This course provides an introduction to the principles and practices of digital forensics.
We will explore the steps in the acquisition, preservation, analysis, and courtroom presentation of digital evidence. We'll see how this information can be recovered from many sources, including file systems, operating systems, networks, database systems, applications, media files, and embedded systems. We'll learn about existing tools for digital forensics, such as The Sleuth Kit and Wireshark, and we'll learn to write our own. We will also explore more advanced topics, such as anti-forensics, timeline generation, and authorship attribution.
Instructor: Marc Liberatore