This course is part of the Cybersecurity Attack and Defense Fundamentals Specialization

4.9

stars

11 ratings

EC-Council

1,985 already enrolled

Offered By

Cybersecurity Attack and Defense Fundamentals SpecializationEC-Council

About this Course

41,639 recent views

Digital Forensics Essentials helps learners increase their competency and expertise in digital forensics and information security skills, thereby adding value to their workplace and employer. 
This course will introduce learners to Computer Forensics Fundamentals as well as the Computer Forensics Investigation Process. Plan to learn about Dark Web, Windows, Linux, Malware Forensics, and so much more! The interactive labs component of this course ensures that learners receive the hands-on, practical experience required for a future in digital forensics.

DFE-certified learners have an assured means of formal recognition to add to their resumes and show off their expertise and skills to prospective employers. This improves their prospects for employment advancement, higher salaries, and greater job satisfaction.

Flexible deadlines

Reset deadlines in accordance to your schedule.

Shareable Certificate

Earn a Certificate upon completion

100% online

Start instantly and learn at your own schedule.

Coursera Labs

Includes hands on learning projects.

Learn more about Coursera Labs

Course 3 of 3 in the

Cybersecurity Attack and Defense Fundamentals Specialization

Beginner Level

Approx. 25 hours to complete

English

Could your company benefit from training employees on in-demand skills?

Try Coursera for Business

What you will learn

Network forensics fundamentals, event correlation, and network traffic investigation
Data acquisition concepts, types, format, and methodology
Computer forensics investigation process and its phases
Fundamental concepts of computer forensics

Skills you will gain

Digital Forensics
Computer Forensics

Flexible deadlines

Reset deadlines in accordance to your schedule.

Shareable Certificate

Earn a Certificate upon completion

100% online

Start instantly and learn at your own schedule.

Coursera Labs

Includes hands on learning projects.

Learn more about Coursera Labs

Course 3 of 3 in the

Cybersecurity Attack and Defense Fundamentals Specialization

Beginner Level

Approx. 25 hours to complete

English

Could your company benefit from training employees on in-demand skills?

Try Coursera for Business

Instructor

EC-Council

14,084 Learners

5 Courses

Offered by

EC-Council

Best known for the Certified Ethical Hacker program, EC-Council builds individual and team/organization cyber capabilities through the Certified Ethical Hacker Program and other programs including Certified Secure Computer User, Computer Hacking Forensic Investigator, Certified Security Analyst, Certified Network Defender, Certified SOC Analyst, Certified Threat Intelligence Analyst, Certified Incident Handler, as well as the Certified Chief Information Security Officer.

See how employees at top companies are mastering in-demand skills

Learn more about Coursera for Business

Syllabus - What you will learn from this course

Week1

Week 1

3 hours to complete

Module 01: Computer Forensics Fundamentals

Computer forensics plays a vital role in the investigation and prosecution of cybercriminals. The process includes the acquisition, inspection, and reporting of information stored across computers and networks in relation to a civil or criminal incident. Forensic investigators are trained professionals who extract, analyze/investigate, and report crimes that either target technology or use it as a tool to commit a crime. This module discusses the role of computer forensics in today’s world.

3 hours to complete

8 videos (Total 75 min)

8 videos

Course Introduction5mVideo 1.1: Introduction1mVideo 1.2: Understanding the Fundamentals of Computer Forensics7mVideo 1.3: Understanding Different Types of Cybercrimes6mVideo 1.4: Overview of Different Types of Digital Evidence and Rules of Evidence29m Video 1.5: Understanding Forensic Readiness Planning and Business Continuity12m Video 1.6: Understanding the Roles and Responsibilities of a Forensic Investigator8m Video 1.7: Understanding the Legal Compliance in Computer Forensics3m

7 practice exercises

Video 1.2: Quiz10mVideo 1.3: Quiz10mVideo 1.4: Quiz10m Video 1.5: Quiz10m Video 1.6: Quiz10m Video 1.7: Quiz10mModule 01 - Quiz20m

2 hours to complete

Module 02: Computer Forensics Investigation Process

One of the goals of performing a forensic investigation process is to have a better understanding of an incident by identifying and analyzing the evidence thereof. This module describes the different stages involved in the complete computer forensic investigation process and highlights the role of expert witnesses in solving a cybercrime case. It also outlines the importance of formal investigation reports presented in a court of law during a trial.

