Digital Forensics Essentials helps learners increase their competency and expertise in digital forensics and information security skills, thereby adding value to their workplace and employer.
This course is part of the Cybersecurity Attack and Defense Fundamentals Specialization
Digital Forensics Essentials (DFE)
stars
11 ratings
2,014 already enrolled
Offered By
About this Course
44,642 recent views
Flexible deadlines
Reset deadlines in accordance to your schedule.
Shareable Certificate
Earn a Certificate upon completion
100% online
Start instantly and learn at your own schedule.
Course 3 of 3 in the
Beginner Level
Approx. 25 hours to complete
English
Subtitles: English
Could your company benefit from training employees on in-demand skills?
Try Coursera for BusinessWhat you will learn
Network forensics fundamentals, event correlation, and network traffic investigation
Data acquisition concepts, types, format, and methodology
Computer forensics investigation process and its phases
Fundamental concepts of computer forensics
Skills you will gain
- Digital Forensics
- Computer Forensics
Flexible deadlines
Reset deadlines in accordance to your schedule.
Shareable Certificate
Earn a Certificate upon completion
100% online
Start instantly and learn at your own schedule.
Course 3 of 3 in the
Beginner Level
Approx. 25 hours to complete
English
Subtitles: English
Could your company benefit from training employees on in-demand skills?
Try Coursera for Business
Offered by
EC-Council
Best known for the Certified Ethical Hacker program, EC-Council builds individual and team/organization cyber capabilities through the Certified Ethical Hacker Program and other programs including Certified Secure Computer User, Computer Hacking Forensic Investigator, Certified Security Analyst, Certified Network Defender, Certified SOC Analyst, Certified Threat Intelligence Analyst, Certified Incident Handler, as well as the Certified Chief Information Security Officer.
Syllabus - What you will learn from this course
Week1
Week 1
Module 01: Computer Forensics Fundamentals
Computer forensics plays a vital role in the investigation and prosecution of cybercriminals. The process includes the acquisition, inspection, and reporting of information stored across computers and networks in relation to a civil or criminal incident. Forensic investigators are trained professionals who extract, analyze/investigate, and report crimes that either target technology or use it as a tool to commit a crime. This module discusses the role of computer forensics in today’s world.
8 videos (Total 75 min)
8 videos
Course Introduction5mVideo 1.1: Introduction1mVideo 1.2: Understanding the Fundamentals of Computer Forensics7mVideo 1.3: Understanding Different Types of Cybercrimes6mVideo 1.4: Overview of Different Types of Digital Evidence and Rules of Evidence29m Video 1.5: Understanding Forensic Readiness Planning and Business Continuity12m Video 1.6: Understanding the Roles and Responsibilities of a Forensic Investigator8m Video 1.7: Understanding the Legal Compliance in Computer Forensics3m7 practice exercises
Video 1.2: Quiz10mVideo 1.3: Quiz10mVideo 1.4: Quiz10m Video 1.5: Quiz10m Video 1.6: Quiz10m Video 1.7: Quiz10mModule 01 - Quiz20mModule 02: Computer Forensics Investigation Process
One of the goals of performing a forensic investigation process is to have a better understanding of an incident by identifying and analyzing the evidence thereof. This module describes the different stages involved in the complete computer forensic investigation process and highlights the role of expert witnesses in solving a cybercrime case. It also outlines the importance of formal investigation reports presented in a court of law during a trial.
5 videos (Total 51 min)
5 videos
Video 2.1: Introduction1m Video 2.2: Understanding the Forensic Investigation Process and its Importance7m Video 2.3: Understanding the Pre-investigation Phase12mVideo 2.4: Understanding the Investigation Phase17mVideo 2.5: Understanding the Post-investigation Phase12m5 practice exercises
Video 2.2: Quiz10m Video 2.3: Quiz10mVideo 2.4: Quiz10mVideo 2.5: Understanding the Post-investigation Phase - Quiz10mModule 02 - Quiz20mWeek2
Week 2
Module 03: Understanding Hard Disks and File Systems
Storage devices such as Hard Disk Drives (HDDs) and Solid-State Drives (SSDs) are an important source of information during forensic investigation. The investigator should locate and protect the data collected from storage devices as evidence. Therefore, it is necessary for the investigator to have knowledge on the structure and behavior of storage devices. The file system is also important as the storage and distribution of the data in a device is dependent on the file system used. This module provides insight into hard disks and file systems.
