Cyber Forensic and Digital Crime Investigation are branches of digital forensic science pertaining to legal evidence found in digital storage devices like Hard disks, Solid state drives, Flash Drives and other evidence found in Computers. This course helps participants to understand the concepts of Digital Forensics, and make them capable to examine digital media in an expert approach, with latest and most successful methods and techniques with an aim of preserving the evidence and recovering the lost or intentionally erased data, analyzing and presenting the facts and opinions about information recovered from the crime scene.
In today’s time, computer forensics can also be used in civil proceedings. It involves all techniques similar to the data recovery, but some additional guidelines and practices are followed to create a legal audit trail. Participants of this course get trained with the best techniques which are used during Data Forensics and Computer Forensics investigations.
Module 1 Computer forensics in today's world
The field of computer forensic or cyber forensic is still in its emerging periods. This course module is based on computer forensic in today's world. It would introduce you to computer forensic, evolution of computer forensics, its objectives and benefits, forensic readiness planning, cyber-crimes, computer crimes, cybercrime investigation techniques and tools, role of a forensics investigator, digital evidence in forensic investigation, corporate investigations, explain the key concepts of enterprise theory of investigation (ETI), discuss various legal issues and reports related to computer forensic investigations.
Module 2 Computer forensics investigation process
Computer forensic investigation process discuss some of the most vital issues and concerns that cyber forensic investigators face today. Module will explain overview of computer crime investigation process, investigation methodology, steps to prepare for a computer forensic investigation, evaluation and securing the scene of crime, collection and preservation of evidence, different techniques to acquire and analyze the data, the importance of evidence and case assessment, report writing and testimony in the court as an expert witness.
Module 3 Searching and seizing computers
Under this module, students would be taught about the methods of searching and seizing computers without a warrant, the Fourth Amendment’s “Reasonable Expectation of Privacy”, consents, scope of consent, the steps involved in searching and seizing computers with a warrant, the basic strategies for executing computer searches, Privacy Protection Act, drafting the warrant and affidavit, the post-seizure issues, Electronic Communications Privacy Act, voluntary disclosure, Electronic Surveillance in Communications Networks, how content is different from addressing information and overview of evidence and authentication are the main points of consideration in this module.
Module 4 Digital evidence
Digital evidence is evidence transmitted in binary form that may be presented on in court. It can be found in a computer, CDs, hard drive, a mobile phone, PDA, a flash card in a camera etc. Digital evidence is usually allied with electronic crime such as child pornography, credit card fraud and many more. The module formerly cover aspects of digital evidence and explains its role in case of a computer security incident, the characteristics of digital evidence, digital data, federal rules of evidence, the international principles for computer evidence, Scientific Working Group on Digital Evidence (SWGDE), the considerations for collecting digital evidence from electronic, the overview of digital evidence examination processes and steps and digital evidence consideration by crime category.
Module 5 First responder procedures
Under this module, students would be taught the definition of electronic evidence, overview on how to collect and store the electronic evidence, first responder tool kit, overview on how to collect and secure the electronic, conduct preliminary interviews, collection and preservation of electronic evidence, checklist for the first responder and mistakes of the first responder’s.
Module 6 Computer forensics lab
Course module computer forensics lab would comprise the establishments of computer forensic labs such as how to set up a computer forensics lab, discuss the investigative services in computer forensics, the basic hardware requirements in a forensic lab, list of various hardware forensic, the basic software requirements and software forensic tools in a forensic lab.
Module 7 Understanding hard disks and file systems
In this module, the students will be introduced with hard disk drive, explain solid-state drive (SSD), overview of physical and logical structure of a hard disk, various types of hard disk interfaces, examine the components of a hard disk, disk partitions, explain windows and Macintosh boot process, introduction of file system, various types of file systems, explain an overview of windows, Linux, mac OS x, and sun Solaris 10 file systems, CD-ROM/DVD file system, raid storage system and raid levels and the file system analysis using the sleuth kit.
