Digital Forensics Essentials (DFE) from Coursera

What's inside

Syllabus

Computer Forensics Fundamentals

Computer forensics plays a vital role in the investigation and prosecution of cybercriminals. The process includes the acquisition, inspection, and reporting of information stored across computers and networks in relation to a civil or criminal incident. Forensic investigators are trained professionals who extract, analyze/investigate, and report crimes that either target technology or use it as a tool to commit a crime. This module discusses the role of computer forensics in today’s world.

Computer Forensics Investigation Process

One of the goals of performing a forensic investigation process is to have a better understanding of an incident by identifying and analyzing the evidence thereof. This module describes the different stages involved in the complete computer forensic investigation process and highlights the role of expert witnesses in solving a cybercrime case. It also outlines the importance of formal investigation reports presented in a court of law during a trial.

Understanding Hard Disks and File Systems

Storage devices such as Hard Disk Drives (HDDs) and Solid-State Drives (SSDs) are an important source of information during forensic investigation. The investigator should locate and protect the data collected from storage devices as evidence. Therefore, it is necessary for the investigator to have knowledge on the structure and behavior of storage devices. The file system is also important as the storage and distribution of the data in a device is dependent on the file system used. This module provides insight into hard disks and file systems.

Data Acquisition and Duplication

Data acquisition is the first proactive step in the forensic investigation process. Forensic data acquisition does not merely entail the copying of files from one device to another. Through forensic data acquisition, investigators aim to extract every bit of information present in the victim system’s memory and storage, in order to create a forensic copy of this information. Further, this forensic copy must be created in a manner such that integrity of the data is verifiably preserved and can be used as evidence in the court. This module discusses the fundamental concepts of data acquisition and the various steps involved in the data acquisition methodology.

Defeating Anti-forensics Techniques

After compromising a system, attackers often try to destroy or hide all traces of their activities; this makes forensic investigation extremely challenging for investigators. The use of various techniques by cyber-criminals to destroy or hide traces of illegal activities and hinder forensic investigation processes are referred to as anti-forensics. Forensic investigators need to overcome/defeat anti-forensics so that an investigation yields concrete and accurate evidence that helps identify and prosecute the perpetrators. This module outlines the fundamentals of anti-forensics techniques and elaborately discusses how forensic investigators can defeat them using various tools.

Windows Forensics

Windows forensics refers to investigation of cyber-crimes involving Windows machines. It involves gathering of evidence from a Windows machine so that the perpetrator(s) of a cybercrime can be identified and prosecuted. Windows is one of the most widely used OSes; therefore, the possibility of a Windows machine being involved in an incident is high. So, investigators must have a thorough understanding of the various components of a Windows OS such as the file system, registries, system files, and event logs where they can find data of evidentiary value. This module discusses how to collect and examine forensic evidence related to incidents of cybercrime on Windows machines.

Linux and Mac Forensics

Windows may be the most commonly used platform for forensic analysis owing to its popularity in enterprise systems. Several digital forensics tools exist for systems operating on Windows. However, when it comes to conducting forensics investigation on Linux and Mac systems, investigators are faced with a different kind of challenge. While the forensics techniques are the same, the tools used might differ. This module discusses how to collect and examine evidence related to incidents of cybercrime on Linux and MacOS–based machines.

Network Forensics

Network forensic investigation refers to the analysis of network security events (which include network attacks and other undesirable events that undermine the security of the network) for two broad purposes — to determine the causes of the network security events so that appropriate safeguards and countermeasures can be adopted, and to gather evidence against the perpetrators of the attack for presentation in the court of law. This module discusses the methods of investigating network traffic to locate suspicious packets and identify indicators of compromise (IoCs) from the analysis of various log files.

Investigating Web Attacks

Web applications allow users to access their resources through client-side programs such as web browsers. Some web applications may contain vulnerabilities that allow cyber criminals to launch application-specific attacks such as SQL Injection, cross site scripting, local file inclusion (LFI), command injection, etc., which cause either partial or complete damage of the underlying servers. Moreover, such attacks against web applications can lead to massive financial and reputational damage for organizations. In most cases, organizations are unable to trace the root cause of an attack, which leaves security loopholes for the attackers to exploit. This is where web application forensics assumes significance. This module discusses the procedure of web application forensics, various types of attacks on web servers and applications, and where to look for evidence during an investigation. Furthermore, it explains how to detect and investigate various types of web-based attacks.

