EC-Council

Digital Forensics Essentials (DFE)

This course is part of Cybersecurity Attack and Defense Fundamentals Specialization

Taught in English

Some content may not be translated

EC-Council

Instructor: EC-Council

7,485 already enrolled

Included with Coursera Plus

Course

Gain insight into a topic and learn the fundamentals

4.7

(64 reviews)

Beginner level
No prior experience required
25 hours (approximately)
Flexible schedule
Learn at your own pace

What you'll learn

  • Network forensics fundamentals, event correlation, and network traffic investigation

  • Data acquisition concepts, types, format, and methodology

  • Computer forensics investigation process and its phases

  • Fundamental concepts of computer forensics

Details to know

Shareable certificate

Add to your LinkedIn profile

Assessments

71 quizzes

Course

Gain insight into a topic and learn the fundamentals

4.7

(64 reviews)

Beginner level
No prior experience required
25 hours (approximately)
Flexible schedule
Learn at your own pace

See how employees at top companies are mastering in-demand skills

Placeholder

Build your subject-matter expertise

This course is part of the Cybersecurity Attack and Defense Fundamentals Specialization
When you enroll in this course, you'll also be enrolled in this Specialization.
  • Learn new concepts from industry experts
  • Gain a foundational understanding of a subject or tool
  • Develop job-relevant skills with hands-on projects
  • Earn a shareable career certificate
Placeholder
Placeholder

Earn a career certificate

Add this credential to your LinkedIn profile, resume, or CV

Share it on social media and in your performance review

Placeholder

There are 12 modules in this course

Computer forensics plays a vital role in the investigation and prosecution of cybercriminals. The process includes the acquisition, inspection, and reporting of information stored across computers and networks in relation to a civil or criminal incident. Forensic investigators are trained professionals who extract, analyze/investigate, and report crimes that either target technology or use it as a tool to commit a crime. This module discusses the role of computer forensics in today’s world.

What's included

8 videos7 quizzes

One of the goals of performing a forensic investigation process is to have a better understanding of an incident by identifying and analyzing the evidence thereof. This module describes the different stages involved in the complete computer forensic investigation process and highlights the role of expert witnesses in solving a cybercrime case. It also outlines the importance of formal investigation reports presented in a court of law during a trial.

What's included

5 videos5 quizzes

Storage devices such as Hard Disk Drives (HDDs) and Solid-State Drives (SSDs) are an important source of information during forensic investigation. The investigator should locate and protect the data collected from storage devices as evidence. Therefore, it is necessary for the investigator to have knowledge on the structure and behavior of storage devices. The file system is also important as the storage and distribution of the data in a device is dependent on the file system used. This module provides insight into hard disks and file systems.

What's included

6 videos6 quizzes

Data acquisition is the first proactive step in the forensic investigation process. Forensic data acquisition does not merely entail the copying of files from one device to another. Through forensic data acquisition, investigators aim to extract every bit of information present in the victim system’s memory and storage, in order to create a forensic copy of this information. Further, this forensic copy must be created in a manner such that integrity of the data is verifiably preserved and can be used as evidence in the court. This module discusses the fundamental concepts of data acquisition and the various steps involved in the data acquisition methodology.

What's included

5 videos5 quizzes

After compromising a system, attackers often try to destroy or hide all traces of their activities; this makes forensic investigation extremely challenging for investigators. The use of various techniques by cyber-criminals to destroy or hide traces of illegal activities and hinder forensic investigation processes are referred to as anti-forensics. Forensic investigators need to overcome/defeat anti-forensics so that an investigation yields concrete and accurate evidence that helps identify and prosecute the perpetrators. This module outlines the fundamentals of anti-forensics techniques and elaborately discusses how forensic investigators can defeat them using various tools.

What's included

8 videos8 quizzes

Windows forensics refers to investigation of cyber-crimes involving Windows machines. It involves gathering of evidence from a Windows machine so that the perpetrator(s) of a cybercrime can be identified and prosecuted. Windows is one of the most widely used OSes; therefore, the possibility of a Windows machine being involved in an incident is high. So, investigators must have a thorough understanding of the various components of a Windows OS such as the file system, registries, system files, and event logs where they can find data of evidentiary value. This module discusses how to collect and examine forensic evidence related to incidents of cybercrime on Windows machines.

