SEC 370 Computer Incident Response Course

This hands-on introductory course provides students with the knowledge and skills necessary to begin a computer-based investigation. The course begins with an overview of computer forensics concepts, terminology and management of digital evidence. This is followed by the identification, collection and preservation (first responder) of computer-related and other digital evidence, digital evidence acquisition and basic forensic analysis concepts.  Best practices for Incident Response Policies and Procedures for previewing and securing digital evidence are studied. The terms “computer forensics” and “computer evidence” will be explained and students will examine the following basic forensic methodology: a) how to acquire the evidence without altering or damaging the original, b) how to authenticate the recovered evidence, and c) how to analyze the data without modifying it.