Digital investigation and Cyber forensics

This module focuses on digital investigation and cyber forensics. It covers the complete lifecycle of an investigation procedure, from log preservation to forensic investigation. 

• Understand the challenges and constraints of forensic analysis.
• Understand the importance of legal aspects and forensic procedures.
• Discover basic forensic analysis techniques for data collection and analysis. (Example: log recovery from a
• PHP server and follow the trail of a simple attack)
• Understanding the constraints of digital investigation
• Handling tools and types of data acquisition
• Exploiting file formats
• Handling RAM memory analysis tools
• understand the underlying concepts and tools for analyzing Linux and Windows operating systems
• Setting up a large-scale analysis approach
• understand the current state of the cybercrime threat
• institutional presentation of the various French investigative services and the organization of the justice system
• presentation of the main criminal offences related to cybercrime
• presentation of the principles of international police and judicial cooperation
• presentation of the main types of investigation and requirements for preserving digital evidence

The learner will be able to follow an established forensic procedure and report on his or her actions in a format that can be understood by corporate governance.

Introduction to forensics
Legal aspects of forensics (when does one act in a judicial capacity, when does one act in a private capacity, when does a simple analysis become a judicial analysis, problems of destroying evidence)
Forensic analysis logbook, (Connection Log, IOC, Chronograph)
Example of a forensic procedure (Collection, Analysis, Restitution)

Digital forensicsCyber forensics
Definition
Digital forensics is an investigation that seeks out digital traces of a compromised information system. It consists of collecting a set of raw data, which are then analyzed to find traces of a computer attacker.