Course Introduction

FSP 202 : Cyber Forensic Investigation

  • Course Outline
  • Curriculum
  • FAQ
  • Case Studies
  • Reviews

Cyber Forensic and Digital Crime Investigation are branches of digital forensic science pertaining to legal evidence found in digital storage devices like Hard disks, Solid state drives, Flash Drives, and other evidence found in Computers. This course helps participants to understand the concepts of Digital Forensics and make them capable to examine digital media in an expert approach, with the latest and most successful methods and techniques with an aim of preserving the evidence and recovering the lost or intentionally erased data, analyzing and presenting the facts and opinions about information recovered from the crime scene.

In today’s time, computer forensics can also be used in civil proceedings. It involves all techniques similar to the data recovery, but some additional guidelines and practices are followed to create a legal audit trail. Participants of this course get trained with the best techniques which are used during Data Forensics and Computer Forensics investigations.

Our expert trainers and unmatched services provide the participants best environment to use and implement the techniques and methods which are the most successful while performing a real-time Investigation. Number of commercial and open-source tools exist on the list, but it is recommended to use the one which helps and performs a correct investigation on evidence.

Cell and PDA Forensics, Computer Forensics including portables, Desktops, and servers. Incident Response, iOS Forensics, Network Forensics, Password Recovery, Photo Forensics, Storage forensics including Hard Disk Drive Data recovery, Acquiring Image and Cloning, Flash Drive Data Recovery, EnCase Forensic toolkit, Foremost, COFEE, HashKeeper, and other essential and most successful techniques are used in the teaching sessions

Forensic Toolkit (FTK), Data Acquisition, and Acquiring. Steganographic and Other image File Forensics, Wireless Attack Investigation by analyzing Logs, Web Attacks Investigation, Email Tracing, and Investigating Email Crimes, Mobile Crimes and Forensics, Reporting, How to become an Expert Witness. All the aspects are covered in our specially designed course for participants looking for their career in Digital Crime Investigation and Cyber Forensics.

  • Level I : Cyber Forensic Investigation

    MODULE 1 – COMPUTER FORENSICS

    The field of computer forensic or cyber forensic is still in its emerging periods. This course module is based on computer forensic in today's world. It would introduce you to computer forensic, evolution of computer forensics, its objectives and benefits, forensic readiness planning, cyber-crimes, computer crimes, cybercrime investigation techniques and tools, role of a forensics investigator, digital evidence in forensic investigation, corporate investigations, explain the key concepts of enterprise theory of investigation (ETI), discuss various legal issues and reports related to computer forensic investigations.

    MODULE 2 – FIRST RESPONDER PROCEDURES

    Under this module, students would be taught the definition of electronic evidence, overview on how to collect and store the electronic evidence, first responder tool kit, overview on how to collect and secure the electronic, conduct preliminary interviews, collection and preservation of electronic evidence, checklist for the first responder and mistakes of the first responder’s.

    MODULE 3 – SEARCHING AND SEIZING COMPUTERS

    Under this module, students would be taught about the methods of searching and seizing computers without a warrant, the Fourth Amendment’s “Reasonable Expectation of Privacy”, consents, scope of consent, the steps involved in searching and seizing computers with a warrant, the basic strategies for executing computer searches, Privacy Protection Act, drafting the warrant and affidavit, the post-seizure issues, Electronic Communications Privacy Act, voluntary disclosure, Electronic Surveillance in Communications Networks, how content is different from addressing information and overview of evidence and authentication are the main points of consideration in this module.

    MODULE 4 – DIGITAL EVIDENCE

    Digital evidence is evidence transmitted in binary form that may be presented on in court. It can be found in a computer, CDs, hard drive, a mobile phone, PDA, a flash card in a camera etc. Digital evidence is usually allied with electronic crime such as child pornography, credit card fraud and many more. The module formerly cover aspects of digital evidence and explains its role in case of a computer security incident, the characteristics of digital evidence, digital data, federal rules of evidence, the international principles for computer evidence, Scientific Working Group on Digital Evidence (SWGDE), the considerations for collecting digital evidence from electronic, the overview of digital evidence examination processes and steps and digital evidence consideration by crime category.

