Course details

Certified Information Systems Auditor (CISA) 2019: Digital Evidence Gathering

Certified Information Systems Auditor (CISA) 2019: Digital Evidence Gathering


Overview/Description
Expected Duration
Lesson Objectives
Course Number
Expertise Level



Overview/Description

This course covers material necessary to take the ISACA CISA (Certified Information Systems Auditor) exam, a professional certification that allows information system (IS) auditors to properly follow the IS audit process in risk management. You will learn how to identify assets and threats, hardening IT computing environments, performing IT forensics, and auditing tasks. This course explores the importance of gathering, handling, and storing digital evidence to ensure its admissible in a court of law. Because chain-of-custody laws vary around the world, it is important to know how the evidence was gathered, where it was stored, and who had access to the evidence. Learners will explore digital forensics, chain of custody, order of volatility, and hard disk imaging. You will see a list of common digital forensic hardware and software, and IT component collection as evidence. Finally, this course demonstrates how to use tools in Kali Linux, such as the autopsy forensic browser tool to view user data, and how to retrieve data from an image.



Expected Duration (hours)
0.6

Lesson Objectives

Certified Information Systems Auditor (CISA) 2019: Digital Evidence Gathering

  • discover the subject areas covered in this course
  • describe the purpose of digital forensics
  • describe digital forensic hardware
  • describe digital forensic software
  • identify which IT components should be collected as evidence and the recommended order of collection
  • recognize the importance of evidence handling and adherence to the chain of custody
  • use the Kali Linux Autopsy Forensic Browser to view user data
  • use the Kali Linux Foremost tool to retrieve data from a disk image
  • acquire a hard disk image using the Linux dd command
  • describe how forensic disk write blockers work, the evidence order of volatility, how to prove evidence integrity, and use Linux commands to acquire a disk image
  • Course Number:
    it_spcisa19_13_enus

    Expertise Level
    Expert