Digital Forensics

Duration: 1 Week

Summary:

Digital Forensics is both a sub-field of Cyber Security (usually it is part of Incident Response - when an attack has occurred forensics is used to determine who did it, when they did it, what they did, etc), and also a field onto itself as part of the legal forensic science processes (e.g. providing evidence like emails, IMs, etc in all kinds of cases). The Introduction module has videos overviewing the field, and showing a case. The material in this Digital Forensics module provides some more depth on digital forensics processes. The URI Digital Forensics courses go into much more depth; the material in this module is meant to introduce the concepts and to provide students who don't take a subsequent digital forensics course the background to understand the digital forensics processes when doing something like incident response in cyber security.

Learning Objectives

The objective of this module is to introduce basic concepts of the digital forensics process. After doing the material in this module, you should be able to:

Describe how digital evidence is acquired in a way that is acceptable for legal proceedings.
Describe how digital evidence is analyzed in a way that is acceptable for legal proceedings.
Name and explain the basic legal considerations in performing digital forensics.
Define digital signatures and the factors that make a good hash function
Perform MD5 hash digital signatures
Use a tool like FTK imager to create an image of a disk
Use FTK toolkit searching to find evidence on a disk

Course Material

Watch: The Digital Forensics Examiner [19:35]
- Slide PDF
Watch: The Digital Forensics Safety Net [15:13]
- Slide PDF
Watch: Digital Signatures/Hashing [17:21]
- Slide PDF
Watch: Evidence Acquisition Overview [18:04]
- Slide PDF

Video Tutorials for Practicum

Watch: FTK Imager [04:02]
Watch: FTK Toolkit [1:07:46]
Read: Digital Forensics Chapter

Conceptual Questions

Practicum

Digital Forensics Practicum