This course provides an introduction to acquiring digital evidence relating to computer crimes. Tools of the trade will be identified and shown how to use in a forensically sound environment, that will protect evidence. Forensic images will be created and used to preview, files, obtain protected files, and mount disk images in order to find and retrieve evidence.
This video provides a quick overview of what the course will cover.
These slides provide a brief introduction on what digital evidence is, where we can find it, why we might need it, and how to collect it. There is currently no commentary associated with these slides, so feel free to post questions you might have. The External Resource provides the link to the National Institute of Justice website with additional information regarding how digital evidence is defined.
This presentation outlines roles and responsibilities associated with digital forensic investigations, based on the FORZA framework. Students will be able to identify the three majors roles relating specifically to digital evidence acquisition, and what those roles will accomplish in relation to investigations and evidence collection.
This tool enables the forensic investigator to obtain a memory dump from RAM of a computer that has been seized in conjunction with a crime. Caution: This tool must be used prior to shutting down the computer, otherwise whatever evidence might have been there will be lost.
This is a brief tour of the interface to the FTK Imager lite tool.
This tutorial takes you through creating a disk image of evidence seized in an investigation. It also walks you through mounting the disk image for analysis.
My current education includes: BA, in History from Portland State University (1993); MBA, from University of Portland (1997); Ph.D. in Information Systems, Security Emphasis (CNSS Certificate) from Nova Southeastern University (2003-2008); CEH (2010); CPT (2010); GCFE (2013); GCFA (2013).
Work in the Security field began in 2006, which includes teaching security courses with my current employer, Southern Utah University. I began teaching internet forensics and network forensics in 2013, after completing the GCFE and GCFA certifications. I also freelance in forensics and security as the opportunity arises.