Everyday Digital Forensics

In this course, you will be presented with an overview of the principles and techniques for digital forensics investigation in the spectrum of file system analysis.

Course Content

Course Description

The objective of this course is to emphasize the fundamentals and importance of digital forensics. You will learn about core forensic open source tools and process used to conduct a forensic investigation.

This course will focus mainly on the analysis of physical storage media and volume analysis using open source software available in the market. It will cover the phases of digital investigations such as preservation, analysis and acquisition of artifacts found in hard disk, random access memory, and virtual environments.You will have the opportunity to dive into hard disk data acquisition process, both live and dead acquisitions, and study FAT and NTFS file systems in both UNIX/Linux and Windows systems.

This course will provide theoretical and practical knowledge from File system forensics analysis by Brian Carrier and Real Digital Forensics: Computer Security and Incident Response byKeith J. Jones. This course will also cover current research on Digital Forensics.


  • Windows 7 (or up) Machine (or VM)
  • Comfortable with hexadecimals or binaries
  • Security and Network concepts
  • Basic experience with programming languages (i.e., python or javascript)
  • Positive attitude
  • Passion for learning
  • Course Goals

    By the end of the course, students should be able to:

  • Understand the process to perform a digital forensics investigation
  • Identify and define file systems concepts, including EXT, FAT, and NTFS
  • Conduct live and dead disk acquisitions
  • Understand what happens when you delete a file
  • Perform data carving and Steganographic techniques
  • Properly check and execute malicious files
  • Create a complete forensics tool kit
  • Basic understanding and experience with professional tools
  • In a world where cyber attacks are becoming more prevalent, more digital forensic analysts are needed to preserve data, trace attacks and work with law enforcement agents.

    Companies are more vulnerable than ever to cyber attacks or hacks. Once an attack has happened, companies need specialists to identify, analyze and preserve any evidence to use in legal proceedings. They also want to prevent any more attacks from happening. The collecting and preserving of the evidence is called digital forensics or sometimes also referred to as computer forensics.

    For any IT professional, understanding the principles and techniques of a digital forensics investigation from the spectrum of file system analysis will help them execute a successful forensic investigation when the time comes.

    Why do we need digital forensics?

    After a cyber attack, it’s essential to learn where the attack came from and recover any lost data. This is when digital forensics specialists are needed.

    If an attack warrants legal action, it’s important for digital forensic specialists to follow certain procedures and utilize certain tools so the evidence stands up in any legal proceedings or court.

    Even if law enforcement is not involved in an attack, companies will want a digital forensic specialist to identify where the attack came from, to help prevent another in the future, and to recover any lost data.

    What does a digital forensics analyst do?

    Digital forensic analysts are called in after an attack. An investigation will begin that has a few phases.

    First, is the preservation of data. If valuable information was compromised or lost during the hack, the digital forensic analyst’s first job is to get it back. Then, an analysis will begin. It’s the digital forensic analyst’s job to find out where the hack came from and where the company or group’s vulnerable spot was. Next, there will be the acquisition of artifacts found in hard disk, random access memory, and virtual environments. Finally, a digital forensic analyst will need to write a report for others within their organization to understand what happened, free of computer jargon.

    The two major roles of a digital forensic analyst recovering data and then aiding law enforcement agencies if the case requires legal action.

    Is digital forensics a good career?

    The U.S. Bureau of Labor Statistics (BLS) projected a 17 percent growth digital forensics jobs by 2026, with a total of 2,600 jobs created. So, the need for digital forensics professionals is on the rise.

    With a degree or certification in digital forensics, professionals can seek jobs in a cybersecurity office, be a digital forensic investigator, be a crime analyst or even work for Homeland Security.

    Traditionally, digital forensics jobs were found more in the public sector, but as large companies become more vulnerable to attacks, they are hiring their own in-house specialists.

    The average salary for a digital forensic analyst is $72,417, according to PayScale. Starting out, a digital forensic analyst may earn around $48,000. The more advanced and senior digital forensic specialists can earn as much as $116,000 a year.

    What is the best way to learn digital forensics?

    Often, employers will require digital forensic analysts to have a bachelor’s degree in forensic science or natural science. But there are other ways to earn a job in this field, even without a degree.

    In-house IT professionals who will head up an internal investigation taking an online digital forensics course is a great way to prepare and arm yourself for your company or group’s next attack. For people with a more general education background looking to broaden their skill set, who hope to land a job as a digital forensic analyst, receiving an online certification will make them a more attractive candidate.

    By taking an online digital forensics course through Cybrary, students will learn how to analyze physical storage media and volume analysis using open source software available in the market. Students will also learn the phases of a digital investigation. Cybrary offers interactive modules that give students the opportunity to dive into the hard disk data acquisition process, both live and dead acquisitions, and study FAT and NTFS file systems in both UNIX/Linux and Windows systems.

    By taking a course with Cybrary, students can learn at their own pace through multiple brief modules. Full-time students can devour the content quickly or full-time professionals can learn a little each night when it works for them.

    This course is part of a Career Path:
    Incident Handler Courses, Training & Career Path
    In this Career Path, you will learn the incident response process, from building an incident response kit and developing an incident response team, to identifying, containing, and recovering from incidents. We then steer away from a traditional “defensive-only” approach to introduce you to the attacker’s world.

    Instructed by

    Yesenia Yser

    I am a South Florida native with a thirst for the ocean and tropical weather. You can always find me tinkering or running around with a puffed out humidity hair (any tricks are welcomed). I consider myself as a security enthusiast with a background in security software development, incident response, and digital forensics. I hold a bachelor’s degree in computer science from Florida International University (FIU) and a master’s degree in digital forensics from University of Central Florida (UCF).

    I work at a Fortune 100 company as a Manager of Security Research & Development team, where I am a sub-committee member of a local Women in Tech Committee establishing events for local universities, university mentorships and internal Ted-like Talks.

    I am also an #IamRemarkable Facilitator and have hosted two inspiring workshops so far. In my free time, I study Brazilian Jiu Jitsu (BJJ) & Yoga, coach Kids BJJ, remodel my new home, and spend time with my fur babies: 2 Cats, a Boxer/German Shepherd, and Bubba, a retired bunny.

    Cybrary Logo
    Certification Body
    Certificate of Completion

    Complete this entire course to earn a Everyday Digital Forensics Certificate of Completion