Module 01: Computer Forensics in Today’s World

Understanding Computer Forensics

Why and When Do You Use Computer Forensics?

Cyber Crime (Types of Computer Crimes)

Case Study

Challenges Cyber Crimes Present For Investigators

Cyber Crime Investigation

Rules of Forensics Investigation

Understanding Digital Evidence

Types of Digital Evidence

Characteristics of Digital Evidence

Role of Digital Evidence

Sources of Potential Evidence

Rules of Evidence

Forensics Readiness

Computer Forensics as part of an Incident Response Plan

Need for Forensic Investigator

Roles and Responsibilities of Forensics Investigator

What makes a Good Computer Forensics Investigator?

Investigative Challenges

Legal and Privacy Issues

Code of Ethics

Accessing Computer Forensics Resources

Module 02: Computer Forensics Investigation Process

Importance of Computer Forensics Process

Phases Involved in the Computer Forensics Investigation Process

Pre-investigation Phase

Setting Up a Computer Forensics Lab

Build the Investigation Team

Review Policies and Laws

Establish Quality Assurance Processes

Data Destruction Industry Standards

Risk Assessment

Investigation Phase

Investigation Process

Computer Forensics Investigation Methodology: First Response

Computer Forensics Investigation Methodology: Search and Seizure

Computer Forensics Investigation Methodology: Collect the Evidence

Computer Forensics Investigation Methodology: Secure the Evidence

Computer Forensics Investigation Methodology: Data Acquisition

Computer Forensics Investigation Methodology: Data Analysis

Post-investigation Phase

Evidence Assessment

Documentation and Reporting

Testify as an Expert Witness

Module 03: Understanding Hard Disks and File Systems

Hard Disk Drive Overview

Disk Partitions and Boot Process

Understanding File Systems

RAID Storage System

File System Analysis

Module 04: Data Acquisition and Duplication

Data Acquisition and Duplication Concepts

Static Acquisition

Validate Data Acquisitions

Acquisition Best Practices

Module 05: Defeating Anti-forensics Techniques

What is Anti-Forensics?

Anti-Forensics techniques

Data/File Deletion

Password Protection


Data Hiding in File System Structures

Trail Obfuscation

Artifact Wiping

Overwriting Data/Metadata


Encrypted Network Protocols

Program Packers


Minimize Footprint

Exploiting Forensic Tools Bugs

Detecting Forensic Tool Activities

Anti-Forensics Countermeasures

Anti-Forensics Challenges

Anti-forensics Tools

Module 06: Operating System Forensics (Windows, Mac, Linux)

Introduction to OS Forensics

Windows Forensics

Collecting Volatile Information

Collecting Non-Volatile Information

Analyze the Windows thumbcaches

Windows Memory Analysis

Windows Registry Analysis

Cache, Cookie, and History Analysis

Windows File Analysis

Metadata Investigation

Text-Based Logs

Other Audit Events

Forensic Analysis of Event Logs

Windows Forensics Tools

Linux Forensics

Shell Commands

Linux Log files

Collecting Volatile Data

Collecting Non-Volatile Data

MAC Forensics

Introduction to MAC Forensics

MAC Forensics Data

MAC Log Files

MAC Directories

MAC Forensics Tools

Module 07: Network Forensics

Introduction to Network Forensics

Fundamental Logging Concepts

Event Correlation Concepts

Network Forensic Readiness

Network Forensics Steps

Network Traffic Investigation

Documenting the Evidence

Evidence Reconstruction

Module 08: Investigating Web Attacks

Introduction to Web Application Forensics

Web Attack Investigation

Investigating Web Server Logs

Web Attack Detection Tools

Tools for Locating IP Address

WHOIS Lookup Tools

Module 09: Database Forensics

Database Forensics and Its Importance

MSSQL Forensics

MySQL Forensics

MySQL Forensics for WordPress Website Database

Module 10: Cloud Forensics

Introduction to Cloud Computing

Cloud Forensics

Cloud Crimes

Cloud Forensics Challenges

Module 11: Malware Forensics

Introduction to Malware

Introduction to Malware Forensics

General Rules for Malware Analysis

Types of Malware Analysis

Analysis of Malicious Documents

Malware Analysis Challenges

Module 12: Investigating Email Crimes

Email System

Email Crimes (Email Spamming, Mail Bombing/Mail Storm, Phishing, Email Spoofing, Crime via Chat Room, Identity Fraud/Chain Letter)

Email Message

Steps to Investigate Email Crimes and Violation

Email Forensics Tools

Laws and Acts against Email Crimes

Module 13: Mobile Phone Forensics

Mobile Device Forensics

Why Mobile Forensics?

Top Threats Targeting Mobile Devices

Mobile Hardware and Forensics

Mobile OS and Forensics

What Should You Do Before the Investigation?

Mobile Forensics Process

Module 14: Forensics Report Writing and Presentation

Writing Investigation Reports

Expert Witness Testimony

Dealing with Media