Useful Information
Tools
Semester Long Deep Dive
Module 1: Introduction to Digital Forensics

This module introduces a student to the world of digital forensics. It includes basic vocabulary, cyber crime descriptions, and provides an overview of the digital forensics process.


Associated Reading:
Supporting Materials:
Module 2: Evidence Basics

Module one introduced students to the basic definitions of digital forensics. Module two expands on this definition by elaborating on what digital evidence actually is from a physical/logical point of view. We will also explore digital evidence search and seizure.


Associated Reading:
Supporting Materials: In Class Exercises and Demonstrations
Module 3: Binary Translations

Module three marks the end of the review material and begins our more advanced topics. Understanding digital evidence is understanding binary data, the base system used by all digital devices. This section will seek to instill a deep understanding of this system so you can carry that knowledge forward to future modules.


Associated Reading:
Supporting Materials:
In Class Exercises and Demonstrations
Module 4: Digital Storage Basics

Understanding digital evidence is understanding basic computer storage, and this module concentrates on enhancing that understanding. This module will explore the very basics of computer storage including how binary is used to store useful information.


Associated Reading:
Supporting Materials:
Module 5: Imaging and Hashing

In digital forensic examinations the original evidence is typically not subjected to examination. Digital evidence is ephemeral and very fragile. Thus, the suspect’s devices are accessed as few times as possible, and a clone of the evidence is examined instead of the original. This module will examine this process and explain how it fits into the digital forensics process as a whole.


Associated Reading:
Supporting Materials:
In Class Exercises and Demonstrations
Module 6: File Structure and Metadata

In previous modules you have learned the true meaning of binary, how it is stored on digital media, and how it can be translated into useful information.This module will continue the exploration of this process by examining how binary information is organized into useful information inside of computer files. It will also explore a side effect of this formation called file metadata that is commonly used in digital investigations to ensure a more complete understanding of digital file storage.


Associated Reading:
Supporting Materials:
Module 7: Report Writting for Digital Forensics

The last phase of digital forensics is presentation. This phase is perhaps the most vital. A digital examiner’s results are useless unless they can be presented in a manner that can easily be understood by all parties involved. The module will introduce the student to a digital forensic report format that can be used for clear presentation of evidence.


Associated Reading:
Supporting Materials:
Module 8: Exploring File Systems

We have now explored the physical storage of bits. We have examined how those bits can form different types of information. We took a break from the highly technical and discussed how these bits are imaged and authenticated for use in court. A previous module then explored how these bits are organized on volumes for the storage of files. This module will go into more detail about basic disk layout, describe a side effect of bit storage called slack space, and present a few file systems to demonstrate real world examples.


Associated Reading:
Supporting Materials:
Module 9: The Levels of Data Recovery

Data recovery is part of the digital examiner’s job, but digital forensics is so much more. This module will, however, be focusing on data recovery. Data recovery is important to understand when determining the admissibility of evidence. It is also important to understand when explaining how you sanitize media before using it to image digital evidence. (Disk sanitation being the opposite of data recovery. )


Associated Reading:
Supporting Materials:
Module 10: Small Device Forensics


Associated Reading:
Supporting Materials:
Module 11: Application vs User Files


Associated Reading:
Supporting Materials:
Module 12: Digital Triage


Associated Reading:
Supporting Materials:
Module 13: Network Forensics


Associated Reading:
Supporting Materials:
Extra