Dark Web Forensics

The web has three layers: the surface web, the deep web, and the dark web. While the surface web and deep web are used for legitimate purposes, the dark web is mostly used by cyber criminals to perpetrate nefarious/antisocial activities. Access to the dark web requires the use of the Tor browser, which provides users with a high level of anonymity through a complex mechanism, thereby allowing criminals to hide their identities. This module outlines the fundamentals of dark web forensics, describes the workings of the Tor browser, and discusses steps to perform forensic investigation of the Tor browser.

Investigating Email Crimes

Over the past few decades, email services have been extensively used for communication all over the world for exchanging texts and multimedia messages. However, this has also made email a powerful tool for cybercriminals to spread malicious messages and perform illegal activities. The current module intends to familiarize you with the subject of email crimes and how they occur. It primarily focuses on the steps an investigator needs to follow in an email crime investigation.

Malware Forensics

Currently, malicious software, commonly called malware, is the most efficient tool for compromising the security of a computer or any other electronic device connected to the internet. This has become a menace owing to the rapid progress in technologies such as easy encryption and data-hiding techniques. Malware is the major source of various cyber-attacks and internet security threats; therefore, computer forensic analysts need to have the expertise to deal with them. This module elaborately discusses the different types of malware, malware forensics fundamentals, and different types of malware analysis that investigators can perform to examine the malicious code and determine how the malware interacts with the system resources and the network during the runtime.

Good to know

Know what's good

, what to watch for

, and possible dealbreakers

Provides valuable knowledge and skills for professionals in digital forensics and information security

The hands-on labs component ensures practical experience in digital forensics

Introduces learners to the basics of computer forensics and investigation process

Covers a wide range of topics, including network forensics, web attacks, and malware forensics

Taught by EC-Council, a respected organization in information security

Certification upon completion provides formal recognition and credibility

Activities

Be better prepared before your course. Deepen your understanding during and after it. Supplement your coursework and achieve mastery of the topics covered in Digital Forensics Essentials (DFE) with these activities:

Revisit Networks and Security Concepts

Show steps

Review essential computer networks and security concepts to reinforce your foundational knowledge and prepare for this course's advanced topics.

Browse courses on Networks

Show steps

Practice basic network troubleshooting techniques
Review the OSI model and TCP/IP protocol suite
Refresh your knowledge of network security threats and vulnerabilities

Join a digital forensics study group

Show steps

Engage with peers to discuss course concepts, share insights, and work through challenges together.

Browse courses on Collaboration

Show steps

Identify potential study partners
Establish a regular meeting schedule
Create a structured study plan

Attend a digital forensics conference

Show steps

Network with experts and learn about the latest advancements in digital forensics.

Browse courses on Digital Forensics

Show steps

Research upcoming digital forensics conferences
Register and attend the conference

Ten other activities

Expand to see all activities and additional details

Show all 13 activities

Read 'Digital Forensics with Open Source Tools'

Show steps

Gain insights into open-source tools and techniques used in digital forensics investigations.

View Digital Forensics with Open Source Tools on Amazon

Show steps

Read chapters on open-source forensic tools
Experiment with tools such as Autopsy and The Sleuth Kit

Form a Study Group with Classmates

Show steps

Collaborate with classmates, discuss course concepts, and reinforce your understanding through peer-to-peer interactions.

Browse courses on Collaboration

Show steps

Identify classmates who are interested in forming a study group
Establish regular meeting times and a communication platform
Take turns leading discussions and sharing insights

Practice encryption and decryption techniques

Show steps

Practice basic encryption and decryption techniques to refresh your skills and strengthen your understanding of secure communications.

Browse courses on Encryption Techniques

Show steps

Review fundamental encryption algorithms (e.g., AES, RSA)
Implement encryption and decryption functions in a programming language
Experiment with different encryption modes (e.g., ECB, CBC)

Analyze Sample Forensic Images

Show steps

Gain practical experience by examining mock forensic images to develop your analytical and investigative skills.

Browse courses on Forensic Analysis

Show steps

Obtain and mount a sample forensic image
Use forensic tools to extract and analyze evidence
Write a report summarizing your findings

Practice Windows forensics techniques

Show steps

Enhance your Windows forensics skills through repetitive exercises and simulations.

Browse courses on Windows Forensics

Show steps

Use forensic tools to recover deleted files and artifacts
Analyze Windows registry and event logs
Extract evidence from Windows memory

Develop a Digital Forensics Plan

Show steps

Create a comprehensive plan to guide your approach to digital forensic investigations and incident response.

Browse courses on Digital Forensics

Show steps

Define the scope and objectives of your forensic plan
Outline the steps involved in a forensic investigation
Identify the tools and resources required
Establish protocols for evidence handling and analysis
Develop a reporting and documentation strategy

Explore network forensics resources

Show steps

Follow online tutorials and documentation to gain hands-on experience in network forensics techniques.

