Digital Forensics

Digital Forensics is a 30 hours comprehensive program offered by ICSS. Students will learn about various important concepts about Computer Forensics, Cybercrime & Digital Evidence; Forensics Investigation Phases; Forensics Investigation Methodology; Evidence Handling; Email Investigation; and Database Forensics. This course also focuses on legal considerations applicable to computer forensics and how to identify, collect and preserve digital evidence. The student will learn how to identify, collect and preserve digital evidence. The student will also understand scientific principles relating to digital forensics and various concepts like keyword lists, grep, file hashing, and report writing. The students will also get hands-on lab experience using various opensource tools.

M 1 – Introduction to Computer Forensics
• 1.1 : Overview
• 1.2 : Objectives of Computer Forensics
• 1.3 : Branches of Digital Forensics
• 1.4 : Digital Forensics Process
• 1.5 : Cyber Cells & IT Law in India
• 1.6 : IT Act 2000 – Penalties and Offences
M 2 – Cybercrime & Digital Evidence
• 2.1 : Overview
• 2.2 : Challenges in Forensics Investigation
• 2.3 : Principles & Rules of Forensics Investigation (include Locard’s Exchange principle)
• 2.4 : Digital Evidences
• 2.5 : Characteristics of Digital Evidence
• 2.6 : Rules of Evidence
• 2.7 : Sources of Evidence
• 2.8 : Gathering Digital Evidence: The Procedure
• 2.9 : Volatile Evidence
• LAB-1 CAPTURING THE VOLATILE MEMORY
• 2.10 : Non-volatile data
• LAB-2 ACQUIRING NON-VOLATILE DATA
• 2.11 : Chain of Custody
• 2.12 : Importance of Digital Evidence in the Court of Law
M 3 – Forensics Investigation Phases
• 3.1 : Overview
• 3.2 : Pre investigation
• 3.3 : Investigation
• 3.4 : Post investigation
M 4 – Forensics Investigation Methodology
• 4.1 : Secure Crime Scene and Shreds of evidence
• 4.2 : Photography and Videography of Evidence
• 4.3 : Sketching and Crime Scene Checklist
• 4.4 : Search, Collect & Seize Digital Evidences
• 4.5 : Data Acquisition
• 4.6 : Storage Formats for Digital Evidence
• 4.7 : Data Acquisition and Duplication Tools
• 4.8 : Data Acquisition Best Practices
• 4.9 : Forensics Investigation Report
• 4.10 : Examination & Analysis
• 4.11 : Report writing
• 4.12 : Courtroom presentation / Expert Witness
M 5 – Evidence Handling
• 5.1 : Overview
• 5.2 : Investigation of Powered on and powered off computer/device
• 5.3 : Computers, Components, and Devices
• 5.4 : Fundamentals of Hard Disk and File System
• 5.5 : File systems (Windows/Linux/Mac file system)
M 6 – Email Investigation
• 6.1 : Overview
• 6.2 : How Does Email Work?
• 6.3 : Email Identities and Data
• 6.4 : E-Mail Forensics Investigation Techniques
• 6.5 : IP & IP location
• 6.6 : Traceroute
• 6.7 : E-Mail Forensics Tools
M 7 – Database Forensics
• 7.1 : Overview
• 7.2 : Importance of Database Forensics
• 7.3 : Database Artifact for Forensics Analysis
• 7.4 : MSSQL Forensics
• 7.5 : Data Store in SQL Server
• 7.6 : Challenges of Database Forensics
• 7.7 : Computer Forensics Tools and Techniques