Digital Evidence Acquisition: Protecting your Case

Learn basic concepts of digital evidence acquisition, and how you can obtain and protect evidence relating to computers.
4.3 (2 ratings)
Instead of using a simple lifetime average, Udemy calculates a
course's star rating by considering a number of different factors
such as the number of ratings, the age of ratings, and the
likelihood of fraudulent ratings.
21 students enrolled
25% off
Take This Course
  • Lectures 7
  • Length 1 hour
  • Skill Level Beginner Level
  • Languages English
  • Includes Lifetime access
    30 day money back guarantee!
    Available on iOS and Android
    Certificate of Completion
Wishlisted Wishlist

How taking a course works


Find online courses made by experts from around the world.


Take your courses with you and learn anywhere, anytime.


Learn and practice real-world skills and achieve your goals.

About This Course

Published 7/2014 English

Course Description

This course provides an introduction to acquiring digital evidence relating to computer crimes. Tools of the trade will be identified and shown how to use in a forensically sound environment, that will protect evidence. Forensic images will be created and used to preview, files, obtain protected files, and mount disk images in order to find and retrieve evidence.

What are the requirements?

  • A computer connected to the internet
  • Old storage devices (to create images from)

What am I going to get from this course?

  • Use Forensic tools to view and obtain digital evidence
  • Perform forensic imaging of Hard disks
  • Mount disk images to perform forensic analysis

Who is the target audience?

  • Forensic Professionals working in law enforcement
  • Forensic consultants
  • Individuals interested in digital evidence collection, and computer forensics
  • First-Responders to a crime scene containing electronic devices

What you get with this course?

Not for you? No problem.
30 day money back guarantee.

Forever yours.
Lifetime access.

Learn on the go.
Desktop, iOS and Android.

Get rewarded.
Certificate of completion.


Section 1: Introduction to Evidence Acquisition

This video provides a quick overview of what the course will cover.

9 pages

These slides provide a brief introduction on what digital evidence is, where we can find it, why we might need it, and how to collect it. There is currently no commentary associated with these slides, so feel free to post questions you might have. The External Resource provides the link to the National Institute of Justice website with additional information regarding how digital evidence is defined.

12 pages

This presentation outlines roles and responsibilities associated with digital forensic investigations, based on the FORZA framework. Students will be able to identify the three majors roles relating specifically to digital evidence acquisition, and what those roles will accomplish in relation to investigations and evidence collection.

Section 2: Forensic Tool Tutorials

This tool enables the forensic investigator to obtain a memory dump from RAM of a computer that has been seized in conjunction with a crime. Caution: This tool must be used prior to shutting down the computer, otherwise whatever evidence might have been there will be lost.

MD5 Hashing tool

This is a brief tour of the interface to the FTK Imager lite tool.


This tutorial takes you through creating a disk image of evidence seized in an investigation. It also walks you through mounting the disk image for analysis.

Sections 1 and 2 Quiz
6 questions

Students Who Viewed This Course Also Viewed

  • Loading
  • Loading
  • Loading

Instructor Biography

Rob Robertson, Forensic Analyst

My current education includes: BA, in History from Portland State University (1993); MBA, from University of Portland (1997); Ph.D. in Information Systems, Security Emphasis (CNSS Certificate) from Nova Southeastern University (2003-2008); CEH (2010); CPT (2010); GCFE (2013); GCFA (2013).

Work in the Security field began in 2006, which includes teaching security courses with my current employer, Southern Utah University. I began teaching internet forensics and network forensics in 2013, after completing the GCFE and GCFA certifications. I also freelance in forensics and security as the opportunity arises.

Ready to start learning?
Take This Course