Browse courses on Network Forensics

Show steps

Read introductory articles and blog posts on network forensics
Use Wireshark or other network analysis tools to capture and analyze network traffic
Identify and investigate suspicious network activities

Attend a Local Forensics Meetup Group

Show steps

Connect with professionals in the field, learn about industry trends, and expand your knowledge through discussions and presentations.

Browse courses on Forensics

Show steps

Identify and join a local forensics meetup group
Attend monthly or quarterly meetings
Engage in discussions, ask questions, and share your insights

Develop a malware analysis report

Show steps

Conduct a detailed analysis of a malware sample and document your findings in a comprehensive report.

Browse courses on Malware Analysis

Show steps

Obtain a malware sample from a reputable source
Use forensic tools to analyze the malware's behavior
Identify the malware's type, functionality, and potential impact
Write a report summarizing your findings and recommendations

Build a Virtual Forensic Lab

Show steps

Gain hands-on experience and develop a deeper understanding of forensic tools and techniques by setting up your virtual lab.

Browse courses on Virtualization

Show steps

Choose a virtualization platform and install it
Install and configure forensic software
Create a virtual environment for practicing forensic techniques
Use the lab to conduct mock investigations

Career center

Learners who complete Digital Forensics Essentials (DFE) will develop knowledge and skills that may be useful to these careers:

Digital Forensics Investigator

Digital forensics investigators are responsible for investigating cybercrime and other digital crimes. They use their knowledge of computer forensics to collect, analyze, and interpret digital evidence. This course provides a comprehensive overview of the digital forensics investigation process, from evidence acquisition to report writing. It also covers a wide range of topics, including hard disk and file system analysis, data acquisition and duplication, and Windows forensics. This course would be an excellent foundation for anyone looking to enter the field of digital forensics.

See salaries and explore the career path for Digital Forensics Investigator

Computer Forensics Analyst

Computer forensics analysts are highly trained professionals who are responsible for collecting, analyzing, and interpreting digital evidence in a variety of legal cases. This course provides a comprehensive overview of the computer forensics investigation process, from evidence acquisition to report writing. It also covers a wide range of topics, including hard disk and file system analysis, data acquisition and duplication, and Windows forensics. This course would be an excellent foundation for anyone looking to enter the field of computer forensics.

See salaries and explore the career path for Computer Forensics Analyst

Information Security Analyst

Information security analysts are responsible for protecting the confidentiality, integrity, and availability of information. They use their knowledge of computer forensics to investigate cybercrimes and identify vulnerabilities in systems. This course provides a comprehensive overview of the computer forensics investigation process, from evidence acquisition to report writing. It also covers a wide range of topics, including hard disk and file system analysis, data acquisition and duplication, and Windows forensics. This course would be an excellent foundation for anyone looking to enter the field of information security.

See salaries and explore the career path for Information Security Analyst

Cybersecurity Analyst

Cybersecurity analysts are responsible for protecting computer systems and networks from cyberattacks. They use their knowledge of computer forensics to investigate cybercrimes and identify vulnerabilities in systems. This course provides a comprehensive overview of the computer forensics investigation process, from evidence acquisition to report writing. It also covers a wide range of topics, including hard disk and file system analysis, data acquisition and duplication, and Windows forensics. This course would be an excellent foundation for anyone looking to enter the field of cybersecurity.

See salaries and explore the career path for Cybersecurity Analyst

Network Security Engineer

Network security engineers are responsible for designing, implementing, and maintaining network security systems. They use their knowledge of computer forensics to investigate cybercrimes and identify vulnerabilities in networks. This course provides a comprehensive overview of the computer forensics investigation process, from evidence acquisition to report writing. It also covers a wide range of topics, including hard disk and file system analysis, data acquisition and duplication, and Windows forensics. This course would be an excellent foundation for anyone looking to enter the field of network security.

See salaries and explore the career path for Network Security Engineer

Incident Responder

Incident responders are responsible for responding to and investigating cyberattacks. They use their knowledge of computer forensics to collect, analyze, and interpret digital evidence. This course provides a comprehensive overview of the computer forensics investigation process, from evidence acquisition to report writing. It also covers a wide range of topics, including hard disk and file system analysis, data acquisition and duplication, and Windows forensics. This course would be an excellent foundation for anyone looking to enter the field of incident response.