    MODULE 5 – COMPUTER FORENSICS INVESTIGATION PROCESS

    Computer forensic investigation process discuss some of the most vital issues and concerns that cyber forensic investigators face today. Module will explain overview of computer crime investigation process, investigation methodology, steps to prepare for a computer forensic investigation, evaluation and securing the scene of crime, collection and preservation of evidence, different techniques to acquire and analyze the data, the importance of evidence and case assessment, report writing and testimony in the court as an expert witness.

    MODULE 6 – MOBILE FORENSICS

    Nowadays electronic device mobiles are very common. Module will introduce you to the hardware and software characteristics of mobile devices, cellular network, mobile devices, mobile operating system, mobile forensics challenges, various memory considerations in mobiles and tools and techniques to investigate the crimes related to mobile.

  • Level II : Cyber Forensic Investigation

    MODULE 1 – COMPUTER FORENSICS

    The field of Computer Forensic or Cyber Forensic is still in its emerging periods. This course module is based on computer forensic in today's world. It would introduce you to computer forensic, evolution of computer forensics, its objectives and benefits, forensic readiness planning, cyber-crimes, computer crimes, cybercrime investigation techniques and tools, role of a forensics investigator, digital evidence in forensic investigation, corporate investigations, explain the key concepts of enterprise theory of investigation (ETI), discuss various legal issues and reports related to computer forensic investigations.

    MODULE 2 – FIRST RESPONDER PROCEDURES

    Under this module, students would be taught the definition of electronic evidence, overview on how to collect and store the electronic evidence, first responder tool kit, overview on how to collect and secure the electronic, conduct preliminary interviews, collection and preservation of electronic evidence, checklist for the first responder and mistakes of the first responder’s.

    MODULE 3 – SEARCHING AND SEIZING COMPUTERS

    Under this module, students would be taught about the methods of searching and seizing computers without a warrant, the Fourth Amendment’s “Reasonable Expectation of Privacy”, consents, scope of consent, the steps involved in searching and seizing computers with a warrant, the basic strategies for executing computer searches, Privacy Protection Act, drafting the warrant and affidavit, the post-seizure issues, Electronic Communications Privacy Act, voluntary disclosure, Electronic Surveillance in Communications Networks, how content is different from addressing information and overview of evidence and authentication are the main points of consideration in this module.

    MODULE 4 – DIGITAL EVIDENCE

    Digital evidence is evidence transmitted in binary form that may be presented on in court. It can be found in a computer, CDs, hard drive, a mobile phone, PDA, a flash card in a camera etc. Digital evidence is usually allied with electronic crime such as child pornography, credit card fraud and many more. The module formerly cover aspects of digital evidence and explains its role in case of a computer security incident, the characteristics of digital evidence, digital data, federal rules of evidence, the international principles for computer evidence, Scientific Working Group on Digital Evidence (SWGDE), the considerations for collecting digital evidence from electronic, the overview of digital evidence examination processes and steps and digital evidence consideration by crime category.

    MODULE 5 – UNDERSTANDING HARD DISKS AND FILE SYSTEMS

    In this module, the students will be introduced with hard disk drive, explain solid-state drive (SSD), overview of physical and logical structure of a hard disk, various types of hard disk interfaces, examine the components of a hard disk, disk partitions, explain windows and Macintosh boot process, introduction of file system, various types of file systems, explain an overview of windows, Linux, mac OS x, and sun Solaris 10 file systems, CD-ROM/DVD file system, raid storage system and raid levels and the file system analysis using the sleuth kit.

    MODULE 6 – COMPUTER FORENSICS INVESTIGATION PROCESS

    Computer forensic investigation process discuss some of the most vital issues and concerns that cyber forensic investigators face today. Module will explain overview of computer crime investigation process, investigation methodology, steps to prepare for a computer forensic investigation, evaluation and securing the scene of crime, collection and preservation of evidence, different techniques to acquire and analyze the data, the importance of evidence and case assessment, report writing and testimony in the court as an expert witness.

    MODULE 7 – RECOVERING DELETED FILES AND DELETED PARTITIONS

    Under this module, students would be taught how to recover files in Windows, MAC, and Linux, file recovery tools for Windows, MAC and Linux, how to identify creation date, last accessed date of a file, and deleted sub-directories and How to recovering the deleted partitions and list partition recovery tools.

    MODULE 8 – FORENSICS INVESTIGATION USING ENCASE

    Introduction to EnCase forensics, its uses, and functionality, EnCase forensics modules, how to configure EnCase, case management, verification process of evidence files, source processor, various types of bookmark and report writing would be comprises in this module.

