Basic Digital Forensics

frank griffitts

Instructor

Frank has been practicing digital forensics since 2009. He is an ACE certified examiner, CFE, and has taught computer forensics at the University of Advancing Technology since 2013. He has a B.S. in Applied Management form Grand Canyon University, and he currently works as a criminal investigator for a state law enforcement agency in Arizona. He also enjoys road trips with his wife and kids, running a multimedia production company on the side (www.gobabyvideo.com), and helping others learn new skills. He has been known to geek out over movies like Braveheart, The Matrix, Start Wars, and Lord of the Rings, to name just a few.

Reviews

Course reviews will be shown here

Overview

This course is designed as an introduction to digital forensics. Anyone can do push button forensics, but if your work is going to end up in court, you need to understand and be able to explain the underpinnings of your software's functions. In this course, you will learn how to explain and verify the processes that your software performs as you recover and analyze data evidence.

COURSE OUTLINE

Unit 1: Forensic concepts and Best Evidence rules

Unit 2: Numbering systems, byte-level analysis

Unit 3: Intro to automated tools

Unit 4: Windows OS and boot sequences

Unit 5: Storage media and disk architecture

Unit 6: Tool Validation and Process Verification

Unit 7: Forensic Soundness and Media Sterilization

Unit 8: Midterm Practical and Midterm Exam

Unit 9: Dead-box acquisition, hash values and chain of custody

Unit 10: Intro to Live-box acquisition and volatile data

Unit 11: Intro to FAT32 file system

Unit 12: Intro to NTFS file system

Unit 13: Time Zone metadata analysis

Unit 14: Basic forensic examination reports and courtroom demeanor

Unit 15: Practical Exam and Final Test

LEARNING OBJECTIVES

1. Demonstrate Scientific Methodology

2. Be able to convert binary to

2. Be able to verify processes of automated tools

3. Define "Best Evidence" in legal terminology

4. Relate search and seizure of digital evidence to the 4th Amendment

5. Identify various physical storage media devices

6. Understand how data is organized on storage media

7. Be able to make a forensic copy of evidence data

8. Describe and utilize a hash value to verify evidence

9. Define "Chain of Custody" and proper evidence handling

10. Recover files from the FAT32 file system at a byte level

11. Recover files from the NTFS file system at a byte level

12. Explain the elements of a good examination report

13. Demonstrate good courtroom demeanor

REQUIRED TEXTS AND READING

1. File System Forensic Analysis by Brian Carrier
2. http://www.garykessler.net/resources.html
3. http://www.cftt.nist.gov/
4. http://www.dfinews.com