©2019 by Cybercrime Forensics Training Center.


The gateway to becoming an Incident Handler

This course teaches students the foundational knowledge and hands-on skills needed to perform as an incident responder, competent in safely and securely collecting digital media following a time-tested, step-by-step process for responding to computer related incidents. Students will learn how to properly preserve volatile and non-volatile data, how to extract and preserve data in the cloud and how to extract and preserve data from large datasets. Students will get hands-on experience using several methods and tools to identify, protect, collect and preserve electronic evidence.

Learning Objectives

  • Explain basic forensic imaging principles

  • Prepare collection media

  • Apply key data network fundamentals, including the TCP/IP model and the role and significance of witness devices to the collection process

  • Collect data from witness devices

  • Collect volatile data from running systems using trusted tools

  • Create a forensic image of a hard drive using hardware or software-based imaging tools

  • Generate hash values for collected data and forensic images to enable proof of integrity

  • Collect and preserve data from the cloud

  • Collect and preserve data from remote locations

The materials within this course focus on the Knowledge Skills and Abilities (KSAs) identified within the specialty areas of the interactive National Cybersecurity Workforce Framework.