Duration
3 weeksWeekly study
3 hours
Practical: Cyber Investigator
Put what you have learned into practice to develop your digital forensics skills
Almost every investigation: criminal, civil, corporate, HR, or security will include a digital element. It is vital that the investigator can correctly interpret and present the complex digital evidence so that it can withstand scrutiny – it may be the key that proves or disproves an investigation.
Once you have completed the courses on the Digital Forensics and Incident Response (DFIR) Expert Track, this four-week practical course will help you gain hands-on experience in using digital evidence.
You’ll learn how to put the five-phase investigation model into practice, with a focus on the identification and preservation of digital evidence.
Learn how to carry out data interpretation
The course will help you develop an understanding of the requirements for a digital investigation.
You’ll explore different scenarios to learn how to examine, recover, extract, and interpret data. This understanding will help you collect data in a forensically sound manner, translate raw data from sources that are compressed, encoded, or encrypted, and provide investigational context to the data.
You’ll also learn how to present your interpreted data in a way that can be understood by others.
Learn practical skills for dealing with digital evidence alongside PA Consulting
By the end of the course, you’ll be able to explain the importance of evidential and forensic integrity. You’ll know how data can be hidden from the investigator and be able to present complex digital matters that can withstand scrutiny.
Learning from Jim Metcalfe, a digital forensic investigator, cyber security incident responder, and expert witness at PA Consulting, you’ll finish the course with practical knowledge on how to handle digital evidence required for legal or disciplinary proceedings.
Syllabus
Week 1
Practical Investigation - Introductions, Phases 1 & 2, Identification and Preservation
Welcome to ExpertTrack
Welcome to our ExpertTrack Course
Welcome, Aims, Objectives and Motivations
Welcome to the course! Your instructor is Jim Metcalfe, a Digital Forensics and Incident Response consultant at PA Consulting. Jim will assist you in the coming weeks responding to your questions and comments.
Investigation Process and Software
Recap the 5 Phase investigation model and the value of each phase from a practical perspective. Explore the commercial investigation tools available and discuss their integrity compared to open source tools alternatives.
Phase 1 - Identification
Assessing scenarios for and equipment as sources of potential digital evidence.
Phase 2 - Preservation
Explaining that once seized or identified as a source of potential evidence, if and how can data be collected with demonstratable integrity.
Weekly knowledge check
A short quiz on the subjects covered this week.
Week 2
Practical Investigation - Phase 3, Examination
Introduction and Objectives
Setting out the weekly objectives and how they contribute to the aim of the course.
Developing an effective examination strategy
How the strategy can affect the results.
Data Reduction - Finding potential evidence
We should now have the 'big picture', identified the available data, now we need to sift out the potential evidence.
Hiding Data
Exploring why and how data can be hidden and revealed.
Databases
How is data stored in databases and how do we examine it?
Data Recovery and Extraction
A look at the concepts of recovering deleted and obfuscated data.
Weekly knowledge check
A short quiz on the subjects covered this week
Week 3
Practical Investigation - Phase 4 (Interpretation) and Phase 5 (Reporting)
Welcome to week three
Welcome back to the third and final week.
Contextualising Data
Data is just data without context.
Tracking User Activity
Let us look at a typical series of user generated events and the artefacts that they create.
How to Report
Reporting the findings of analysis in a clear, concise manner.
Moving on
What are the next steps in your digital forensic journey?
Learning on this course
On every step of the course you can meet other learners, share your ideas and join in with active discussions in the comments.
What will you achieve?
By the end of the course, you‘ll be able to...
- Explore the commercial investigation tools available and discuss their integrity compared to open source tools alternatives.
- Assess scenarios for and equipment as sources of potential digital evidence.
- Develop a practical understanding of how to collect data and maintain its integrity
- Develop a hypothesis driven examination process
- Explore the concepts of recovering deleted and obfuscated data
- Summarise how to report the findings of analysis in a clear, concise manner.
Who is the course for?
This course is designed for anyone who has completed the Digital Forensics and Incident Response (DFIR) Expert Track.
It will help you gain practical experience in digital investigation and forensics.
Who will you learn with?
Jim is a digital forensic and incident response investigator working primarily in law enforcement casework, interpreting evidence from all types of digital platforms.
Learning on FutureLearn
Your learning, your rules
- Courses are split into weeks, activities, and steps to help you keep track of your learning
- Learn through a mix of bite-sized videos, long- and short-form articles, audio, and practical activities
- Stay motivated by using the Progress page to keep track of your step completion and assessment scores
Join a global classroom
- Experience the power of social learning, and get inspired by an international network of learners
- Share ideas with your peers and course educators on every step of the course
- Join the conversation by reading, @ing, liking, bookmarking, and replying to comments from others
Map your progress
- As you work through the course, use notifications and the Progress page to guide your learning
- Whenever you’re ready, mark each step as complete, you’re in control
- Complete 90% of course steps and all of the assessments to earn your certificate
Want to know more about learning on FutureLearn? Using FutureLearn