This course provides students with the fundamental knowledge and skills necessary to perform a limited digital forensic examination, validate hardware and software tools, and effectively use digital forensic suites and specialized tools. The course begins with a detailed review of the digital forensic examination process, including documentation, case management, evidence handling, validation, and virtualization. Students learn to use today's leading commercial and open source digital forensic suites: Magnet Axiom, X-ways Forensic, and Autopsy. Instruction on each suite will include an interface overview, configuration, hashing, file signature analysis, keyword searching, data carving, bookmarking, and report creation.
Course structure:
- Digital forensic process. Learn about evidence review, requests for examination, and case management.
- Validation. Review the creation of validation images and validation testing.
- Effective tool usage. Explore tool interfaces, as well as hashing, file signature analysis, data carving, searching, metadata, and bookmarking.
- Reporting. Learn about general report structure, report templates, and using tool-generated reports.