What's included

5 videos5 quizzes

Windows may be the most commonly used platform for forensic analysis owing to its popularity in enterprise systems. Several digital forensics tools exist for systems operating on Windows. However, when it comes to conducting forensics investigation on Linux and Mac systems, investigators are faced with a different kind of challenge. While the forensics techniques are the same, the tools used might differ. This module discusses how to collect and examine evidence related to incidents of cybercrime on Linux and MacOS–based machines.

What's included

5 videos5 quizzes

Network forensic investigation refers to the analysis of network security events (which include network attacks and other undesirable events that undermine the security of the network) for two broad purposes — to determine the causes of the network security events so that appropriate safeguards and countermeasures can be adopted, and to gather evidence against the perpetrators of the attack for presentation in the court of law. This module discusses the methods of investigating network traffic to locate suspicious packets and identify indicators of compromise (IoCs) from the analysis of various log files.

What's included

6 videos6 quizzes

Web applications allow users to access their resources through client-side programs such as web browsers. Some web applications may contain vulnerabilities that allow cyber criminals to launch application-specific attacks such as SQL Injection, cross site scripting, local file inclusion (LFI), command injection, etc., which cause either partial or complete damage of the underlying servers. Moreover, such attacks against web applications can lead to massive financial and reputational damage for organizations. In most cases, organizations are unable to trace the root cause of an attack, which leaves security loopholes for the attackers to exploit. This is where web application forensics assumes significance. This module discusses the procedure of web application forensics, various types of attacks on web servers and applications, and where to look for evidence during an investigation. Furthermore, it explains how to detect and investigate various types of web-based attacks.

What's included

6 videos6 quizzes

The web has three layers: the surface web, the deep web, and the dark web. While the surface web and deep web are used for legitimate purposes, the dark web is mostly used by cyber criminals to perpetrate nefarious/antisocial activities. Access to the dark web requires the use of the Tor browser, which provides users with a high level of anonymity through a complex mechanism, thereby allowing criminals to hide their identities. This module outlines the fundamentals of dark web forensics, describes the workings of the Tor browser, and discusses steps to perform forensic investigation of the Tor browser.

What's included

5 videos5 quizzes

Over the past few decades, email services have been extensively used for communication all over the world for exchanging texts and multimedia messages. However, this has also made email a powerful tool for cybercriminals to spread malicious messages and perform illegal activities. The current module intends to familiarize you with the subject of email crimes and how they occur. It primarily focuses on the steps an investigator needs to follow in an email crime investigation.

What's included

5 videos5 quizzes

Currently, malicious software, commonly called malware, is the most efficient tool for compromising the security of a computer or any other electronic device connected to the internet. This has become a menace owing to the rapid progress in technologies such as easy encryption and data-hiding techniques. Malware is the major source of various cyber-attacks and internet security threats; therefore, computer forensic analysts need to have the expertise to deal with them. This module elaborately discusses the different types of malware, malware forensics fundamentals, and different types of malware analysis that investigators can perform to examine the malicious code and determine how the malware interacts with the system resources and the network during the runtime.

What's included

8 videos8 quizzes

Instructor

Instructor ratings
4.8 (12 ratings)
EC-Council
EC-Council
5 Courses46,046 learners

Offered by

EC-Council

Recommended if you're interested in Computer Security and Networks

Why people choose Coursera for their career

Felipe M.
Learner since 2018
"To be able to take courses at my own pace and rhythm has been an amazing experience. I can learn whenever it fits my schedule and mood."
Jennifer J.
Learner since 2020
"I directly applied the concepts and skills I learned from my courses to an exciting new project at work."
Larry W.
Learner since 2021
"When I need courses on topics that my university doesn't offer, Coursera is one of the best places to go."
Chaitanya A.
"Learning isn't just about being better at your job: it's so much more than that. Coursera allows me to learn without limits."

Learner reviews

Showing 3 of 64

4.7

64 reviews

  • 5 stars

    82.81%

  • 4 stars

    9.37%

  • 3 stars

    6.25%

  • 2 stars

    0%

  • 1 star

    1.56%

SS
5

Reviewed on Jun 15, 2023

KY
5

Reviewed on Jan 27, 2024

SF
5

Reviewed on Apr 10, 2023

New to Computer Security and Networks? Start here.

Placeholder

Open new doors with Coursera Plus

Unlimited access to 7,000+ world-class courses, hands-on projects, and job-ready certificate programs - all included in your subscription

Advance your career with an online degree

Earn a degree from world-class universities - 100% online

Join over 3,400 global companies that choose Coursera for Business

Upskill your employees to excel in the digital economy

Frequently asked questions