    MODULE 9 – MOBILE FORENSICS

    Nowadays electronic device mobiles are very common. Module will introduce you to the hardware and software characteristics of mobile devices, cellular network, mobile devices, mobile operating system, mobile forensics challenges, various memory considerations in mobiles and tools and techniques to investigate the crimes related to mobile.

    MODULE 10 – INVESTIGATIVE REPORTS

    Importance of reports and need of an investigative report, salient features of a good report, layout of an investigative report, guidelines for report writing and report using FTK and pro discover will be cover in this module investigative reports.

    MODULE 11 – BECOMING AN EXPERT WITNESS

    In this module, the students will be introduced with Expert Witness, role and types of an expert witness, scope of expert witness testimony, differences between Technical Witness and Expert Witness, evidence processing, expert witness qualification, general ethics while testifying and testify during direct and cross-examination.

    MODULE 12 – COMPUTER FORENSICS LAB

    Course module computer forensics lab would comprise the establishments of computer forensic labs such as how to set up a computer forensics lab, discuss the investigative services in computer forensics, the basic hardware requirements in a forensic lab, list of various hardware forensic, the basic software requirements  and software forensic tools in a forensic lab.

  • Level III : Cyber Forensic Investigation

    MODULE 1 – COMPUTER FORENSICS

    The field of Computer Forensic or Cyber Forensic is still in its emerging periods. This course module is based on computer forensic in today's world. It would introduce you to computer forensic, evolution of computer forensics, its objectives, and benefits, forensic readiness planning, cyber-crimes, computer crimes, cybercrime investigation techniques and tools, role of a forensics investigator, digital evidence in forensic investigation, corporate investigations, explain the key concepts of enterprise theory of investigation (ETI), discuss various legal issues and reports related to computer forensic investigations.

    MODULE 2 – FIRST RESPONDER PROCEDURES

    Under this module, students would be taught the definition of electronic evidence, overview on how to collect and store the electronic evidence, first responder tool kit, overview on how to collect and secure the electronic, conduct preliminary interviews, collection and preservation of electronic evidence, checklist for the first responder and mistakes of the first responder’s.

    MODULE 3 – SEARCHING AND SEIZING COMPUTERS

    Under this module, students would be taught about the methods of searching and seizing computers without a warrant, the Fourth Amendment’s “Reasonable Expectation of Privacy”, consents, scope of consent, the steps involved in searching and seizing computers with a warrant, the basic strategies for executing computer searches, Privacy Protection Act, drafting the warrant and affidavit, the post-seizure issues, Electronic Communications Privacy Act, voluntary disclosure, Electronic Surveillance in Communications Networks, how content is different from addressing information and overview of evidence and authentication are the main points of consideration in this module.

    MODULE 4 – DIGITAL EVIDENCE

    Digital evidence is evidence transmitted in binary form that may be presented on in court. It can be found in a computer, CDs, hard drive, a mobile phone, PDA, a flash card in a camera etc. Digital evidence is usually allied with electronic crime such as child pornography, credit card fraud and many more. The module formerly cover aspects of digital evidence and explains its role in case of a computer security incident, the characteristics of digital evidence, digital data, federal rules of evidence, the international principles for computer evidence, Scientific Working Group on Digital Evidence (SWGDE), the considerations for collecting digital evidence from electronic, the overview of digital evidence examination processes and steps and digital evidence consideration by crime category.

    MODULE 5 – UNDERSTANDING HARD DISKS AND FILE SYSTEMS

    In this module, the students will be introduced with hard disk drive, explain solid-state drive (SSD), overview of physical and logical structure of a hard disk, various types of hard disk interfaces, examine the components of a hard disk, disk partitions, explain windows and Macintosh boot process, introduction of file system, various types of file systems, explain an overview of windows, Linux, mac OS x, and sun Solaris 10 file systems, CD-ROM/DVD file system, raid storage system and raid levels and the file system analysis using the sleuth kit.

