IASP 430: Digital Forensics

[NSA/DHS CAE-CDE] Topics to Cover [NSA/DHS CAE-CDE] Knowledge Unit Covered?
  • Legal Compliance
    • Applicable Laws
    • Affidavits
    • How to Testify
    • Case Law
    • Chain of custody
  • Digital Investigations
    • E-Discovery
    • Authentication of Evidence
    • Chain of Custody Procedures
    • Metadata
    • Root Cause Analysis
    • Using Virtual Machines for Analysis
Digital Forensics ?
  • File Systems and File System Forensics
  • Hypervisor Analysis
  • Registry Analysis
  • Cryptanalysis
  • Rainbow Tables
  • Steganography
  • Networking Concepts, Services, Protocols
  • Operating Systems Concepts
  • Live System Investigations
  • (must include hands-on activities)
Host Forensics ?
  • Drive Acquisition
  • Authentication of Evidence
    • Verification and Validation
    • Hashes
  • Metadata
  • Live vs. Static Acquisition
  • Sparse vs. Full Imaging
  • Slack Space
  • Hidden Files/clusters/partitions
  • (must include hands-on activities)
Media Forensics Yes
  • HIPAA
  • FERPA
  • Sarbanes-Oxley
  • Understanding appropriate commercial standards
  • Knowing which standards apply to specific situations
  • Rainbow Series
IA Standards ?
  • Separation (of domains)
  • Isolation
  • Encapsulation
  • Least Privilege
  • Simplicity (of design)
  • Minimization (of implementation)
  • Fail Safe Defaults/Fail Secure
  • Modularity
  • Layering
  • Least Astonishment
  • Open Design
  • Usability
Fundamental Security Design Principles Yes
Learning Outcomes
  • Students shall be able to discuss the rules, laws, policies, and procedures that affect digital forensics
  • Students shall be able to use one or more common DF tools, such as EnCase, FTK, ProDiscover, Xways, SleuthKit.
  • Students will be able to describe the steps in performing digital forensics from the initial recognition of an incident through the steps of evidence gathering, preservation and analysis, through the completion of legal proceedings.
  • Students will be able to describe what can/cannot be retrieved from various OSes.
  • Students will be able to describe the methodologies used in host forensics.
  • Students will be able to describe methods and approaches for forensic analysis on specified media.
NICE Competency: Computer Forensics
NICE Competency: Computer Network Defense
NICE Competency: Criminal Law
NICE Competency: Encryption
NICE Competency: Forensics
NICE Competency: Hardware
NICE Competency: Incident Management
NICE Competency: Information Assurance
NICE Competency: Legal, Government, and Jurisprudence
NICE Competency: Operating Systems
NICE Competency: Vulnerabilities Assessment