Module 8 Windows forensics
Windows forensics examination emphases on building in-depth digital forensic information of the Microsoft windows operating structures. In this module, the students will be introduced with volatile information, network and process information, non-volatile information, memory dump, Parsing Process Memory, different techniques for collecting nonvolatile information such as registry settings and event logs, various processes involved in forensic investigation of a Windows system such as memory analysis, registry analysis, IE cache analysis, cookie analysis, MD5 calculation, Windows file analysis, and metadata investigation, IIS, FTP, and system firewall logs, importance of audit events and event logs in Windows forensics, the static and dynamic event log analysis techniques, different Windows password security issues such as password cracking, analyze restore point registry settings, cache, cookie and various forensics tools.
Module 9 Data acquisition and duplication
Data acquisition and duplication module will explain various types of data acquisition systems, various data acquisition formats and methods, determine a best acquisition method, contingency planning for image acquisitions, static and live data acquisition, an overview of volatile data collection methodology, various types of volatile information, disk imaging tool, Linux and windows validation methods, raid disks and list of various data acquisition software and hardware tools.
Module 10 Recovering deleted files and deleted partitions
Under this module, students would be taught how to recover files in Windows, MAC, and Linux, file recovery tools for Windows, MAC and Linux, how to identify creation date, last accessed date of a file, and deleted sub-directories and How to recovering the deleted partitions and list partition recovery tools.
Module 11 Forensics investigation using access data FTK
Forensics investigation using access data FTK would be comprises the forensic toolkit and discuss its various features, FTK installation steps, FTK case manager, restore an image to a disk, explain FTK examiner user interface, how to verify drive image integrity, how to mount an image to a drive, the functions of FTK interface tabs, the steps involved in adding evidence to a case, local live evidence, remote device management system, imaging drives, mount and unmounts a device and decrypt EFS files and folders.
Module 12 Forensics investigation using encase
Introduction to EnCase forensics, its uses, and functionality, EnCase forensics modules, how to configure EnCase, case management, verification process of evidence files, source processor, various types of bookmark and report writing would be comprises in this module.
Module 13 Steganography and image file forensics
Steganography and image file forensics summarizing the steganography and its types, list of application of steganography, how to detect steganography, various steganography detection tools, image file formats, compress data, locate and recover image files, how to identify unknown file formats and picture viewer and image file forensic tools.
Module 14 Application password crackers
It first presents the password crackers terminologies, the functionality of password crackers, various types of passwords then discuss the work of password cracker, password cracking techniques, types of password attacks, applications of software password cracking, define default passwords and its cracking tools.
Module 15 Log capturing and event correlation
Computer security logs, logon event in Window, DHCP logs, ODBC logging, legality of using logs, log management, centralized logging, Syslog, NTP, NIST time servers and log capturing and analysis tools will be elaborate in this course module Log capturing and event correlation.
Module 16 Network forensics, investigating logs and investigating network traffic
Network forensics, investigating logs and investigating network traffic would be introduce you to the network forensics concepts, its mechanism, IDS, firewall, honeypot, network vulnerabilities, network attacks, new line and timestamp injection attack, logs as evidence, Network Traffic, DNS poisoning techniques, ARP table and List various traffic capturing and analysis tools.
Module 17 Investigating wireless attacks
In this module, students will be accustomed to the advantages and disadvantages of wireless networks, components of wireless networks, types of wireless networks, MAC filtering, SSID, wireless encryption, wireless attacks, investigate of wireless attacks and wireless forensics tools.
Module18 Investigating web attacks
This module focusses on web applications, its architecture, Web logs, web servers, Internet Information Services (IIS), apache web server logs, Web attacks, investigation process of web attacks in windows-based servers and various tools for locating IP.
Module 19 Tracking emails and investigating email crimes
Tracking emails and investigating email crimes explain the email system, email clients, email servers, mail message, importance of electronic records management, types of email crimes, email header, steps involved in investigation and tools of Email crimes and different laws and acts against email.
Module 20 Mobile forensics
Nowadays electronic device mobiles are very common. Module will introduce you to the hardware and software characteristics of mobile devices, cellular network, mobile devices, mobile operating system, mobile forensics challenges, various memory considerations in mobiles and tools and techniques to investigate the crimes related to mobile.
