Digital Forensics
The intent of the Digital Forensics Knowledge Unit is to provide students with the skills to apply forensics techniques throughout an investigation life cycle with a focus on complying with legal requirements.
Topics
- Legal Compliance
a. Applicable Laws
b. Affidavits
c. How to Testify
d. Case Law
e. Chain of custody
- Digital Investigations
a. E-Discovery
b. Authentication of Evidence
c. Chain of Custody Procedures
d. Metadata
e. Root Cause Analysis
f. Using Virtual Machines for Analysis
- Legal Compliance
- Describe the steps in performing digital forensics from the initial recognition of an incident through the steps of evidence gathering, preservation and analysis, through the completion of legal proceedings.
- e. Root Cause Analysis
- Legal Compliance a. Applicable Laws
- Root Cause Analysis
- Using Virtual Machines for Analysis
- Discuss the rules, laws, policies, and procedures that affect digital forensics
- Use one or more common DF tools, such as EnCase, FTK, ProDiscover, Xways, SleuthKit.
- Digital Investigations
- Legal Compliance
Outcomes
- Discuss the rules, laws, policies, and procedures that affect digital forensics
- Use one or more common DF tools, such as EnCase, FTK, ProDiscover, Xways, SleuthKit.
- Describe the steps in performing digital forensics from the initial recognition of an incident through the steps of evidence gathering, preservation and analysis, through the completion of legal proceedings.
- Digital Investigations
- Legal Compliance
- Legal Compliance
KSA-T
Below are the Knowledge, Skills, Abilities and Tasks (KSA-T) identified as being required to perform this work role.
Learn More about the KAS-T's.
| ID |
DESCRIPTION |
| K0017 |
Knowledge of concepts and practices of processing digital forensic data. |
| K0107 |
Knowledge of Insider Threat investigations, reporting, investigative tools and laws/regulations. |
| K0003 |
Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy. |
| K0155 |
Knowledge of electronic evidence law. |
| K0351 |
Knowledge of applicable statutes, laws, regulations and policies governing cyber targeting and exploitation. |
| K0156 |
Knowledge of legal rules of evidence and court procedure. |
| K0043 |
Knowledge of industry-standard and organizationally accepted analysis principles and methods. |
| K0343 |
Knowledge of root cause analysis techniques. |
| K0118 |
Knowledge of processes for seizing and preserving digital evidence. |
| K0123 |
Knowledge of legal governance related to admissibility (e.g. Rules of Evidence). |
| K0125 |
Knowledge of processes for collecting, packaging, transporting, and storing electronic evidence while maintaining chain of custody. |
| ID |
DESCRIPTION |
| S0047 |
Skill in preserving evidence integrity according to standard operating procedures or national standards. |
| S0075 |
Skill in conducting forensic analyses in multiple operating system environments (e.g., mobile device systems). |
| S0109 |
Skill in identifying hidden patterns or relationships. |
| S0175 |
Skill in performing root cause analysis. |
| ID |
DESCRIPTION |
| A0046 |
Ability to monitor and assess the potential impact of emerging technologies on laws, regulations, and/or policies. |
