- Identify security objectives and vulnerabilities, threats and risks of a given information system in a defined operational environment.
- Evaluate the security services to be implemented in a given system and design and implement mechanisms and subsequent protocols.
- Evaluate and implement appropriate authentication mechanisms to access a specific system.
- Use the signature and certification systems in a particular environment.
- Design a security plan, developing the various parts of it, assessing their compliance over time and correcting deviations. Analyze and manage the risks of a particular installation.
- Develop a comprehensive recovery plan for an actual installation. Conduct a compliance audit of files and systems containing personal data.
- Use the tools that allow control of operating systems, mainly Windows and Linux.
- Manage the main techniques of collection, identification and analysis of events, guaranteeing the assurance testing and preserving the chain of custody of them. Assess and manage systems secure erase and data recovery.
- Implement databases over a transmission system. Assess and use different techniques to integrate data mining: extraction techniques and modeling analysis.
The course covers forensics tools, methods, and procedures used for investigation of computer crime, techniques of data recovery, protection and gathering of evidences, and expert witness skills.
Upon successful completion of this course, the student will be able to:
1. Know and use the methodology commonly used in computer forensics investigations.
2. Know and use methods for evidence gathering.
3. Use and evaluate various techniques for evidence analysis in file systems, memory and networks.
4. Install, configure and use forensics tools.
5. Get acquainted with hardware devices used in computer forensics investigations.
6. Retrieve, manipulate and organize evidences systematically.
7. Write forensics reports.
8. Know and use standards and legal regulations linked with computer forensics investigations.