6 videos (Total 134 min)
6 videos
Video 3.1: Introduction1mVideo 3.2: Understanding Different Types of Storage Drives and their Characteristics27mVideo 3.3: Understanding the Logical Structure of a Disk30mVideo 3.4: Understanding the Booting Process of Windows, Linux, and Mac Operating Systems38mVideo 3.5: Overview of various File Systems of Windows, Linux, and Mac Operating Systems29mVideo 3.6: Analyzing File Systems using Autopsy and The Sleuth Kit5m6 practice exercises
Video 3.2: Quiz10mVideo 3.3: Quiz10mVideo 3.4: Quiz10mVideo 3.5: Quiz10mVideo 3.6: Quiz10mModule 03 - Quiz20mModule 04: Data Acquisition and Duplication
Data acquisition is the first proactive step in the forensic investigation process. Forensic data acquisition does not merely entail the copying of files from one device to another. Through forensic data acquisition, investigators aim to extract every bit of information present in the victim system’s memory and storage, in order to create a forensic copy of this information. Further, this forensic copy must be created in a manner such that integrity of the data is
verifiably preserved and can be used as evidence in the court. This module discusses the fundamental concepts of data acquisition and the various steps involved in the data acquisition methodology.
5 videos (Total 39 min)
5 videos
Video 4.1: Introduction1mVideo 4.2: Understanding the Data Acquisition Fundamentals8mVideo 4.3: Understanding the Different Types of Data Acquisition4mVideo 4.4: Understanding the Data Acquisition Format5mVideo 4.5: Understanding the Data Acquisition Methodology19m5 practice exercises
Video 4.2: Quiz10mVideo 4.3: Understanding the Different Types of Data Acquisition - Quiz10mVideo 4.4: Quiz10mVideo 4.5: Quiz10mModule 04 - Quiz20mWeek3
Week 3
Module 05: Defeating Anti-forensics Techniques
After compromising a system, attackers often try to destroy or hide all traces of their activities; this makes forensic investigation extremely challenging for investigators. The use of various techniques by cyber-criminals to destroy or hide traces of illegal activities and hinder forensic investigation processes are referred to as anti-forensics. Forensic investigators need to overcome/defeat anti-forensics so that an investigation yields concrete and accurate evidence that helps identify and prosecute the perpetrators. This module outlines the fundamentals of anti-forensics techniques and elaborately discusses how forensic investigators can defeat them using various tools.
8 videos (Total 51 min)
8 videos
Video 5.1: Introduction1mVideo 5.2: Understanding the Anti-forensics Techniques2mVideo 5.3: Understanding the Data Deletion and Recycle Bin Forensics10mVideo 5.4: Overview of File Carving Techniques and Ways to Recover Evidence from Deleted Partitions10mVideo 5.5: Understanding the Password Cracking/Bypassing Techniques4mVideo 5.6: Understanding How to Detect Steganography, Hidden Data in File System Structures, and Trail Obfuscation8mVideo 5.7: Understanding the Techniques of Artifact Wiping, Overwritten Data/ Metadata Detection, and Encryption7m Video 5.8: Overview of Anti-forensics Countermeasures and Anti-forensics Tools4m8 practice exercises
Video 5.2: Quiz10mVideo 5.3: Quiz10mVideo 5.4: Quiz10mVideo 5.5: Quiz10mVideo 5.6: Quiz10mVideo 5.7: Quiz10m Video 5.8: Quiz10mModule 05 - Quiz20mModule 06: Windows Forensics
Windows forensics refers to investigation of cyber-crimes involving Windows machines. It involves gathering of evidence from a Windows machine so that the perpetrator(s) of a cybercrime can be identified and prosecuted. Windows is one of the most widely used OSes; therefore, the possibility of a Windows machine being involved in an incident is high. So, investigators must have a thorough understanding of the various components of a Windows OS such as the file system, registries, system files, and event logs where they can find data of evidentiary value. This module discusses how to collect and examine forensic evidence related to incidents of cybercrime
on Windows machines.
