Courses / Digital Evidence Basics
Digital Evidence Basics Studio
Collect, label, and preserve workstation artifacts without breaking the activity log trail you will rely on later.
Schedule a workshop callOverview
You work from curated drive images and mobile exports that mirror what analysts see in the field. Each module pairs a short concept walkthrough with a guided lab so you can repeat the same capture sequence on your own kit. We stay away from theatrical “hacker movie” shortcuts and focus on repeatable checklists, hash verification, and notes that hold up when another reviewer reads your packet.
What is included
- Evidence intake checklist you can reuse on day one
- Hash-and-copy workflow with before/after verification prompts
- Notebook templates aligned to investigation readiness reviews
- Optional offline kit with USB write-blocker exercises
- Office-hour blocks for screenshot markup critique
- Short readings on volatile data and why order matters
- Peer review swap so you read someone else’s notes cold
Outcomes
- Produce a defensible acquisition log for a single workstation image
- Explain why two capture orders differ in risk, in plain language
- Ship a handoff folder another teammate can continue without rework
FAQ
Do I need a second machine for the labs?
A modest desktop or laptop with 16 GB RAM is enough for the provided images. We do not ship bare metal; you download scoped evidence sets instead.
Is a certificate included?
You receive a completion record after the final lab review. It is not a professional credential and does not replace employer-specific training.
What is intentionally not covered?
Mobile acquisition chains and courtroom testimony are out of scope so the course stays tight for newcomers.
Learner notes
-
“The week-two hash drill finally made checksum clicks stick. I wish the mobile teaser was longer, but the desktop flow is solid.”
-
“Templates are plain-language enough that I reused one on a live internal ticket the next day.”