• PA Consulting logo

Practical: Cyber Investigator

Gain practical skills in how to handle digital evidence and data collection to help kick start your career in cyber investigation.

A man with glasses looking at multiple computer screens.
  • Duration

    3 weeks
  • Weekly study

    3 hours

Put what you have learned into practice to develop your digital forensics skills

Almost every investigation: criminal, civil, corporate, HR, or security will include a digital element. It is vital that the investigator can correctly interpret and present the complex digital evidence so that it can withstand scrutiny – it may be the key that proves or disproves an investigation.

Once you have completed the courses on the Digital Forensics and Incident Response (DFIR) Expert Track, this four-week practical course will help you gain hands-on experience in using digital evidence.

You’ll learn how to put the five-phase investigation model into practice, with a focus on the identification and preservation of digital evidence.

Learn how to carry out data interpretation

The course will help you develop an understanding of the requirements for a digital investigation.

You’ll explore different scenarios to learn how to examine, recover, extract, and interpret data. This understanding will help you collect data in a forensically sound manner, translate raw data from sources that are compressed, encoded, or encrypted, and provide investigational context to the data.

You’ll also learn how to present your interpreted data in a way that can be understood by others.

Learn practical skills for dealing with digital evidence alongside PA Consulting

By the end of the course, you’ll be able to explain the importance of evidential and forensic integrity. You’ll know how data can be hidden from the investigator and be able to present complex digital matters that can withstand scrutiny.

Learning from Jim Metcalfe, a digital forensic investigator, cyber security incident responder, and expert witness at PA Consulting, you’ll finish the course with practical knowledge on how to handle digital evidence required for legal or disciplinary proceedings.

Syllabus

  • Week 1

    Practical Investigation - Introductions, Phases 1 & 2, Identification and Preservation

    • Welcome to ExpertTrack

      Welcome to our ExpertTrack Course

    • Welcome, Aims, Objectives and Motivations

      Welcome to the course! Your instructor is Jim Metcalfe, a Digital Forensics and Incident Response consultant at PA Consulting. Jim will assist you in the coming weeks responding to your questions and comments.

    • Investigation Process and Software

      Recap the 5 Phase investigation model and the value of each phase from a practical perspective. Explore the commercial investigation tools available and discuss their integrity compared to open source tools alternatives.

    • Phase 1 - Identification

      Assessing scenarios for and equipment as sources of potential digital evidence.

    • Phase 2 - Preservation

      Explaining that once seized or identified as a source of potential evidence, if and how can data be collected with demonstratable integrity.

    • Weekly knowledge check

      A short quiz on the subjects covered this week.

  • Week 2

    Practical Investigation - Phase 3, Examination

    • Introduction and Objectives

      Setting out the weekly objectives and how they contribute to the aim of the course.

    • Developing an effective examination strategy

      How the strategy can affect the results.

    • Data Reduction - Finding potential evidence

      We should now have the 'big picture', identified the available data, now we need to sift out the potential evidence.

    • Hiding Data

      Exploring why and how data can be hidden and revealed.

    • Databases

      How is data stored in databases and how do we examine it?

    • Data Recovery and Extraction

      A look at the concepts of recovering deleted and obfuscated data.

    • Weekly knowledge check

      A short quiz on the subjects covered this week

  • Week 3

    Practical Investigation - Phase 4 (Interpretation) and Phase 5 (Reporting)

    • Welcome to week three

      Welcome back to the third and final week.

    • Contextualising Data

      Data is just data without context.

    • Tracking User Activity

      Let us look at a typical series of user generated events and the artefacts that they create.

    • How to Report

      Reporting the findings of analysis in a clear, concise manner.

    • Moving on

      What are the next steps in your digital forensic journey?

Learning on this course

On every step of the course you can meet other learners, share your ideas and join in with active discussions in the comments.

What will you achieve?

By the end of the course, you‘ll be able to...

  • Explore the commercial investigation tools available and discuss their integrity compared to open source tools alternatives.
  • Assess scenarios for and equipment as sources of potential digital evidence.
  • Develop a practical understanding of how to collect data and maintain its integrity
  • Develop a hypothesis driven examination process
  • Explore the concepts of recovering deleted and obfuscated data
  • Summarise how to report the findings of analysis in a clear, concise manner.

Who is the course for?

This course is designed for anyone who has completed the Digital Forensics and Incident Response (DFIR) Expert Track.

It will help you gain practical experience in digital investigation and forensics.

Who will you learn with?

Jim is a digital forensic and incident response investigator working primarily in law enforcement casework, interpreting evidence from all types of digital platforms.

Who developed the course?

PA Consulting

An independent firm of over 2,600 people, we operate globally from offices across the Americas, Europe, the Nordics, the Gulf and Asia Pacific.

Learning on FutureLearn

Your learning, your rules

  • Courses are split into weeks, activities, and steps to help you keep track of your learning
  • Learn through a mix of bite-sized videos, long- and short-form articles, audio, and practical activities
  • Stay motivated by using the Progress page to keep track of your step completion and assessment scores

Join a global classroom

  • Experience the power of social learning, and get inspired by an international network of learners
  • Share ideas with your peers and course educators on every step of the course
  • Join the conversation by reading, @ing, liking, bookmarking, and replying to comments from others

Map your progress

  • As you work through the course, use notifications and the Progress page to guide your learning
  • Whenever you’re ready, mark each step as complete, you’re in control
  • Complete 90% of course steps and all of the assessments to earn your certificate

Want to know more about learning on FutureLearn? Using FutureLearn