, and a few commonly used password cracking tools.
MODULE 11 – TRACKING EMAILS AND INVESTIGATING EMAIL CRIMES
This module covers details about email systems, clients, servers, and email messages. It also highlights the significance of electronic records management, different types of email crimes, email headers and common header examples, steps for investigating email crimes, various email forensics tools, and a legal framework to follow while carrying out email investigations.
MODULE 12 – MOBILE FORENSICS
In this module, you will learn about mobile devices, hardware and software tools and characteristics, the role of cellular networks, mobile operating systems, different types of mobile OS, and the potential misuse of mobile phones by criminals. The module also covers challenges, memory considerations, and precautions to be taken before investigation in mobile forensics.
MODULE 13 – INVESTIGATIVE REPORTS
This module focuses on investigative reports and their role in documenting and conveying findings, features of a well-crafted report, report crafting using a computer forensics report template, and points for effective report writing (classification, layout, and guidelines). You will also learn the importance of documentation in a case report and reporting methods specific to tools like FTK (Forensic Toolkit) and Rediscover, which are essential for delivering organized and detailed reports.
MODULE 14 – BECOMING AN EXPERT WITNESS
This module focuses on the role of an expert witness in the legal system, the scope of an expert witness, the difference between technical witnesses and expert witnesses, the method to process evidence, report preparation, and the qualifications needed to be an expert witness. You will also gain insights about ethical considerations to follow during testimony and while handling direct and cross-examinations in court as an expert witness.
