Module 1: Computer Forensics in Today’s World
- Understanding Computer Forensics
- Why and When Do You Use Computer Forensics?
- Cyber Crime (Types of Computer Crimes)
- Case Study
- Challenges Cyber Crimes Present For Investigators
- Cyber Crime Investigation
- Rules of Forensics Investigation
- Understanding Digital Evidence
- Types of Digital Evidence
- Characteristics of Digital Evidence
- Role of Digital Evidence
- Sources of Potential Evidence
- Rules of Evidence
- Forensics Readiness
- Computer Forensics as part of an Incident Response Plan
- Need for Forensic Investigator
- Roles and Responsibilities of Forensics Investigator
- What makes a Good Computer Forensics Investigator?
- Investigative Challenges
- Legal and Privacy Issues
- Code of Ethics
- Accessing Computer Forensics Resources
Module 2: Computer Forensics Investigation Process
- Importance of Computer Forensics Process
- Phases Involved in the Computer Forensics Investigation Process
- Pre-investigation Phase
- Investigation Phase
- Post-investigation Phase
Module 3: Understanding Hard Disks and File Systems
- Hard Disk Drive Overview
- Disk Partitions and Boot Process
- Understanding File Systems
- RAID Storage System
- File System Analysis
Module 4: Data Acquisition and Duplication
- Data Acquisition and Duplication Concepts
- Static Acquisition
- Validate Data Acquisitions
- Acquisition Best Practices
Module 5: Defeating Anti-forensics Techniques
- What is Anti-Forensics?
- Anti-Forensics techniques
Module 6: Operating System Forensics (Windows, Mac, Linux)
Introduction to OS Forensics
Windows Forensics
- Collecting Volatile Information
- Collecting Non-Volatile Information
- Analyse the Windows thumbcaches
- Windows Memory Analysis
- Windows Registry Analysis
- Cache, Cookie, and History Analysis
- Windows File Analysis
- Metadata Investigation
- Text Based Logs
- Other Audit Events
- Forensic Analysis of Event Logs
- Windows Forensics Tools
Linux Forensics
- Shell Commands
- Linux Log files
- Collecting Volatile Data
- Collecting Non-Volatile Data
MAC Forensics
- Introduction to MAC Forensics
- MAC Forensics Data
- MAC Log Files
- MAC Directories
- MAC Forensics Tools
Module 7: Network Forensics
- Introduction to Network Forensics
- Fundamental Logging Concepts
- Event Correlation Concepts
- Network Forensic Readiness
- Network Forensics Steps
- Network Traffic Investigation
- Network Packet Analyser: Capsa Portable Network Analyser
- Documenting the Evidence
- Evidence Reconstruction
Module 8: Investigating Web Attacks
- Introduction to Web Application Forensics
- Web Attack Investigation
- Investigating Web Server Logs
- Web Attack Detection Tools
- Tools for Locating IP Address
- WHOIS Lookup Tools
Module 9: Database Forensics
- Database Forensics and Its Importance
- MSSQL Forensics
- MySQL Forensics
Module 10: Cloud Forensics
- Introduction to Cloud Computing
- Cloud Forensics
Module 11: Malware Forensics
- Introduction to Malware
- Introduction to Malware Forensics
- Analysis of Malicious Documents
- Malware Analysis Challenges
Module 12: Investigating Email Crimes
- Email System
- Email Crimes (Email Spamming, Mail Bombing/Mail Storm, Phishing, Email Spoofing, Crime via Chat Room, Identity Fraud/Chain Letter)
- Email Message
- Steps to Investigate Email Crimes and Violation
- Email Forensics Tools
- Laws and Acts against Email Crimes
Module 13: Mobile Phone Forensics
- Why Mobile Forensics?
- Top Threats Targeting Mobile Devices
- Mobile Hardware and Forensics
- Mobile OS and Forensics
- What Should You Do Before the Investigation?
- Mobile Forensics Process
Module 14: Forensics Report Writing and Presentation
- Writing Investigation Reports
- Expert Witness Testimony