Course contents of Cyber Lab Examiner – II (CLE – II):
- Introduction to Computer Forensics
- Introduction to Investigations
- Areas involved in a forensic investigation
- Investigation awareness phase of a forensic investigation
- Principles of forensic computing
- The ‘Chain of Custody’ process
- Applying the chain of custody process
- Identification and Seizure
- Common electronic evidence devices
- Seizure process of electronic evidence
- Evidential items of interest
- Actions performed on an electronic device
- Understanding Electronic Data
- Multiple bits
- Large quantities of bytes in data storage
- Decimal, Hexadecimal, ASCII, Unicode
- Storage and File Systems
- Preparing a hard drive for data storage
- Physical disks, logical drives and Cloud Storage.
- Differences between data and metadata
- Common file system metadata
- The purpose of file systems
- Various file systems’ features
- Live Data, Deleted Data, Unallocated Data
- Forensic Acquisition
- Differences between a forensic image and a clone
- Hashing within the forensic acquisition process
- Common tools and hardware
- Forensic acquisition and verification of an electronic device
- Gathering the data from Cloud Storage
- Forensic Analysis Techniques
- Five possible analysis environments
- Recovering data from an electronic device using data carving
- Keyword searching
- Issues associated with data extraction
- Strengths and weaknesses of hash analysis
- Common file type specific metadata
- Date and time analysis
- Recovering Forensic Artefacts
- Windows registry
- Internet history
- Data Reduction Techniques
- Filtering data
- Hash analysis
- Data interpretation process
- Dangers of data reduction
- Filtering using date and time stamps
- The use of data reduction techniques
- Forensic Challenges
- Cloud Data Access
- Data wiping
- Data encryption
- Malicious software
- Reporting
- Purpose of forensic reporting
- Expected outcome of a forensic investigation
- Target audience
- Reporting methods
- Defence statements