2 hours to complete

5 videos (Total 51 min)

5 videos

Video 2.1: Introduction1m Video 2.2: Understanding the Forensic Investigation Process and its Importance7m Video 2.3: Understanding the Pre-investigation Phase12mVideo 2.4: Understanding the Investigation Phase17mVideo 2.5: Understanding the Post-investigation Phase12m

5 practice exercises

Video 2.2: Quiz10m Video 2.3: Quiz10mVideo 2.4: Quiz10mVideo 2.5: Understanding the Post-investigation Phase - Quiz10mModule 02 - Quiz20m

Week2

Week 2

3 hours to complete

Module 03: Understanding Hard Disks and File Systems

Storage devices such as Hard Disk Drives (HDDs) and Solid-State Drives (SSDs) are an important source of information during forensic investigation. The investigator should locate and protect the data collected from storage devices as evidence. Therefore, it is necessary for the investigator to have knowledge on the structure and behavior of storage devices. The file system is also important as the storage and distribution of the data in a device is dependent on the file system used. This module provides insight into hard disks and file systems.

3 hours to complete

6 videos (Total 134 min)

6 videos

Video 3.1: Introduction1mVideo 3.2: Understanding Different Types of Storage Drives and their Characteristics27mVideo 3.3: Understanding the Logical Structure of a Disk30mVideo 3.4: Understanding the Booting Process of Windows, Linux, and Mac Operating Systems38mVideo 3.5: Overview of various File Systems of Windows, Linux, and Mac Operating Systems29mVideo 3.6: Analyzing File Systems using Autopsy and The Sleuth Kit5m

6 practice exercises

Video 3.2: Quiz10mVideo 3.3: Quiz10mVideo 3.4: Quiz10mVideo 3.5: Quiz10mVideo 3.6: Quiz10mModule 03 - Quiz20m

2 hours to complete

Module 04: Data Acquisition and Duplication

Data acquisition is the first proactive step in the forensic investigation process. Forensic data acquisition does not merely entail the copying of files from one device to another. Through forensic data acquisition, investigators aim to extract every bit of information present in the victim system’s memory and storage, in order to create a forensic copy of this information. Further, this forensic copy must be created in a manner such that integrity of the data is

2 hours to complete

5 videos (Total 39 min)

5 videos

Video 4.1: Introduction1mVideo 4.2: Understanding the Data Acquisition Fundamentals8mVideo 4.3: Understanding the Different Types of Data Acquisition4mVideo 4.4: Understanding the Data Acquisition Format5mVideo 4.5: Understanding the Data Acquisition Methodology19m

5 practice exercises

Video 4.2: Quiz10mVideo 4.3: Understanding the Different Types of Data Acquisition - Quiz10mVideo 4.4: Quiz10mVideo 4.5: Quiz10mModule 04 - Quiz20m

Week3

Week 3

2 hours to complete

Module 05: Defeating Anti-forensics Techniques

After compromising a system, attackers often try to destroy or hide all traces of their activities; this makes forensic investigation extremely challenging for investigators. The use of various techniques by cyber-criminals to destroy or hide traces of illegal activities and hinder forensic investigation processes are referred to as anti-forensics. Forensic investigators need to overcome/defeat anti-forensics so that an investigation yields concrete and accurate evidence that helps identify and prosecute the perpetrators. This module outlines the fundamentals of anti-forensics techniques and elaborately discusses how forensic investigators can defeat them using various tools.

