• Digital forensic analysts, incident responders, security operations center (SOC) staff
• Law enforcement, legal or judicial personnel handling cybercrime investigations
• IT security professionals, system administrators, network administrators
• Malware analysts, security consultants, audit & compliance professionals
• Students or practitioners aiming to develop or validate forensic investigation skills

• Basic knowledge of networking, operating systems (Windows, Linux/macOS), and security concepts
• Prior exposure to IT or cybersecurity (helpful but not always mandatory)
• Familiarity with command line, file systems, and basic scripting
• A desire to specialize or enhance skills in forensic techniques and digital evidence handling
  

• Understand the theories, principles, and frameworks of computer forensics and cybercrime
• Plan, initiate, and conduct digital forensic investigations following legal and procedural standards
• Properly collect, preserve, duplicate, and validate digital evidence from a variety of sources
• Identify and mitigate anti-forensics tactics employed by adversaries
• Perform forensic analysis on Windows, Linux, macOS systems, networks, mobile devices, and IoT
• Analyze web and email artifacts, detect evidence in dark web contexts, and examine cloud environments
• Conduct static and dynamic malware analysis, reconstruct malware behavior, and identify exploits
• Create comprehensive forensic reports and present findings suitable for legal proceedings
• Serve as an expert witness, offering testimony in accordance with legal standards and ethical practices

Fundamentals of computer forensics; cybercrime landscape; forensic readiness; digital evidence concepts; roles & responsibilities of forensic investigators; challenges and legal compliance

Investigation phases: first response, evidence collection, chain of custody, preservation, analysis, post-investigation steps

Disk types, partitioning, file system structures (NTFS, FAT, EXT, APFS, etc.); boot processes; logical vs physical layouts

Acquisition techniques: live, dead, order of volatility; imaging and duplication; write blockers; hashing; forensic tools

Anti-forensics: data wiping, obfuscation, encryption, steganography, metadata tampering, footprint minimization

Windows registry, event logs, memory analysis, artifacts (LNK, jump lists), browser history, cache, shellbags

Volatile vs non-volatile data on Linux/macOS, memory forensics, file system parsing, tool usage for Unix systems

Packet capture and analysis, flow data, intrusion logs, indicators of compromise (IoCs), network event correlation, wireless forensics

Web server logs (IIS, Apache), web app attacks (SQLi, XSS), WAF logs, URL analysis

TOR architecture, onion routing, identifying artifacts, dark web investigation techniques

Malware types, static & dynamic analysis, memory behavior, reverse engineering basics

Cloud models, forensic methods in AWS/Azure/GCP, container forensics, remote evidence collection

Structure of email systems, header analysis, social media artifacts, OSINT techniques

Mobile OS architecture, acquisition techniques, app data, logs, IoT device artifacts

Report writing, evidence presentation, expert witness roles, court standards, ethics