To support the preparation of participants in the Introductory Digital Forensics Course, the Centre provides an online web-based course on digital forensics and digital evidence. This course is open to all individuals from NATO CCDCOE Sponsoring Nations, Contributing Participants as well as NATO bodies. This course can be accessed through the NATO e-Learning Joint Advanced Distributed Learning Portal.
With the completion of this course you can earn 1 ISACA CPEs.
Learning Objectives
- Define the scope of the science of digital forensics
- Define digital evidence and provide examples
- Describe the legal status of digital evidence
- Define the concepts of integrity and authenticity that laws about digital evidence deal with
- Describe the difference between digital forensics and incident response
- List the areas of digital forensics
- Will be able to describe the phases of the digital forensic process and give examples of the requirements that investigators should follow when working on each
- Differentiate between dead and live acquisition of digital evidence and explain in what situations which mode of acquisition should be preferred
- Define memory and disk imaging
- Describe the possible methods of acquisition of memory images and specify which of them are safe to use in digital forensics and which not
- Describe the functionalities of different formats of disk images
- List the types of evidence that can be found from the system’s memory
- List the types of evidence that can be found when examining Windows OS
- Give examples of the information that an investigator can find and deduce when examining web browser artifacts
- Describe the limits of the recovery of instant messages
- Describe the elements of an e-mail that an investigator should examine
Target Audience
The TA of this module is the same TA, as the targeted TA of the Introductory Digital Forensics Course.
Outline
- Digital Forensics and Digital Evidence
- Digital Forensic Process
- Acquisition of Digital Evidence
- Examination and Analysis of Digital Evidence
Prerequisites
The requirements of the Introductory Digital Forensics Course apply.
Registration
The course can be accessed through the NATO e-Learning Joint Advanced Distributed Learning portal and is available to all users of the portal. Once registered, users may access the course by navigating to the ‘Centres of Excellence’ -> ‘COE Cyber Defence’ -> ‘Digital Forensics and Digital Evidence’ course listing.