2 hours to complete

8 videos (Total 51 min)

8 videos

Video 5.1: Introduction1mVideo 5.2: Understanding the Anti-forensics Techniques2mVideo 5.3: Understanding the Data Deletion and Recycle Bin Forensics10mVideo 5.4: Overview of File Carving Techniques and Ways to Recover Evidence from Deleted Partitions10mVideo 5.5: Understanding the Password Cracking/Bypassing Techniques4mVideo 5.6: Understanding How to Detect Steganography, Hidden Data in File System Structures, and Trail Obfuscation8mVideo 5.7: Understanding the Techniques of Artifact Wiping, Overwritten Data/ Metadata Detection, and Encryption7m Video 5.8: Overview of Anti-forensics Countermeasures and Anti-forensics Tools4m

8 practice exercises

Video 5.2: Quiz10mVideo 5.3: Quiz10mVideo 5.4: Quiz10mVideo 5.5: Quiz10mVideo 5.6: Quiz10mVideo 5.7: Quiz10m Video 5.8: Quiz10mModule 05 - Quiz20m

2 hours to complete

Module 06: Windows Forensics

Windows forensics refers to investigation of cyber-crimes involving Windows machines. It involves gathering of evidence from a Windows machine so that the perpetrator(s) of a cybercrime can be identified and prosecuted. Windows is one of the most widely used OSes; therefore, the possibility of a Windows machine being involved in an incident is high. So, investigators must have a thorough understanding of the various components of a Windows OS such as the file system, registries, system files, and event logs where they can find data of evidentiary value. This module discusses how to collect and examine forensic evidence related to incidents of cybercrime

2 hours to complete

5 videos (Total 64 min)

5 videos

Video 6.1: Introduction1mVideo 6.2: Understanding the Collection Of Volatile and Non-volatile Information23mVideo 6.3: Understanding the Windows Memory and Registry Analysis16mVideo 6.4: Understanding How to Examine Cache, Cookie, and History Recorded in Web Browsers6mVideo 6.5: Understanding How to Examine Windows Files and Metadata16m

5 practice exercises

Video 6.2: Quiz10mVideo 6.3: Quiz10mVideo 6.4: Quiz10mVideo 6.5: Quiz10mModule 06 - Quiz20m

Week4

Week 4

2 hours to complete

Module 07: Linux and Mac Forensics

Windows may be the most commonly used platform for forensic analysis owing to its popularity in enterprise systems. Several digital forensics tools exist for systems operating on Windows. However, when it comes to conducting forensics investigation on Linux and Mac systems, investigators are faced with a different kind of challenge. While the forensics techniques are the same, the tools used might differ. This module discusses how to collect and examine evidence related to incidents of cybercrime on Linux and MacOS–based machines.

2 hours to complete

5 videos (Total 59 min)

5 videos

Video 7.1: Introduction1mVideo 7.2: Understanding the Volatile and Non-Volatile Data in Linux30mVideo 7.3: Understanding the Filesystem Images Analysis using The Sleuth Kit2mVideo 7.4: Understanding the Memory Forensics using Volatility and PhotoRec6mVideo 7.5: Understanding the Mac Forensics18m

5 practice exercises

Video 7.2: Quiz10mVideo 7.3: Quiz10mVideo 7.4: Quiz10mVideo 7.5: Quiz10mModule 07 - Quiz20m

2 hours to complete

Module 08: Network Forensics

Network forensic investigation refers to the analysis of network security events (which include network attacks and other undesirable events that undermine the security of the network) for two broad purposes — to determine the causes of the network security events so that appropriate safeguards and countermeasures can be adopted, and to gather evidence against the perpetrators of the attack for presentation in the court of law. This module discusses the methods of investigating network traffic to locate suspicious packets and identify indicators of compromise (IoCs) from the analysis of various log files.

