DIGITAL MEDIA COLLECTION TRAINING
The gateway to becoming an Incident Handler
This course teaches students the foundational knowledge and hands-on skills needed to perform as an incident responder, competent in safely and securely collecting digital media following a time-tested, step-by-step process for responding to computer related incidents. Students will learn how to properly preserve volatile and non-volatile data, how to extract and preserve data in the cloud and how to extract and preserve data from large datasets. Students will get hands-on experience using several methods and tools to identify, protect, collect and preserve electronic evidence.
Explain basic forensic imaging principles
Prepare collection media
Apply key data network fundamentals, including the TCP/IP model and the role and significance of witness devices to the collection process
Collect data from witness devices
Collect volatile data from running systems using trusted tools
Create a forensic image of a hard drive using hardware or software-based imaging tools
Generate hash values for collected data and forensic images to enable proof of integrity
Collect and preserve data from the cloud
Collect and preserve data from remote locations
The materials within this course focus on the Knowledge Skills and Abilities (KSAs) identified within the specialty areas of the interactive National Cybersecurity Workforce Framework.