1. Forensic Examinations and Terms of Art - The module describes the procedures requisite to conduct an accurate and legally sufficient XP-platform forensic examination. Differing computer forensic protocols are described, including intrusive evidence recovery.
2. Windows Architecture - This module describes the software design and architecture of the platform and its variants. File structures, partitions, registry and directory attributes will be described.
3. Seizure, Documenting and Reporting Digital evidence - This exercise reviews and analyzes the methods used to document and report the results of a forensic examination. Certain students will present their findings in a simulated exercise in order to reinforce their capabilities to create effective demonstrative presentations.
4. Media Preparation Methods - Students are introduced to the prevailing instruments and technologies forensically prepare digital media. This is a critically important set of procedures when imaging a suspects digital media in order to be assured that no digital artifacts remain from prior investigations.
5. Hardware Utilities - Forensic learners are introduced to four differing hardware devices, all of which are currently available to support computer forensic acquisitions. Certain difficulties are reviewed and the instructor will demonstrate these advanced tools.
6. Specialized Examination Tools - This is an introduction to a variety software tools for use in a computer forensic examination. Learners are required to utilize advanced software and participate in a practical exercise in order to achieve a working understanding of these tools.
7. Forensics Artifact Recovery - This is a both a discussion and hands-on lab where learners will conduct an advanced forensic examination of digital media. The focus of this lesson is to utilize tools for the recovery of digital artifacts which are unattainable by conventional methods.
8. Cryptography & Password Recovery - This topic covers digital encryption file structures and password protected data that an investigator may encounter while conducting an investigation. Students are exposed to methods to compromise passwords which are used to protect potential evidence. This information is useful when trying to investigate a computer criminal that tries to hide data of forensics interest.
9. Presentation of Digital Evidence - This is the final in-class exercise where student are faced with the challenge of presenting their findings in a liturgical setting. The students will present their findings in understandable terms, which is critical during a forensics investigation.
10. Course Final Examination - This is a wrap-up practical and knowledge based instrument that is intended to assess the student mastery of the material presented.