2 hours to complete

6 videos (Total 56 min)

6 videos

Video 8.1: Introduction1mVideo 8.2: Understanding the Network Forensics Fundamentals1mVideo 8.3: Understanding the Logging Fundamentals11mVideo 8.4: Understanding the Event Correlation Concepts8mVideo 8.5: Overview of Identifying Indicators of Compromise (IoCs) from Network Logs16mVideo 8.6: Understanding How to Investigate Network Traffic15m

6 practice exercises

Video 8.2: Quiz10mVideo 8.3: Quiz10mVideo 8.4: Quiz10mVideo 8.5: Quiz10mVideo 8.6: Quiz10mModule 08 - Quiz20m

Week5

Week 5

2 hours to complete

Module 09: Investigating Web Attacks

Web applications allow users to access their resources through client-side programs such as web browsers. Some web applications may contain vulnerabilities that allow cyber criminals to launch application-specific attacks such as SQL Injection, cross site scripting, local file inclusion (LFI), command injection, etc., which cause either partial or complete damage of the underlying servers.

Moreover, such attacks against web applications can lead to massive financial and reputational damage for organizations. In most cases, organizations are unable to trace the root cause of an attack, which leaves security loopholes for the attackers to exploit. This is where web application forensics assumes significance. This module discusses the procedure of web application forensics, various types of attacks on web servers and applications, and where to look for evidence during an investigation. Furthermore, it explains how to detect and investigate various types of web-based attacks.

2 hours to complete

6 videos (Total 53 min)

6 videos

Video 9.1: Introduction1mVideo 9.2: Understanding the Web Application Forensics15mVideo 9.3: Understanding the Internet Information Services (IIS) Logs9mVideo 9.4: Understanding the Apache Web Server Logs7mVideo 9.5: Overview of Web Attacks on Windows-based Servers4mVideo 9.6: Understanding How to Detect and Investigate various Attacks on Web Applications15m

6 practice exercises

Video 9.2: Quiz10mVideo 9.3: Quiz10mVideo 9.4: Quiz10mVideo 9.5: Quiz10mVideo 9.6: Quiz10mModule 09 - Quiz20m

1 hour to complete

Module 10: Dark Web Forensics

The web as three layers: the surface web, deep web, and dark web. While the surface web and deep web are used for legitimate purposes, the dark web is mostly used by cyber criminals to perpetrate nefarious/antisocial activities. Access to the dark web requires the use of the Tor browser, which provides users a high level of anonymity through a complex mechanism, thereby allowing criminals to hide their identities.

1 hour to complete

5 videos (Total 19 min)

Week6

Week 6

1 hour to complete

Module 11: Investigating Email Crimes

Over the past few decades, email services have been extensively used for communication all over the world for exchanging texts and multimedia messages. However, this has also made email a powerful tool for cybercriminals to spread malicious messages and perform illegal activities. The current module intends to familiarize you with the subject of email crimes and how they occur. It primarily focuses on the steps an investigator needs to follow in an email crime investigation.

1 hour to complete

5 videos (Total 29 min)

5 videos

Video 11.1: Introduction1mVideo 11.2: Understanding the Email System1mVideo 11.3: Understanding the Components Involved in Email Communication4mVideo 11.4: Understanding the Parts of an Email Message1mVideo 11.5: Overview of Email Crime Investigation and its Steps20m

5 practice exercises

Video 11.2: Quiz10mVideo 11.3: Understanding the Components Involved in Email Communication - Quiz10mVideo 11.4: Quiz10mVideo 11.5: Quiz10mModule 11 - Quiz20m

3 hours to complete

Module 12: Malware Forensics

Currently, malicious software, commonly called malware, is the most efficient tool for compromising the security of a computer or any other electronic device connected to the internet. This has become a menace owing to the rapid progress in technologies such as easy encryption and data hiding techniques. Malware is the major source of various cyber-attacks and internet security threats; therefore, computer forensic analysts need to have the expertise to deal with them.