    MODULE 6 – WINDOWS FORENSICS

    Windows forensics examination emphases on building in-depth digital forensic information of the Microsoft windows operating structures. In this module, the students will be introduced with volatile information, network and process information, non-volatile information, memory dump, Parsing Process Memory, different techniques for collecting nonvolatile information such as registry settings and event logs, various processes involved in forensic investigation of a Windows system such as memory analysis, registry analysis, IE cache analysis, cookie analysis, MD5 calculation, Windows file analysis, and metadata investigation, IIS, FTP,  and system firewall logs, importance of audit events and event logs in Windows forensics, the static and dynamic event log analysis techniques, different Windows password security issues such as password cracking, analyze restore point registry settings, cache, cookie and various forensics tools.

    MODULE 7 – DATA ACQUISITION AND DUPLICATION

    Data acquisition and duplication module will explain various types of data acquisition systems, various data acquisition formats and methods, determine a best acquisition method, contingency planning for image acquisitions, static and live data acquisition, an overview of volatile data collection methodology, various types of volatile information, disk imaging tool, Linux and windows validation methods, raid disks and list of various data acquisition software and hardware tools.

    MODULE 8 – COMPUTER FORENSICS INVESTIGATION PROCESS

    Computer forensic investigation process discuss some of the most vital issues and concerns that cyber forensic investigators face today. Module will explain overview of computer crime investigation process, investigation methodology, steps to prepare for a computer forensic investigation, evaluation and securing the scene of crime, collection and preservation of evidence, different techniques to acquire and analyze the data, the importance of evidence and case assessment, report writing and testimony in the court as an expert witness.

    MODULE 9 – RECOVERING DELETED FILES AND DELETED PARTITIONS

    Under this module, students would be taught how to recover files in Windows, MAC, and Linux, file recovery tools for Windows, MAC and Linux, how to identify creation date, last accessed date of a file, and deleted sub-directories and How to recovering the deleted partitions and list partition recovery tools.

    MODULE 10 – FORENSICS INVESTIGATION USING ACCESS DATA FTK

    Forensics investigation using access data FTK would be comprises the forensic toolkit and discuss its various features, FTK installation steps, FTK case manager, restore an image to a disk, explain FTK examiner user interface, how to verify drive image integrity, how to mount an image to a drive, the functions of FTK interface tabs, the steps involved in adding evidence to a case, local live evidence, remote device management system, imaging drives, mount and unmounts a device and decrypt EFS files and folders.

    MODULE 11 – FORENSICS INVESTIGATION USING ENCASE

    Introduction to EnCase forensics, its uses, and functionality, EnCase forensics modules, how to configure EnCase, case management, verification process of evidence files, source processor, various types of bookmark and report writing would be comprises in this module.

    MODULE 12 – STEGANOGRAPHY AND IMAGE FILE FORENSICS

    Steganography and image file forensics summarizing the steganography and its types, list of application of steganography, how to detect steganography, various steganography detection tools, image file formats, compress data, locate and recover image files, how to identify unknown file formats and picture viewer and image file forensic tools.

    MODULE 13 – APPLICATION PASSWORD CRACKERS

    It first presents the password crackers terminologies, the functionality of password crackers, various types of passwords then discuss the work of password cracker, password cracking techniques, types of password attacks, applications of software password cracking, define default passwords and its cracking tools.

    MODULE 14 – LOG CAPTURING AND EVENT CORRELATION

    Computer security logs, logon event in Window, DHCP logs, ODBC logging, legality of using logs, log management, centralized logging, Syslog, NTP, NIST time servers and log capturing and analysis tools will be elaborate in this course module Log capturing and event correlation.

    MODULE 15 – NETWORK FORENSICS, INVESTIGATING LOGS AND INVESTIGATING NETWORK TRAFFIC

    Network forensics, investigating logs and investigating network traffic would be introduce you to the network forensics concepts, its mechanism, IDS, firewall, honeypot, network vulnerabilities, network attacks, new line and timestamp injection attack, logs as evidence, Network Traffic, DNS poisoning techniques, ARP table and List various traffic capturing and analysis tools.

    MODULE 16 – INVESTIGATING WIRELESS ATTACKS

    In this module, students will be accustomed to the advantages and disadvantages of wireless networks, components of wireless networks, types of wireless networks, MAC filtering, SSID, wireless encryption, wireless attacks, investigate of wireless attacks and wireless forensics tools.

    MODULE 17 – INVESTIGATING WEB ATTACKS

    This module focusses on web applications, its architecture, Web logs, web servers, Internet Information Services (IIS), apache web server logs, Web attacks, investigation process of web attacks in windows-based servers and various tools for locating IP.

