Computer Forensics Training Resources for IT Pros
Although lots of free information security training is readily available, the same cannot be said for computer forensics — it's in high demand, but darned hard to come by. We sleuthed our way across the web to find the best options that are worth your time and attention. Some of the training mentioned in this article requires that you create an account and then sign up for a course, although other items are available directly on the websites listed.
Charles Stuart University
In addition to full curriculums for undergrads and postgraduates, Charles Stuart University offers a free short course in digital forensics. In four modules, students explore the role of the forensic investigator, the forensics process, and forensic and data acquisition tools for extracting evidence from virtual machines, networks, email, mobile devices, the cloud and online social networks. The course ran live in 2015 and is now archived but available on demand. Once you sign up, you can view lectures, labs and study materials, but there is no way to obtain a certificate of completion once you finish.
EH Academy offers a variety of courses aimed at IT professionals. Most courses cost $15 to $250 (with deals available that sometimes greatly reduce the price of the more expensive courses), but the company also offers several free courses. Anyone who signs up can take "Computer Hacking Forensics Investigation," "Introduction to File Encryption and Best Practices using CrococryptFile" and "The Complete Cyber Security & Hacking Course" free of charge. The "Computer Hacking Forensics Investigation" course covers image and evidence concepts, acquiring disk images with FTK, hashing and disk examination and analysis in Windows and Linux.
Null Byte, part of the WonderHowTo family of sites, offers a plethora of white-hat hacking tutorials with an active and highly involved user base. Click the burger icon in the upper-left corner, go to the Forensics section, and then check out the multi-part "Digital Forensics for the Aspiring Hacker" series, for starters. It covers the gamut, from tools and techniques, to network forensics, finding artifacts, live memory forensics, parsing and lots more. The "How To Crack Passwords" series (in the Password Cracking section) is also a great resource for a forensics professional at any level.
OpenLearn is part of The Open University, based in England. The organization offers a free, intermediate-level, multi-part "Introduction to computer forensics and investigations" online course, in addition to "Introduction to cyber security," "Information security" and a long list of general education and business training. The forensics course lasts for six hours and covers the role of computer forensics, forensic techniques and tools, applying forensic tools in various situations and professional best practices for a forensic computing practitioner. You can find other computer-related courses on OpenLearn's Computing and ICT page.
Nearly every article about free courses includes edX, a site that lets you take a selection of courses from top universities around the world. Their courses are free, but if you complete a course and want a certificate of achievement, you need to pay $150. (Not all courses are eligible for a certificate, so check it out ahead of time.) The site's "Computer Forensics" course, from the Rochester Institute of Technology (RIT), is part of edX's MicroMasters program. It's an eight-week course that requires 10 to 12 hours of work each week, and covers digital forensics topics for investigations and presenting evidence in court. EdX adds courses frequently, so be sure to check the course catalog periodically for new forensics or cybersecurity offerings.
Cybrary aims to offer first-rate cyber security courses — all for free, all the time. The company requires that you set up an account but that's it. Just browse the growing list of courses until you find one to suit your needs or interests. The "Computer and Hacking Forensics" course includes an introduction, 15 full modules and an exam, with the option to get a certificate of completion at the end. Another course of note is "Incident Response and Advanced Forensics," which dives into threats (both malware and insider), incident response techniques and how to perform advanced forensics on an incident. Android users can install the Cybrary app to view lessons online or offline.
National White Collar Crime Center (NW3C)
Available only to state and local law enforcement and regulatory agency personnel, NW3C offers on-ground and online courses in computer forensics, cyber investigations, mobile forensics and more. On-ground courses last from two to four days, and are offered at various locations around the U.S.; online courses last from one to three hours. Examples of courses include Identifying and Seizing Electronic Evidence, Introduction to Cell Phone Investigations, First Responders & Digital Evidence, and Mobile Digital Devices and GPS.
Federal Virtual Training Environment (FedVTE)
Another resource that's specific to law enforcement (and government personnel, agency contractors and U.S. veterans) is the curriculum available through the FedVTE. Managed by the Department of Homeland Security, FedVTE courses help prepare the workforce for "operational readiness" to handle all kinds of security issues and to achieve some security-related certifications, such as the EC-Council CEH and (ISC)2 CISSP. The nine-hour Cyber Security Investigations course, for instance, covers cyber security and digital forensics investigation basics, including incident response, evidence collection, forensic tools and processes and best practices.
YouTube is a terrific resource for free IT training of all kinds, including a wealth of introductory and specific training on computer forensics. Just search for "computer forensics" or "digital forensics," and watch the videos that are most relevant to your needs. One tip that works well for us is to start with videos that have the most views or are the most current. Some videos are even eligible for continuing education credits through various organizations.
Here are some of our favorites:
- Intro to IT Security & Forensics: This course by InfoSec Institute features seven modules that run 10 to 15 minutes each. It covers anonymity on the internet, hidden services, anti-forensics, forensic imaging, forensic recovery, forensics with Autopsy and iPhone forensics.
- Learning Computer Forensics Tutorial | Evidence Acquisition: This O'Reilly training video is an excerpt from a full course. Look for other O'Reilly videos on FTK, forensic workstation, dynamic malware analysis and more, or visit the O'Reilly channel.
- Cyber forensics: Sheenam Arora walks viewers through the fundamentals of cyber forensics.
Digital Forensics Challenges
Several forensics-related organizations create digital forensics challenges, or contests, to entice amateurs and practitioners to hone their skills while having fun. Most challenges include evidence files that you analyze with forensic tools to make the experience more rigorous and to mimic the real world. Here's a sampling of challenges you might find interesting:
- Forensic Focus: http://www.forensicfocus.com/images-and-challenges
- Black T-shirt Cyber Forensic Challenge: https://cyberforensicschallenge.com
- Pivot Project (aimed at high school students): http://pivotproject.org/challenges/digital-forensics-challenge
Keep your eye on the DRFWS site (look under the Challenge menu) for a new challenge to appear in the months to come. The organization is seeking help in creating a new forensic challenge based on the invisible Internet (I2P), cloud forensics, Microsoft Windows 10, Internet of Things (IoT), personal drones or some other interesting and highly relevant topic.
Computer Forensic Toolkit
Finally, every aspiring computer forensic professional needs a solid toolkit both for learning and for use in the workplace. Be sure to browse Forensic Control's comprehensive list of free computer forensic tools, which is updated regularly.