Forensic Analysis: Cybercrime Investigations


Overview/Description
Expected Duration
Lesson Objectives
Course Number
Expertise Level


Overview/Description

Cybercrime investigators are typically responsible for collecting, processing, analyzing, and interpreting digital evidence related to network vulnerabilities, criminal activity, and counterintelligence initiatives.

In this course, you'll explore the basics of network packet capturing, a process used to intercept and log traffic occurring over a network. You'll also examine the purpose and features of some standard tools and techniques to preserve and analyze a computer system's most volatile data. You'll then learn to use some of these tools and techniques to achieve various digital forensic analysis goals.

Next, you'll recognize computer forensic best practices, including locating evidence in the Windows Registry. Finally, you'll learn how to differentiate between the purpose and features of the various tools available for conducting hard disk forensic analysis. 



Expected Duration (hours)
1.6

Lesson Objectives

Forensic Analysis: Cybercrime Investigations

  • discover the key concepts covered in this course
  • define packet capturing and outline how it relates to CyberOps forensics
  • define network forensics and describe some types of vulnerabilities
  • demonstrate the use of packet capturing to gain intelligence from an attack
  • illustrate how to reconstruct artifacts and files from a PCAP file using Wireshark
  • define volatile data and identify the possible data contained within
  • compare available tools used to analyze a computer's memory
  • demonstrate how to use the volatility framework to process extraction of computer memory
  • describe the Windows Registry and recognize the valuable information stored within
  • navigate the Windows Registry and use it to locate changes made a to system
  • differentiate between Windows Registry tools and the techniques used for analyzing changes to the registry
  • differentiate between categories of digital evidence, including computer, mobile, network, and database
  • outline how to gather digital evidence, including identification, collection, acquisition, and preservation
  • identify tools available for computer forensic analysis and their features
  • describe the features of the SIFT computer forensics tool
  • illustrate how to mount evidence using SIFT
  • summarize the key concepts covered in this course

    • Course Number:
    it_cyforadj_01_enus

    Expertise Level
    Intermediate