    MODULE 18 – TRACKING EMAILS AND INVESTIGATING EMAIL CRIMES

    Tracking emails and investigating email crimes explain the email system, email clients, email servers, mail message, importance of electronic records management, types of email crimes, email header, steps involved in investigation and tools of Email crimes and different laws and acts against email.

    MODULE 19 – MOBILE FORENSICS

    Nowadays electronic device mobiles are very common. Module will introduce you to the hardware and software characteristics of mobile devices, cellular network, mobile devices, mobile operating system, mobile forensics challenges, various memory considerations in mobiles and tools and techniques to investigate the crimes related to mobile.

    MODULE 20 – INVESTIGATIVE REPORTS

    Importance of reports and need of an investigative report, salient features of a good report, layout of an investigative report, guidelines for report writing and report using FTK and pro discover will be cover in this module investigative reports.

    MODULE 21 – BECOMING AN EXPERT WITNESS

    In this module, the students will be introduced with Expert Witness, role and types of an expert witness, scope of expert witness testimony, differences between Technical Witness and Expert Witness, evidence processing, expert witness qualification, general ethics while testifying and testify during direct and cross-examination.

    MODULE 22 – COMPUTER FORENSICS LAB

    Course module computer forensics lab would comprise the establishments of computer forensic labs such as how to set up a computer forensics lab, discuss the investigative services in computer forensics, the basic hardware requirements in a forensic lab, list of various hardware forensic, the basic software requirements  and software forensic tools in a forensic lab.

  • What is Cyber Forensic Investigation?

    Cyber Forensic & Digital Crime Investigation course completely deals with the cases related to authenticity and admissibility of the digital evidence in the court of law with emphasis on its legality within the grounds of cyber forensics.

  • How can I become a Cyber Forensic Expert?

    In the course, learners will be enlightened about all the investigative skills acquired to be a Cyber Forensic Expert. The course will focus on the scientific and technical methods involved in a sequential examination of the cyber evidence and upskill the learner as an Expert.

  • What are the responsibilities of a Cyber Forensic Expert?

    The Cyber Forensic Expert is responsible for acquiring and retrieving the data from the source. They also make ensure that any threat of cyber crime has been tackled effectively. They also assist in legal proceedings for interpreting the data scientifically.

  • What are the scope and the opportunistic aspects of the course?

    The learner can be appointed by any private body to investigate the case of foul-play of confidential data and as well as their retrieval, recovery and investigation. They can also work with the Government bodies to investigate the cases of cyber crime. 

  • Where can I contact in case of any queries?

    You can write to us at education@sifs.in or call us at +91-1147074263 or WhatsApp us +91-7303913002 or +91-7303913003.

2007 James Kent: University Professor caught up in Child Pornography

In 1999, James Kent, a professor of public administration at Maris College in Poughkeepsie, NY, started a researching child pornography for a book that he was planning on the topic. In June 2000 he abandoned the project and deleted his copies of the files. In 2005 his computer was replaced by the college, but the files from his old computer were copied to the new computer. In 2007 Kent, now 63, complained to his school's IT department that his college-provided computer not functioning properly. In the course of running a virus scan the school's IT department discovered a large number of pictures of "of very young girls, some scantily dressed in sexually suggestive poses." Kent maintained that the photos were left over from his research efforts and that he did not have access to the files. Kent is charged with 141 counts of possession in child pornography. In the appeal the court throws out one count, arguing that Kent did not know that viewing child pornography online made a copy of the pornography in his web browser's cache.

Fairooze

4

It was really helpful and gained new sort of information, especially the critical aspects of analysis in cyber crime.

Aparna Dubey

4

Wonderful learning experience :)

Ufuoma Cyril Umukoro

5

I am glad that I chose this course. Informative and evaluative. Thankyou. 

Chris Chinedu Nwokolo

4

Very interesting and enriching.

Nandini Sharma

5

It was indeed an amazing platform to experience such an informative online course which i could ever think of , the way of presenting infact everything was wonderfully planned and will be looking forward for other such courses so as to add on to my knowledge

 

Instructors

Afreen Tarannum

Afreen Tarannum

Senior Scientific Officer

Preview this course

Select Course Level
Call for Assistance
7303913002

Be a Part of Revolutionized Learning

Our courses acknowledge comprehensive learning through synergistic sessions and also while staying rooted.