Online Forensics Degree : June 2017

Friday, June 16, 2017

Forensic Toolkit FTK

Forensic Toolkit or FTK is a software technology used to perform computer forensics investigations. AccessData, creator of FTK is founded in 1987 with 6 global offices and 30 years experience in the industry.

It features unique distributed processing, which is an efficiently streamline processing time and reduces case backlog. Backlog is an accumulation of something, especially uncompleted work or matters that need to be dealt with.

FTK processes and indexes as data becomes available, thereforee time is not used for waiting searches to run, which makes relevant evidence collection quicker. Time can be alloted to analysis.
It has team data sharing capability. A shared case database is made available to other examiners on the team, reducing cost and complexity of creating separate case access and tracking. FTK is using PostgreSQL database ideal for handling large data. All functionalities are made available through its graphical user interface which sports display of data in timelines, cluster graphs, pie charts, geolocation.

For more info on the technical specifications, click here.

FTK includes a standalone disk imaging program called FTK Imager which is important in making image for hard disk and other non-volatile memory media.

EnCase Forensic Software

EnCase is a paramount standard in digital forensic technology and widely used in the industry.
The software comes in several products designed for forensic, cyber security, security analytics, and e-discovery use. The product is developed by Guidance Software. 

The EnCase Forensic solution being offered allows computer forensic scientist acquire data from a wide variety of devices. I will be able to recover potential evidence with disk level forensic analysis feature. Maintaining the integrity of the evidence is basically a feature of any forensic software package.

Products include EnScript which can efficiently automate investigative task and EnCase Forensic which has scripting extension capability.

EnCase Forensic allows acquiring data from non-volatile memory like disks or volatile memory like RAM, various documents and image files, email and webmail based conversation, internet data like browser history, cache and cookies, HTML page reconstruction, chat sessions, compressed files, backup files, encrypted files, RAIDs, workstations, servers. Version 7 allows data gathering from a smartphone or tablet. Guidance Software offers EnCase training and certification which gives successful EnCase users to include in their credentials.


Encase and mentioned brand names are registered trademarks of their respective owners who have no association with or make any endorsement of the products or services provided by this blog.

Computer Forensic Course in California

California universities and nearby colleges may offer Computer Forensic course. Computer forensics is a new territory in the sense that it requires technical knowledge from the conventional forensic crime investigation. High tech tools and software are needed in order to run information gathering in an obtained media with the goal of preserving original media state. Good thing is some colleges and universities also adopted high tech ways in student admission via online course.

Utica College is a private university located in Utica, in the U.S. state of New York. The history of the college started when Syracuse University began offering extension courses in the Utica area more than 80 years ago. It offers online MS in Financial Crime & Compliance Management, online MS in Cybersecurity and Computer Forensics Specialization.

Maryville University of St. Louis offers Bachelor's, Master's, Doctoral, and Professional degrees. It  enrolled 382 first-time degree-seeking undergraduates. A majority of Maryville Saint Louis undergraduates study in professional fields such as public policy, or social work. It offers nline cources in Computer forensics like online MS in Cyber Security and online BS in Cyber Security.

Regis University offers online BS in Criminology. Regis University is a private, co-educational Roman Catholic - Jesuit University in Denver.

Founded in 1819, Norwich University is a private institution. It has a total undergraduate enrollment of around less than 3 thousand students in its rural campus setting. It is semester based. It offers online MS in Information Security & Assurance.

The California State University is a public university system. Composed of 23 campuses and eight off-campus centers enrolling around 400 thousand students which makes it the largest four-year public university system in the United States. CSU Fullerton campus offers a hybrid computer forensics certificate program. Highlights of the training include hands-on experience with EnCase, and FTK forensic tools.

Computer Forensics Software

Computer forensics deals with examining of digital information obtained from obtained and seize devices involved in a high technology computer crime. As such, tools exists to assist a computer forensic practitioner. Forensics basically require procedures and steps to ensure that the evidence obtained from devices lead to conviction or establishment of innocence. The devices deemed of such importance needs to be admissible to the court. Following guidelines in ensuring integrity of the original digital information and condition of the physical device is essential. With properly utilizing the right tools and practices for computer forensics, we can accomplish our task to preserve the original evidence tamper free and admissible to court.

The first step in computer forensic examination is to create a duplicate of the original media and work on the created image. All relevant data must be present in the image by means of physical or logical imaging. Examination will be done on the image and the original media is kept safe and secure. Applications suites for forensic examination will be used during the analysis. Application logs, history log, database file, and temporary files can be obtained and examined for relevance to the case buildup. It is of prime importance also to recover deleted data and recreate the file structure for examination by directory, date, time, author or user, and any information that can be obtained and be able to open the contents of the files with the appropriate viewer to gather information. Files must be hashed to identify the altered files from the unaltered which will give integrity to the collected data evidenced in the individual files of the image.

