O.11 Digital Forensics

From CyberEdWiki
Jump to: navigation, search

Digital forensics is the recovery and investigation of material found in various cyber environments (e.g. networks, memory, operating systems, etc.). The focus of this KU is on the digital forensics process and technology (tools and techniques) not the legal aspect (such as chain of custody or preparing evidence for court).

Broad coverage of all the below topics and in-depth coverage, including hands-on-experience, of at least one of the below topics must be covered:

  • Operating system forensics
  • Device/Media forensics
  • Network forensics
  • Memory forensics

Outcome: Students will be able to understand a user's activity, determine the manner in which an operating system or application has been subverted, recover "deleted" and/or intentionally hidden information from various types of media, and demonstrate proficiency with handling a large number of different kinds of devices.

Outcome: Students will be able to understand how to identify forensic artifacts left by attacks.

Outcome: Students will be able to understand how to acquire a forensically sound image.