3 hours to complete

8 videos (Total 66 min)

8 videos

Video 12.1: Module Introduction1mVideo 12.2: Understanding Malware and the Common Techniques Attackers Use to Spread Malware11mVideo 12.3: Understanding Malware Forensics Fundamentals and Types of Malware Analysis14mVideo 12.4: Overview of Static Analysis of Malware9mVideo 12.5: Overview of Analysis of Suspicious Word Documents4mVideo 12.6: Understanding Dynamic Malware Analysis Fundamentals and Approaches5mVideo 12.7: Understanding the Analysis of Malware Behavior on System Properties in Real-time13mVideo 12.8: Understanding the Analysis of Malware Behavior on Network in Real-time5m

8 practice exercises

Video 12.2: Quiz10mVideo 12.3: Quiz10mVideo 12.4: Quiz10mVideo 12.5: Quiz10mVideo 12.6: Quiz10mVideo 12.7: Quiz10mVideo 12.8: Quiz10mModule 12 - Quiz20m

About the Cybersecurity Attack and Defense Fundamentals Specialization

This Specialization can be taken by students, IT professionals, IT managers, career changers, and anyone who seeks a cybersecurity career or aspires to advance their current role. This course is ideal for those entering the cybersecurity workforce, providing foundational, hands-on skills to solve the most common security issues organizations face today.

Frequently Asked Questions

When will I have access to the lectures and assignments?
Access to lectures and assignments depends on your type of enrollment. If you take a course in audit mode, you will be able to see most course materials for free. To access graded assignments and to earn a Certificate, you will need to purchase the Certificate experience, during or after your audit. If you don't see the audit option:
The course may not offer an audit option. You can try a Free Trial instead, or apply for Financial Aid.
The course may offer 'Full Course, No Certificate' instead. This option lets you see all course materials, submit required assessments, and get a final grade. This also means that you will not be able to purchase a Certificate experience.
What will I get if I subscribe to this Specialization?
When you enroll in the course, you get access to all of the courses in the Specialization, and you earn a certificate when you complete the work. Your electronic Certificate will be added to your Accomplishments page - from there, you can print your Certificate or add it to your LinkedIn profile. If you only want to read and view the course content, you can audit the course for free.
Is financial aid available?
Yes. In select learning programs, you can apply for financial aid or a scholarship if you can’t afford the enrollment fee. If fin aid or scholarship is available for your learning program selection, you’ll find a link to apply on the description page.

More questions? Visit the Learner Help Center.

Build employee skills, drive business results

Discover Coursera for Business

Digital Forensics Essentials (DFE)

About this Course

What you will learn

Skills you will gain

Instructor

EC-Council

Offered by

EC-Council

Syllabus - What you will learn from this course

Module 01: Computer Forensics Fundamentals

Module 02: Computer Forensics Investigation Process

Module 03: Understanding Hard Disks and File Systems

Module 04: Data Acquisition and Duplication

Module 05: Defeating Anti-forensics Techniques

Module 06: Windows Forensics

Module 07: Linux and Mac Forensics

Module 08: Network Forensics

Module 09: Investigating Web Attacks

Module 10: Dark Web Forensics

Module 11: Investigating Email Crimes

Module 12: Malware Forensics

About the Cybersecurity Attack and Defense Fundamentals Specialization

Frequently Asked Questions

Learn Something New

Popular Data Science Courses

Popular Computer Science & IT Courses

Popular Business Courses

Coursera

Community

More

Digital Forensics Essentials (DFE)

About this Course

What you will learn

Skills you will gain

Instructor

EC-Council

Offered by

EC-Council

Syllabus - What you will learn from this course

Module 01: Computer Forensics Fundamentals

Module 02: Computer Forensics Investigation Process

Module 03: Understanding Hard Disks and File Systems

Module 04: Data Acquisition and Duplication

Module 05: Defeating Anti-forensics Techniques

Module 06: Windows Forensics

Module 07: Linux and Mac Forensics

Module 08: Network Forensics

Module 09: Investigating Web Attacks

Module 10: Dark Web Forensics

Module 11: Investigating Email Crimes

Module 12: Malware Forensics

About the Cybersecurity Attack and Defense Fundamentals Specialization

Frequently Asked Questions

Coursera Footer

Learn Something New

Popular Data Science Courses

Popular Computer Science & IT Courses

Popular Business Courses

Coursera

Community

More