Learning Computer Forensics
2h 50mBeginner2019-02-19
Authors
Jungwoo Ryoo
Teaches IT, cybersecurity, and risk analysis at Penn State
Course details
Computer forensics is used to find legal evidence in computers, mobile devices, or data storage units. Although this course won't teach you everything you need to know to become a digital forensics detective, it does cover all the essentials of this growing (and exciting) technical field. Jungwoo Ryoo reviews the basics: the goals of computer forensics, the types of investigations it's used for, and the different specializations within the field. Then, he shows how to prepare for an investigation; acquire data; make sure data is kept in its original state with software and hardware write blockers; analyze the data; and generate a report. He uses a combination of open-source and commercial software, so you'll be able to uncover the information you need with tools that are in your budget.
Learning objectives
Goals of computer forensics
Pursuing a career in computer forensics
Using a hex editor
File system fundamentals
Partitioning a data storage device
Acquiring data
Ensuring data integrity with hashing
Indexing and searching
Generating a report
Learning objectives
Goals of computer forensics
Pursuing a career in computer forensics
Using a hex editor
File system fundamentals
Partitioning a data storage device
Acquiring data
Ensuring data integrity with hashing
Indexing and searching
Generating a report
Skills covered
Incident ResponseCybersecurityLearning
Concepts
0. Introduction
- 01 - Learning computer forensics
- 02 - What you should know
1. Understanding Computer Forensics
- 03 - Goals of computer forensics
- 04 - History
- 05 - Types of investigations
- 06 - Tools
- 07 - Legal implications
- 08 - Current and future trends
- 09 - Challenges
- 10 - Anti-forensics techniques
- 11 - Compliance and forensics
- 12 - Cybersecurity and forensics
2. Careers
- 13 - Specializations in computer forensics
- 14 - Network forensics
- 15 - Operating system forensics
- 16 - Web forensics
- 17 - Cloud forensics
- 18 - Malware forensics
- 19 - Mobile forensics
- 20 - Email forensics
- 21 - Certifications
3. Preparing for an Investigation
- 22 - Tools and knowledge requirements
- 23 - Hardware
- 24 - Software
- 25 - Understanding hexadecimal (hex) numbers
- 26 - Using a hex editor
- 27 - Understanding an offset
- 28 - Forensics OS distributions
4. File System Fundamentals
- 29 - Understanding file systems
- 30 - Understanding the boot sequence
- 31 - Understanding disk drives
- 32 - Understanding the master boot record (MBR)
- 33 - Understanding partitioning
5. Preserving Data
- 34 - Evidence preservation approaches
- 35 - Understanding the role of write blockers
- 36 - Using a software write blocker
- 37 - Using hardware write blockers
- 38 - Understanding hashing
- 39 - Hashing algorithms
- 40 - Hashing in FTK Imager
- 41 - Understanding mounting
- 42 - Mounting manually
6. Acquiring Data
- 43 - Data acquisition approaches
- 44 - Static acquisition with open-source tools
- 45 - Creating split-disk image files with dd
- 46 - Static acquisition with dcfldd
- 47 - Live acquisition with a commercial tool
- 48 - Memory dump analysis with volatility
7. Analyzing Data
- 49 - Forensic data analysis
- 50 - Indexing
- 51 - Searching
- 52 - Generating a report
- 53 - Hex editor analysis of a file with a wrong extension
- 54 - Hex editor analysis of a bit-shifted file
- 55 - Steganography
Conclusion
- 56 - Next steps
Related courses
- RAG, AI Apps, and AI Agents for Cybersecurity and Networking
- Introduction to Applied Cryptography and Cryptanalysis by Infosec
- ISC2 Systems Security Certified Practitioner (SSCP) Cert Prep
- CCNA Cybersecurity (200-201) v1.2 Cert Prep
- Automated Threat Detection: Building SOC Solutions with Splunk, TheHive, and Snort
- Azure Event Hubs for Developers
- Applied ChatGPT for Cybersecurity by Infosec
- Corporate Security Policies by Infosec