Skip to main content

CYBR 672 Digital Forensics II

This course covers how to conduct successful digital forensic examinations in Windows, Linux, and Mac OS, the methodologies used, key technical concepts, and the tools needed to perform examinations. The required technical details of how each operating system works and how to find artifacts is also covered. Topics like File systems, data recovery, memory forensics, executable layouts are discussed in details. Moreover, Hands-On Network Forensics that starts with the core concepts within network forensics, including coding, networking, forensics tools, and methodologies for forensic investigations are covered.


Special information

First day attendance is mandatory.
Prerequisites: Graduate standing. Note: Students are responsible to both be aware of and abide by prerequisites for CYBR courses for which they enroll, and will be administratively dropped from a course if they have not met prerequisites.
2 Graduate credits

Effective May 6, 2020 to present

Learning outcomes


  • Differentiate between different file systems used by modern operating systems
  • Conduct Memory Forensics to extract essential artifacts
  • Discover and interpret encrypted traffic
  • Correlate data collected from attacks
  • Apply a solid foundational grounding in computer forensics science by conducting acquisitions of locally attached devices with various state-of-the-art tools and validate the acquired images.
  • Sketch and recover various artifacts from the windows registry such as user account information and network address information.

Summer 2024

Section Title Instructor books eservices
50 Digital Forensics II Rabieh, Khaled Books for CYBR-672-50 Summer 2024 Course details for CYBR-672-50 Summer 2024