Everyday Digital Forensics

The objective of this course is to emphasize the fundamentals and importance of digital forensics. You will learn about core forensic open source tools and process used to conduct a forensic investigation.

This course will focus mainly on the analysis of physical storage media and volume analysis using open source software available in the market. It will cover the phases of digital investigations such as preservation, analysis and acquisition of artifacts found in hard disk, random access memory, and virtual environments.You will have the opportunity to dive into hard disk data acquisition process, both live and dead acquisitions, and study FAT and NTFS file systems in both UNIX/Linux and Windows systems.

This course will provide theoretical and practical knowledge from File system forensics analysis by Brian Carrier and Real Digital Forensics: Computer Security and Incident Response byKeith J. Jones. This course will also cover current research on Digital Forensics.

Prerequisites

Windows 7 (or up) Machine (or VM)

Comfortable with hexadecimals or binaries

Security and Network concepts

Basic experience with programming languages (i.e., python or javascript)

Positive attitude

Passion for learning

Course Goals

By the end of the course, students should be able to:

Understand the process to perform a digital forensics investigation

Identify and define file systems concepts, including EXT, FAT, and NTFS

Conduct live and dead disk acquisitions

Understand what happens when you delete a file

Perform data carving and Steganographic techniques

Properly check and execute malicious files

Create a complete forensics tool kit

Basic understanding and experience with professional tools

In a world where cyber attacks are becoming more prevalent, more digital forensic analysts are needed to preserve data, trace attacks and work with law enforcement agents.

Companies are more vulnerable than ever to cyber attacks or hacks. Once an attack has happened, companies need specialists to identify, analyze and preserve any evidence to use in legal proceedings. They also want to prevent any more attacks from happening. The collecting and preserving of the evidence is called digital forensics or sometimes also referred to as computer forensics.

For any IT professional, understanding the principles and techniques of a digital forensics investigation from the spectrum of file system analysis will help them execute a successful forensic investigation when the time comes.

Why do we need digital forensics?

After a cyber attack, it’s essential to learn where the attack came from and recover any lost data. This is when digital forensics specialists are needed.

If an attack warrants legal action, it’s important for digital forensic specialists to follow certain procedures and utilize certain tools so the evidence stands up in any legal proceedings or court.

Even if law enforcement is not involved in an attack, companies will want a digital forensic specialist to identify where the attack came from, to help prevent another in the future, and to recover any lost data.

What does a digital forensics analyst do?

Digital forensic analysts are called in after an attack. An investigation will begin that has a few phases.

First, is the preservation of data. If valuable information was compromised or lost during the hack, the digital forensic analyst’s first job is to get it back. Then, an analysis will begin. It’s the digital forensic analyst’s job to find out where the hack came from and where the company or group’s vulnerable spot was. Next, there will be the acquisition of artifacts found in hard disk, random access memory, and virtual environments. Finally, a digital forensic analyst will need to write a report for others within their organization to understand what happened, free of computer jargon.

The two major roles of a digital forensic analyst recovering data and then aiding law enforcement agencies if the case requires legal action.

Is digital forensics a good career?

The U.S. Bureau of Labor Statistics (BLS) projected a 17 percent growth digital forensics jobs by 2026, with a total of 2,600 jobs created. So, the need for digital forensics professionals is on the rise.

With a degree or certification in digital forensics, professionals can seek jobs in a cybersecurity office, be a digital forensic investigator, be a crime analyst or even work for Homeland Security.

Traditionally, digital forensics jobs were found more in the public sector, but as large companies become more vulnerable to attacks, they are hiring their own in-house specialists.

The average salary for a digital forensic analyst is $72,417, according to PayScale. Starting out, a digital forensic analyst may earn around $48,000. The more advanced and senior digital forensic specialists can earn as much as $116,000 a year.

What is the best way to learn digital forensics?

Often, employers will require digital forensic analysts to have a bachelor’s degree in forensic science or natural science. But there are other ways to earn a job in this field, even without a degree.

In-house IT professionals who will head up an internal investigation taking an online digital forensics course is a great way to prepare and arm yourself for your company or group’s next attack. For people with a more general education background looking to broaden their skill set, who hope to land a job as a digital forensic analyst, receiving an online certification will make them a more attractive candidate.

By taking an online digital forensics course through Cybrary, students will learn how to analyze physical storage media and volume analysis using open source software available in the market. Students will also learn the phases of a digital investigation. Cybrary offers interactive modules that give students the opportunity to dive into the hard disk data acquisition process, both live and dead acquisitions, and study FAT and NTFS file systems in both UNIX/Linux and Windows systems.

By taking a course with Cybrary, students can learn at their own pace through multiple brief modules. Full-time students can devour the content quickly or full-time professionals can learn a little each night when it works for them.