Computer forensics is a wide field that deals with collecting, analyzing, restoring and reporting digital data evidence. It covers both physical systems and networking devices and requires the knowledge of various laws and the use of specific procedures to be successful. A person interested in the field can take computer forensics courses that provide an introduction to information security or specialize in an area such as law, information assurance, network forensics or incident response.
Introductory computer forensics courses provide an overview of the subject without specializing in any particular area. Such courses cover the various laws and ethical issues involved with cyber forensics and discuss the various methods of gathering information for use as digital evidence. A person taking such a course learns the procedures for responding to cyber crimes and acquires a background in computer security, file systems and networking. He or she also learns the various tools needed for gathering and analyzing information on physical storage devices and on a network.
Information assurance is another type of computer forensics course and deals with the creation and management of organizational security polices. Topics covered include access control methods, network defense, physical security, security standards, encryption, risk management and project management. After completing this course, one should have a foundation for the information covered in more advanced computer forensics courses.
Another popular computer forensics course focuses specifically on cyber ethics and computer laws. Intellectual property laws, privacy issues, cyber terrorism and Internet censorship are commonly discussed. The goal of such a course is to prepare a person for dealing with the various legal and ethical challenges that exist in digital forensics.
Networks forensics courses deal specifically with securing networks and collecting and analyzing evidence. Common topics include firewalls, virtual private networking, servers, network operating systems, computer file systems and network data storage. Courses also may discuss introductory networking concepts, especially if they assume no prior knowledge in networking. One also may learn about network monitoring programs commonly used in the field; however, it also is possible that the school may offer courses that cover a specific tool extensively.
Many computer forensics courses exclusively cover incident response, which focuses on the preparation, collection, analysis and restoration of digital data. Such classes cover both data on physical storage devices and data obtained through networks. A student will learn how to collect data on physical systems from a hard drive, memory logs, virus scanner logs and other records kept by the operating system. Live capturing techniques, as well as network monitoring software, are covered for networking data.