-
Computer forensics, or digital forensics, is a fairly new field. Computer forensics investigators, also known as computer forensics specialists, computer forensics examiners, or computer forensics analysts, are charged with uncovering and describing the information contained on, or the state or existence of, a digital artifact. Digital artifacts include computer systems, hard drives, CDs, and other storage devices, as well as electronic documents and files like emails and JPEG images. The fast-growing field of computer forensics includes several branches related to firewalls, networks, databases, and mobile devices. Digital forensics technicians can find work with many types of organizations: government (local, state, and federal), accounting firms, law firms, banks, and software development companies. Essentially, any kind of organization that has a computer system may have a need for a digital forensics specialist. Some digital forensics specialists opt to start their own businesses, giving them an opportunity to work with a variety of clients. Computer forensics investigators provide many services based on gathering digital information, from investigating computer systems and data in order to present information for legal cases to determining how an unauthorized user hacked into a system. A digital forensics examiner does many things in the course of these tasks – protects the computer system, recovers files (including those that were deleted or encrypted), analyses data found on various disks, and provides reports, feedback, and even testimony when required. The employment outlook for digital forensics examiners and investigators is favorable due to the rapid growth of crimes involving computers (cybercrime). Learning Outcomes After the successful completion of this course, the learner will be able to: A. Understand the importance of a systematic procedure for investigation of data found on digital storage media that might provide evidence of wrong-doing. B. Understand the file system storage mechanisms of the operating systems. C. Use tools for faithful preservation of data on disks for analysis. D. Find data that may be clear or hidden on a computer disk. E. Learn the use of computer forensics tools used in data analysis, such as searching, absolute disk sector viewing and editing, recovery of files, password cracking, etc. F. Understand how to present the results of disk data analysis in a court proceeding as an expert witness.
-
WEEK
TOPIC
MODULE
Week 1
Introduction to Digital Forensic
Definition of Computer Forensics
Cyber Crime
Evolution of Computer Forensics
Objectives of Computer Forensics
Roles of Forensics Investigator
Forensics Readiness
Steps for Forensics
Week 2
Computer Forensics Investigation Process
Digital Forensics Investigation Process
Digital Forensics Investigation Process-Assessment Phase
Acquire the Data
Analyze the Data
Report the Investigation
Week 3
Digital Evidence and First Responder Procedure
Digital Evidence
Digital Evidence Investigation Process
First Responders Toolkit
Issues Facing Computer Forensics
Types of Investigation
Techniques in digital forensics
Week 4
Understanding Storage Media and File System
The Booting Process
LINUX Boot Process
Mac OS Boot Sequence
Windows 10 Booting Sequence
File System
Type of File Systems
Week 5
Windows Forensics
Introduction to Windows Forensics
Windows Forensics Volatile Information
Windows Forensics Non- Volatile Information
Recovering deleted files and partitions
Windows Forensics Summary
Digital Forensics Road map: Static Data Acquisition from windows using FTK Imager
Live Data Acquisition using FTK Imager
FTK Imager
Installation of KALI Linux
RAM Dump Analysis using Volatility
Static Data Acquisition from Linux OS
Week 6
Recovering Deleted Files and Partitions
Digital Forensics Tools
Overview of EnCase Forensics
Deep Information Gathering Tool: Dmitry Page
Computer Forensics Live Practical by using Autopsy and FTK Imager
Week 7
Network Forensics
Introduction to Network Forensics
Network Components and their forensic importance
OSI internet Layers and their Forensic importance
Tools Introduction Wireshark and TCPDUMP
Packet Sniffing and Analysis using Ettercap and Wireshark
Network Forensics
Wireshark Packet Analyzer
Packet Capture using TCP DUMP
Website Penetration: WHOIS, nslookup
Week 8
Logs & Event Analysis
Forensic Analysis using AUTOPSY: Linux and Windows
Forensics and Log analysis
Compare and AUDIT Evidences using Hashdeep Page
Data Carving using Bulk Extractor: Kali Linux and Windows
Recovering Evidence from Forensic Images using Foremost
Week 9
Application Password Cracking
Introduction to Password Cracking
Password Cracking using John the Ripper
Password Cracking using Rainbow Tables
PDF File Analysis
Remote Imaging using E3 Digital Forensics
Week 10
Wireless and Web Attacks
WiFi Packet Capture and Password Cracking using Aircrack ng
Introduction to Web Attacks
Website Copier: HTTRACK
SQL Injection
Site Report Generation: Netcraft
Vulnerability Analysis: Nikto
Wayback Machine
Deep Information Gathering Tool: Dmitry
Image Metadata Extraction using Imago
Week 11
Email Forensics Investigation
Email Forensics Investigations
Week 12
Mobile Device Forensics
Mobile Forensics
Preparation for Digital Forensic investigation
Investigative reports, expert witness and cyber regulations
Introduction to Report Writing
Forensic Reports & Expert Witness
Demonstration of Some Forensics Tools
Demonstration of Some Forensics Tools