Computer Forensic Course in Florida

University of Florida offers online programs in computer forensics. The UFL's forensic science graduate program currently have more than 1,000 graduates which are international students.Online graduate program started in 1999.

UF offers four master’s degrees and four specialized graduate certificates. Accordingly, students have same school fees for local students and international online students. International students have minimum requirements like English language test for non-native English speakers. Once requirements are meet, a student can be admitted for master's degree, graduate certificate or non-degree course.

Students are admitted in the graduate program open for whole year. Same goes to international students. The online forensic science graduate program covers computer forensics in an online format, along with discussion boards and forums.

UFL program is ideal for professional computer forensic investigators seeking formal education in their field, for lawyers, law practitioners, and cybersecurity enthusiast. The computer forensic field requires updates through educational courses since almost daily, the threat of cybercrime countinues to grow with methods of forensic examination needed to be learned to keep up with the challenges of the growing cybercrime and computer crime.

Celebrite Mobile Forensics

Cellebrite is an Israel based wireless carriers and retailers and mobile forensics company. With over 10 years of experience in mobile forensics industry, Cellebrite's Mobile Forensics products had gained reputation as a world leader in  mobile digital forensics and investigation industry. They have a flagship brand name family called Universal Forensic Extraction Device or UFED with the ability to extract digital data whether physical data or logical data from mobile devices. Mobile device are cellphones and other hand-held mobile devices based in android, apple, and other brands of mobile devices.

For the list of Cellebrite UFED supported devices, you can download the UFED Classic supported devices list.

UFED has the ability to recover deleted data and decrypt password protected or encrypted data. Features also include physical extraction which is have allow extraction of device image of the physical flash memory with advanced extraction methods. It bypasses the device operating system and only extracts the important data in the memory if the device is fully supported as seen on the list.

File system extraction is a logical extraction feature under UFED Ultimate which gains use in recovery of application related logs and files, the sms database stored in the device, and call logs.

If the phone is locked, the UFED offers password extraction. It is supported without PC. Password information can be displayed on the extracting device monitor. File system can be rebuilt from the use of this tool which could greatly help in restoring the organization of data structure of the subject phone.

Learning the Cellebrite mobile forensics is possible with the live online training it offers. With the recognized certification it started to provide since 2013, they standardized the Cellebrite forensic training system. To learn more of their training program, you can visit their official site by clicking here.

Fundamental Computer Forensics Syllabus

A syllabus is a document of the details of a course. It lists down topics being covered and is grouped by a subject. More formally defined, subject is one unit of study which you enroll in as part of your course. Course is the degree or diploma program in which you are admitted or enrolled to.

Forensics Science is a scientific discipline of he association of people, things and places which helps in the investigation and make a formal judgment or decision for civil and criminal lawsuit.


Computer forensics is a branch of forensic science  and the practice of collecting digital data in a way that is legally admissible to court as evidence. Analyzing collected digital data need to be admissible evidence so it could be used in a court of law. Evidence is typically introduced to a judge or a jury to prove a point or element in a case. The digital data needs to be handled with integrity which means data must be tamper free and not compromised.

The syllabus for a typical fundamental computer forensics course include:

1. Introduction
2. Nature of computer crime
3. Search and seizure
4. Introduction to imager tools
5. Numbering systems
6. Characteristics of physical drives
7. Partitions
8. The boot process and drive lettering
9. Formatting of a file system
10. The file allocation table
11. Saving files and directories in a file system
12. Deleted file recovery in file system
13. Drive access and write blocker

Introduction is about starting discussion of the course. It can contain outline of materials and any software to be used, the prerequisites, the course outline, and some helpful information. In line with software to be used, information about setting up the laboratory computer can be given at this part.

Computer crime is the center piece of computer forensics since a computer can be the tool for the crime, and the repository of data. Hence, study of computer crime is carried out in this chapter. This will include a description of how computer technology is used in computer crime, a review of the current challenges being solved by the forensic examiner, and a discussion of evidence gathering methods.

Obtaining the physical device used or the digital content is of utmost importance. That is where there is a need to review pre-search conditions and identification of the sources of electronic evidence. It covers the protocols to take control of a computer during a seizure which keeps consideration to the criteria of admissibility of evidence to court.

The succeeding parts of the syllabus will provide additional topics with regards to physical drive characteristics, disk use cycle from boot, drive letter initialization, file system like FAT and the file allocation table, data write and read, and limitation to recovery due to certain wipe out procedures.

Forensic Toolkit FTK

Forensic Toolkit or FTK is a software technology used to perform computer forensics investigations. AccessData, creator of FTK is founded in...