5 videos (Total 64 min)
5 videos
Video 6.1: Introduction1mVideo 6.2: Understanding the Collection Of Volatile and Non-volatile Information23mVideo 6.3: Understanding the Windows Memory and Registry Analysis16mVideo 6.4: Understanding How to Examine Cache, Cookie, and History Recorded in Web Browsers6mVideo 6.5: Understanding How to Examine Windows Files and Metadata16m5 practice exercises
Video 6.2: Quiz10mVideo 6.3: Quiz10mVideo 6.4: Quiz10mVideo 6.5: Quiz10mModule 06 - Quiz20mWeek4
Week 4
Module 07: Linux and Mac Forensics
Windows may be the most commonly used platform for forensic analysis owing to its popularity in enterprise systems. Several digital forensics tools exist for systems operating on Windows. However, when it comes to conducting forensics investigation on Linux and Mac systems, investigators are faced with a different kind of challenge. While the forensics techniques are the same, the tools used might differ. This module discusses how to collect and examine evidence related to incidents of cybercrime on Linux and MacOS–based machines.
5 videos (Total 59 min)
5 videos
Video 7.1: Introduction1mVideo 7.2: Understanding the Volatile and Non-Volatile Data in Linux30mVideo 7.3: Understanding the Filesystem Images Analysis using The Sleuth Kit2mVideo 7.4: Understanding the Memory Forensics using Volatility and PhotoRec6mVideo 7.5: Understanding the Mac Forensics18m5 practice exercises
Video 7.2: Quiz10mVideo 7.3: Quiz10mVideo 7.4: Quiz10mVideo 7.5: Quiz10mModule 07 - Quiz20mModule 08: Network Forensics
Network forensic investigation refers to the analysis of network security events (which include network attacks and other undesirable events that undermine the security of the network) for two broad purposes — to determine the causes of the network security events so that appropriate safeguards and countermeasures can be adopted, and to gather evidence against the perpetrators of the attack for presentation in the court of law. This module discusses the methods of investigating network traffic to locate suspicious packets and identify indicators of compromise (IoCs) from the analysis of various log files.
6 videos (Total 56 min)
6 videos
Video 8.1: Introduction1mVideo 8.2: Understanding the Network Forensics Fundamentals1mVideo 8.3: Understanding the Logging Fundamentals11mVideo 8.4: Understanding the Event Correlation Concepts8mVideo 8.5: Overview of Identifying Indicators of Compromise (IoCs) from Network Logs16mVideo 8.6: Understanding How to Investigate Network Traffic15m6 practice exercises
Video 8.2: Quiz10mVideo 8.3: Quiz10mVideo 8.4: Quiz10mVideo 8.5: Quiz10mVideo 8.6: Quiz10mModule 08 - Quiz20mWeek5
Week 5
Module 09: Investigating Web Attacks
Web applications allow users to access their resources through client-side programs such as web browsers. Some web applications may contain vulnerabilities that allow cyber criminals to launch application-specific attacks such as SQL Injection, cross site scripting, local file inclusion (LFI), command injection, etc., which cause either partial or complete damage of the underlying servers.
Moreover, such attacks against web applications can lead to massive financial and reputational damage for organizations. In most cases, organizations are unable to trace the root cause of an attack, which leaves security loopholes for the attackers to exploit. This is where web application forensics assumes significance. This module discusses the procedure of web application forensics, various types of attacks on web servers and applications, and where to look for evidence during an investigation. Furthermore, it explains how to detect and investigate various types of web-based attacks.
6 videos (Total 53 min)
6 videos
Video 9.1: Introduction1mVideo 9.2: Understanding the Web Application Forensics15mVideo 9.3: Understanding the Internet Information Services (IIS) Logs9mVideo 9.4: Understanding the Apache Web Server Logs7mVideo 9.5: Overview of Web Attacks on Windows-based Servers4mVideo 9.6: Understanding How to Detect and Investigate various Attacks on Web Applications15m6 practice exercises
Video 9.2: Quiz10mVideo 9.3: Quiz10mVideo 9.4: Quiz10mVideo 9.5: Quiz10mVideo 9.6: Quiz10mModule 09 - Quiz20mModule 10: Dark Web Forensics
The web as three layers: the surface web, deep web, and dark web. While the surface web and deep web are used for legitimate purposes, the dark web is mostly used by cyber criminals to perpetrate nefarious/antisocial activities. Access to the dark web requires the use of the Tor browser, which provides users a high level of anonymity through a complex mechanism, thereby allowing criminals to hide their identities.
This module outlines the fundamentals of dark web forensics, describes the working of the Tor browser, and discusses steps to perform forensic investigation of the Tor browser.
