Course description

This module focuses on the "Detective" side of cybersecurity. Digital Forensics is the practice of uncovering the "who, what, when, and how" after a security breach or criminal act has occurred.

You will learn the rigorous legal and technical standards required to handle digital evidence without compromising its integrity. The course covers everything from memory forensics (analyzing RAM) and disk imaging to mobile device forensics and network trail analysis. You will use industry-standard tools like Autopsy, FTK Imager, and Volatility to piece together digital puzzles. Whether you are aiming to work for law enforcement, a private corporate investigation team, or an incident response unit, this module provides the specialized skills needed to solve complex digital crimes.

What will i learn?

• Evidence Acquisition: Perform bit-by-bit imaging of hard drives while maintaining a strict "Chain of Custody."
• Memory Forensics: Analyze volatile memory (RAM) to find running malware or hidden processes that disappear on reboot.
• Artifact Analysis: Extract browsing history, deleted emails, and hidden files from Windows, Linux, and MacOS systems.
• Network Forensics: Reconstruct web sessions and file transfers from captured network packets (PCAP files).
• Expert Reporting: Document your findings in a professional forensic report suitable for use in a court of law or corporate hearing.

Frequently asked question