frank griffitts


Frank has been practicing digital forensics since 2009. He is an ACE certified examiner, CFE, and has taught computer forensics at the University of Advancing Technology since 2013. He has a B.S. in Applied Management form Grand Canyon University, and he currently works as a criminal investigator for a state law enforcement agency in Arizona. He also enjoys road trips with his wife and kids, running a multimedia production company on the side (, and helping others learn new skills. He has been known to geek out over movies like Braveheart, The Matrix, Start Wars, and Lord of the Rings, to name just a few.

Reviews (1)

Marco Scaraggi
not working


This course is designed as an introduction to digital forensics.  Anyone can do push button forensics, but if your work is going to end up in court, you need to understand and be able to explain the underpinnings of your software's functions.  In this course, you will learn how to explain and verify the processes that your software performs as you recover and analyze data evidence.


Unit 1:  Forensic concepts and Best Evidence rules

Unit 2:  Numbering systems, byte-level analysis

Unit 3:  Intro to automated tools

Unit 4:  Windows OS and boot sequences

Unit 5:  Storage media and disk architecture

Unit 6:  Tool Validation and Process Verification

Unit 7:  Forensic Soundness and Media Sterilization

Unit 8:  Midterm Practical and Midterm Exam

Unit 9:  Dead-box acquisition, hash values and chain of custody

Unit 10:  Intro  to Live-box acquisition and volatile data

Unit 11:  Intro to FAT32 file system

Unit 12:  Intro to NTFS file system

Unit 13:  Time Zone metadata analysis

Unit 14:  Basic forensic examination reports and courtroom demeanor

Unit 15:  Practical Exam and Final Test


1.  Demonstrate Scientific Methodology
2.  Be able to convert binary to 
2.  Be able to verify processes of automated tools
3.  Define "Best Evidence" in legal terminology
4.  Relate search and seizure of digital evidence to the 4th Amendment
5.  Identify various physical storage media devices
6.  Understand how data is organized on storage media
7.  Be able to make a forensic copy of evidence data
8.  Describe and utilize a hash value to verify evidence
9.  Define "Chain of Custody" and proper evidence handling 
10.  Recover files from the FAT32 file system at a byte level
11.  Recover files from the NTFS file system at a byte level
12.  Explain the elements of a good examination report
13.  Demonstrate good courtroom demeanor


1.  File System Forensic Analysis by Brian Carrier


1.  Unit 1 lecture
2.  Unit 2 lecture
3.  Unit 3 lecture
4.  Unit 4 lecture
5.  Unit 6 lecture
6.  Unit 7 lecture
7.  Unit 8 lecture
8.  Unit 9 lecture

Course content

  • Rubrics

  • Study Materials

  • Lab Materials

  • Unit 1: Science, Best Evidence Rules, and Chain of Custody

  • Unit 2: Numbering Systems, Byte-Level Analysis

  • Unit 3: Storage Media and Disk Architecture

  • Unit 4: Lab Setup and Forensic Tools

  • Unit 5: Forensic Soundness and Media Sterilization

  • Unit 6: Tool Validation and Process Verification

  • Unit 7: Evidence Collection, Dead-box acquisition, and Hash Verification

  • Unit 8: Midterm Practical and Midterm Exam

  • Unit 9: Windows OS and Boot Sequences

  • Unit 10: Intro to Live-box Acquisition and Volatile Data

  • Unit 11: Intro to FAT File System

  • Unit 12: Intro to NTFS File system

  • Unit 13: Time Zone Metadata Analysis

  • Unit 14: Basic Reporting & Courtroom Demeanor

  • Unit 15: Practical Exam and Final Test

Interested? Enroll to this course right now.

There is more to learn