Digital Forensics, Knowledge Unit (2020)

From CyberEdWiki
Jump to: navigation, search

This article is for the Knowledge Unit. For the Specialization Area, see Digital Forensics, Specialization Area

The intent of the Digital Forensics Knowledge Unit is to provide students with the skills to apply forensics techniques throughout an investigation life cycle with a focus on complying with legal requirements.


After completing the KU, students will be able to:

  1. Discuss the rules, laws, policies, and procedures that affect digital forensics.
  2. Use one or more common DF tools, such as EnCase, FTK, ProDiscover, Xways, SleuthKit.
  3. Describe the steps in performing digital forensics from the initial recognition of an incident through the steps of evidence gathering, preservation and analysis, through the completion of legal proceedings.


  1. Legal Compliance
    1. Applicable Laws
    2. Affidavits
    3. How to Testify
    4. Case Law
    5. Chain of custody
  2. Digital Investigations
    1. E-Discovery
    2. Authentication of Evidence
    3. Chain of Custody Procedures
    4. Metadata
    5. Root Cause Analysis
    6. Using Virtual Machines for Analysis


NICE Framework Categories[edit]

CSEC 2017 Categories[edit]

Specialization Areas[edit]

See also[edit]

Related Knowledge Units

Further reading[edit]

Suggested textbooks[edit]

Suggested academic readings[edit]

Sample knowledge test[edit]

Sample skills test[edit]

Sample abilities test[edit]

Additional notes or materials[edit]


Reference ID[edit]