See salaries and explore the career path for Incident Responder

Malware Analyst

Malware analysts are responsible for analyzing malware and developing countermeasures to protect computer systems. They use their knowledge of computer forensics to investigate cybercrimes and identify vulnerabilities in systems. This course provides a comprehensive overview of the computer forensics investigation process, from evidence acquisition to report writing. It also covers a wide range of topics, including hard disk and file system analysis, data acquisition and duplication, and Windows forensics. This course would be an excellent foundation for anyone looking to enter the field of malware analysis.

See salaries and explore the career path for Malware Analyst

Vulnerability Researcher

Vulnerability researchers are responsible for identifying and reporting vulnerabilities in computer systems. They use their knowledge of computer forensics to investigate cybercrimes and identify vulnerabilities in systems. This course provides a comprehensive overview of the computer forensics investigation process, from evidence acquisition to report writing. It also covers a wide range of topics, including hard disk and file system analysis, data acquisition and duplication, and Windows forensics. This course would be an excellent foundation for anyone looking to enter the field of vulnerability research.

See salaries and explore the career path for Vulnerability Researcher

Forensic Accountant

Forensic accountants are responsible for investigating financial crimes. They use their knowledge of computer forensics to collect, analyze, and interpret digital evidence. This course provides a comprehensive overview of the computer forensics investigation process, from evidence acquisition to report writing. It also covers a wide range of topics, including hard disk and file system analysis, data acquisition and duplication, and Windows forensics. This course would be an excellent foundation for anyone looking to enter the field of forensic accounting.

See salaries and explore the career path for Forensic Accountant

Penetration Tester

Penetration testers are responsible for testing the security of computer systems and networks. They use their knowledge of computer forensics to identify vulnerabilities in systems. This course provides a comprehensive overview of the computer forensics investigation process, from evidence acquisition to report writing. It also covers a wide range of topics, including hard disk and file system analysis, data acquisition and duplication, and Windows forensics. This course would be an excellent foundation for anyone looking to enter the field of penetration testing.

See salaries and explore the career path for Penetration Tester

Ethical Hacker

Ethical hackers are responsible for testing the security of computer systems and networks. They use their knowledge of computer forensics to identify vulnerabilities in systems. This course provides a comprehensive overview of the computer forensics investigation process, from evidence acquisition to report writing. It also covers a wide range of topics, including hard disk and file system analysis, data acquisition and duplication, and Windows forensics. This course would be an excellent foundation for anyone looking to enter the field of ethical hacking.

See salaries and explore the career path for Ethical Hacker

Law Enforcement Investigator

Law enforcement investigators are responsible for investigating crimes. They use their knowledge of computer forensics to collect, analyze, and interpret digital evidence. This course provides a comprehensive overview of the computer forensics investigation process, from evidence acquisition to report writing. It also covers a wide range of topics, including hard disk and file system analysis, data acquisition and duplication, and Windows forensics. This course would be an excellent foundation for anyone looking to enter the field of law enforcement.

See salaries and explore the career path for Law Enforcement Investigator

Security Consultant

Security consultants are responsible for advising organizations on how to protect their computer systems and networks from cyberattacks. They use their knowledge of computer forensics to identify vulnerabilities in systems and develop security solutions. This course provides a comprehensive overview of the computer forensics investigation process, from evidence acquisition to report writing. It also covers a wide range of topics, including hard disk and file system analysis, data acquisition and duplication, and Windows forensics. This course would be an excellent foundation for anyone looking to enter the field of security consulting.

See salaries and explore the career path for Security Consultant

Intelligence Analyst

Intelligence analysts are responsible for collecting, analyzing, and interpreting information to provide insights into national security threats. They use their knowledge of computer forensics to collect, analyze, and interpret digital evidence. This course provides a comprehensive overview of the computer forensics investigation process, from evidence acquisition to report writing. It also covers a wide range of topics, including hard disk and file system analysis, data acquisition and duplication, and Windows forensics. This course would be an excellent foundation for anyone looking to enter the field of intelligence analysis.

See salaries and explore the career path for Intelligence Analyst

Risk Analyst

Risk analysts are responsible for identifying and assessing risks to organizations. They use their knowledge of computer forensics to identify vulnerabilities in systems and develop risk management plans. This course provides a comprehensive overview of the computer forensics investigation process, from evidence acquisition to report writing. It also covers a wide range of topics, including hard disk and file system analysis, data acquisition and duplication, and Windows forensics. This course would be an excellent foundation for anyone looking to enter the field of risk analysis.

See salaries and explore the career path for Risk Analyst

Digital Forensics Essentials (DFE)

What's inside

Syllabus

Good to know

Save this course

Activities

Career center

Reading list

Share

Similar courses