5 videos (Total 19 min)
5 videos
Video 10.1: Introduction1mVideo 10.2: Understanding the Dark Web8mVideo 10.3: Understanding How to Identify the Traces of Tor Browser During Investigation6mVideo 10.4: Understanding the Tor Browser Forensics56sVideo 10.5: Overview of Collecting and Analyzing Memory Dumps1m5 practice exercises
Video 10.2: Quiz10mVideo 10.3: Quiz10mVideo 10.4: Quiz10mVideo 10.5: Quiz10mModule 10 - Quiz20mWeek6
Week 6
Module 11: Investigating Email Crimes
Over the past few decades, email services have been extensively used for communication all over the world for exchanging texts and multimedia messages. However, this has also made email a powerful tool for cybercriminals to spread malicious messages and perform illegal activities. The current module intends to familiarize you with the subject of email crimes and how they occur. It primarily focuses on the steps an investigator needs to follow in an email crime investigation.
5 videos (Total 29 min)
5 videos
Video 11.1: Introduction1mVideo 11.2: Understanding the Email System1mVideo 11.3: Understanding the Components Involved in Email Communication4mVideo 11.4: Understanding the Parts of an Email Message1mVideo 11.5: Overview of Email Crime Investigation and its Steps20m5 practice exercises
Video 11.2: Quiz10mVideo 11.3: Understanding the Components Involved in Email Communication - Quiz10mVideo 11.4: Quiz10mVideo 11.5: Quiz10mModule 11 - Quiz20mModule 12: Malware Forensics
Currently, malicious software, commonly called malware, is the most efficient tool for compromising the security of a computer or any other electronic device connected to the internet. This has become a menace owing to the rapid progress in technologies such as easy encryption and data hiding techniques. Malware is the major source of various cyber-attacks and internet security threats; therefore, computer forensic analysts need to have the expertise to deal with them.
This module elaborately discusses the different types of malware, malware forensics fundamentals, and different types of malware analysis that investigators can perform to examine the malicious code and determine how the malware interacts with the system resources and the network during the runtime.
8 videos (Total 66 min)
8 videos
Video 12.1: Module Introduction1mVideo 12.2: Understanding Malware and the Common Techniques Attackers Use to Spread Malware11mVideo 12.3: Understanding Malware Forensics Fundamentals and Types of Malware Analysis14mVideo 12.4: Overview of Static Analysis of Malware9mVideo 12.5: Overview of Analysis of Suspicious Word Documents4mVideo 12.6: Understanding Dynamic Malware Analysis Fundamentals and Approaches5mVideo 12.7: Understanding the Analysis of Malware Behavior on System Properties in Real-time13mVideo 12.8: Understanding the Analysis of Malware Behavior on Network in Real-time5m8 practice exercises
Video 12.2: Quiz10mVideo 12.3: Quiz10mVideo 12.4: Quiz10mVideo 12.5: Quiz10mVideo 12.6: Quiz10mVideo 12.7: Quiz10mVideo 12.8: Quiz10mModule 12 - Quiz20mAbout the Cybersecurity Attack and Defense Fundamentals Specialization
This Specialization can be taken by students, IT professionals, IT managers, career changers, and anyone who seeks a cybersecurity career or aspires to advance their current role. This course is ideal for those entering the cybersecurity workforce, providing foundational, hands-on skills to solve the most common security issues organizations face today.
This 3-course Specialization will help you gain core cybersecurity skills needed to protect critical data, networks, and digital assets. You will learn to build the foundation that enables individuals to grow their skills in specialized domains like penetration testing, security consulting, auditing, and system and network administration.
Frequently Asked Questions
When will I have access to the lectures and assignments?
Access to lectures and assignments depends on your type of enrollment. If you take a course in audit mode, you will be able to see most course materials for free. To access graded assignments and to earn a Certificate, you will need to purchase the Certificate experience, during or after your audit. If you don't see the audit option:
The course may not offer an audit option. You can try a Free Trial instead, or apply for Financial Aid.
The course may offer 'Full Course, No Certificate' instead. This option lets you see all course materials, submit required assessments, and get a final grade. This also means that you will not be able to purchase a Certificate experience.
What will I get if I subscribe to this Specialization?
When you enroll in the course, you get access to all of the courses in the Specialization, and you earn a certificate when you complete the work. Your electronic Certificate will be added to your Accomplishments page - from there, you can print your Certificate or add it to your LinkedIn profile. If you only want to read and view the course content, you can audit the course for free.
Is financial aid available?
Yes. In select learning programs, you can apply for financial aid or a scholarship if you can’t afford the enrollment fee. If fin aid or scholarship is available for your learning program selection, you’ll find a link to apply on the description page.
More questions? Visit the Learner Help Center.