Module 21 Investigative reports
Importance of reports and need of an investigative report, salient features of a good report, layout of an investigative report, guidelines for report writing and report using FTK and pro discover will be cover in this module investigative reports
Module 22 Becoming an expert witness
In this module, the students will be introduced with Expert Witness, role and types of an expert witness, scope of expert witness testimony, differences between Technical Witness and Expert Witness, evidence processing, expert witness qualification, general ethics while testifying and testify during direct and cross-examination.
ONLINE EXAMINATION AND EVALUATION PROCESS
The mode of examination will be online for the students enrolled in online courses. After the completion of the respective course duration, you would have access to your examination portal on the allotted date and time, and accordingly you would be notify by the concerned authorities to check mails, so that you must give your examination in allocated date and time on our online examination portal.
TYPES OF QUESTIONS
You will have combination of Multiple Choice Questions, in the form of multiple option, True & False, Fill in the Blanks, Match the Following, Sequences Questions, Multiple Response Questions, Passage and Image Description form.
The complete correction and evaluation takes about two weeks. After the evaluation process is finally done, the mark sheets and certificates are posted on to the given postal address by address confirmation. If any change in postal address student must notify after completion of Examination.
Note: Every student must have to check email for examination notifications and other updates. Also you have update your recent postal address and so on.
SIFS INDIA, provides online education for certificate, Diploma, and PG Diploma courses in the Forensic Science discipline. The Forensic Science programmes are appropriate for all students of any discipline. The course is ideal for those who, whim to secure a stand-alone certification in Forensic Science and whose first degree is in an unrelated field. We aims to provide a thorough education in Forensic Science from a variety of perspectives with multiple dimensions.
After completion of the enrollment processes, a username and password would be generate and provide you through email to access e-books and study materials allied to your programme code within five working days.
Complete Learning of Statement (LOS)
In online education, lectures might be conducted online via Learning Management System (LMS) and instant chatting or messaging. Some course have ‘virtual’ classes; where the enrolled students participate through webcams sources. Through your unique username and password, students can access their profile, study materials, instructor guidance, assignments, quizzes, examination, scores, and so on.
Make important bookmark for future access
In Every LOS, we are constantly reviewing the latest study materials being the very finest course material now available for your programme code. We provides the modified technology inside the portal likewise; the bookmark option to build a specified learning process. Bookmark is also an advantageous for future access. Your learning methods would be helpful to choose objectives. Bookmark giving you the chance to study exactly; what you need in directive to improvement.
Make your own notes
Go Paperless! Online database are much easier than searching through paper files. LOS giving you the note preparation option at the time of study. It would be great method to create and deploy your own written notes for future admittance.
Take multiple quizzes for practice exam
LMS is the best virtual learning systems; to use their own login portal. Multiple quizzes are the most of the latest questions and updates related to the LOS. It would be flexible to practice for examination preparation.
Interact with your instructor for your queries.
Online learning system also provides a forum for discussion with instructor, where you can post and quickly ask your quarries, enhance and collaborate your learning experiences. It would be hard to mature a relationship with your online instructor, you may never meet, but it is worth the exertion to keep communicating and contacting through the online support system.
The assignment submission process diverges depending upon the course you enrolled. Assignment is definitely the indispensable thing in order to complete your programme. It comprises 5 questions with 1000 word limit. Assignment carries a 100% weightage for evaluation of examination. Some key instructions to get good grade in your assignment such as-
1. Read the study materials in depth from portal LOS.
2. Understand the assignment questions and keep within the word limit.
3. Write the assignments yourself which should be plagiarism free.
4. Complete the assignments in given duration and submit after date you will not able to access the assignment.
5. Write your answers in the appropriate format and add the references at the end of your assignment etc.
Online examination system is designed to offer you with an education wherever you are. There are a wide range multiple options. After the completion of the respective course duration, you would have access to your examination portal on the allotted date and time. In LMS examination procedure, you will allocated for examination in a particular time, so that you must give your examination in allocated date and time on your online examination portal.
Note: 1.You must have to complete your examination in given time period accordingly to your course instructor. You cannot attempt your examination twice.
2. If you are not able to attempt your examination, you must to inform your instructor prior the time period and give specific reason to conduct re-schedule examination date*.