C5W-100 INTRODUCTION TO DIGITAL FORENSICS

Aligned to NIST NICE Framework (IN-WRL-002, PD-WRL-002)

Get started with digital forensics in this FREE introductory course. Learn foundational concepts, types of digital evidence, device categories, legal considerations, and common investigation challenges, ideal for aspiring DFIR professionals.

Regular Enrollment

Free

Enroll Free

with 20h lab

$50.00

Enroll Now

Get started with digital forensics in this FREE introductory course designed to build a strong foundation for aspiring DFIR professionals. Learn core concepts of digital forensics, types of digital evidence, device categories, legal considerations, and common challenges faced during real-world investigations.

This course combines theory with practical understanding to help you develop the mindset needed for investigative work in cybersecurity.

NICE Framework Alignment

This course is strategically aligned to the NIST NICE Workforce Framework for Cybersecurity, supporting key DFIR job roles and competencies:

IN-WRL-002 — Digital Evidence Analysis
Identifying, collecting, and interpreting digital evidence

PD-WRL-002 — Digital Forensics
Applying structured forensic investigation techniques

This alignment ensures the course reflects real-world cybersecurity workforce needs and supports recognized professional role development in digital forensics.

1. Keep Learning DFIR – Your Way!
2. Before You Start (Beginning of the Course)
1. What is Digital Forensics
2. Digital Forensics Investigation
3. What is the Digital Evidence
4. Digital Devices
5. Legal Aspects
6. Types of Digital Forensic Investigation
7. Challenges of Digital Forensics
8. Conclusion
9. Check Your Module's Knowledge
10. References
11. Have a Question?!
1. Hard Disk - Physical & Logical Drive
2. Virtual Hard Disk (VHD)
3. Creating Virtual Hard Disk
4. Creating Virtual Hard Disk with Two Partitions
5. Required Files -- Attaching and Detaching Virtual Hard Disk
6. Attaching and Detaching Virtual Hard Disk
7. Exercise #1
8. Solutions_Virtual_Hard_Disk
9. Summary
10. Check Your Module's Knowledge
11. Have a Question?!
1. Data Acquisition Concepts
2. Data Validation
3. Acquisition Methods
4. Forensic Image File Formats
5. The Importance of Evidence Acquisition
6. Must-Know First Response Actions
7. Required Files -- Sanitization of the Target Media
8. Sanitization of the Target Media
9. Hardwipe Tool
10. Cygwin Tools (dd Command in Windows)
11. Check Your Knowledge
12. Exercise #1
13. Exercise #1 Solution
14. Required Files -- Acquisition Tools
15. Evidence Data Acquisition
16. Memory Dump
17. Tools for Memory Dump
18. Disk Drive Imaging
19. Other Forensic Tools
20. Exercise #2
21. Solution_Exercise#2
22. Examples of Hardware Acquisition Tools
23. Using UltraDock Write-Blocker
24. Required Files - Mounting a Forensic Image
25. Introduction to Image Mounting
26. Arsenal Image Mounter
27. OSFMount
28. Other Forensic Image Mounting Tools
29. Exercise#3
30. Solution_Exercise#3
31. Summary
32. References
33. Have a Question?!
1. Introduction to Forensic Toolkit Imager
2. Required Files -- Introduction
3. Required Files -- Installation of FTK Imager
4. Install FTK Locally
5. Install FTK on a Portable Device (USB)
6. Required Files -- Evidence Acquisition
7. Digital Evidence Acquisition
8. Memory Acquisition
9. Disk Acquisition
10. Exercise #1
11. Solutions Exercise #1
12. Required Files -- Attach an Evidence Item
13. Add Evidence Item to FTK Imager
14. Create and Verify a Multi-Part Disk Images
15. Loading a Multi-Part Disk Image
16. Required Files -- Evidence Analysis
17. Evidence Analysis
18. Exporting Data using FTK Imager
19. Detect EFS Encryption
20. Exercise #2
21. Solution Exercise #2
22. Acquiring Protected Registry Files
23. Copying Registry Files
24. Required Files -- Interpreter in FTK
25. Interpreter
26. Exercise #3
27. Solution Exercise #3
28. Required Files -- Create Images with Advanced Features
29. Custom Content Images
30. AD Encryption
31. Exercise #4
32. Solution Exercise #4
33. Required Files -- Image Mounting
34. Image Mounting
35. Steps of Image Mounting
36. Mount Multi-Part Raw Disk Image with FTK
37. Summary
38. Have a Question?!
1. Introduction to Data Representation
2. Numbering Systems
3. Decimal Number System (Base 10)
4. Binary System (Base 2)
5. Hexadecimal (Base 16)
6. Octal (Base 8)
7. Byte Ordering
8. Introduction to Text Code
9. ASCII Code
10. Unicode
11. Exercises
12. Solutions
13. Have a Question?!
1. Introduction to File Identification
2. Installation of HxD Editor
3. Working with HxD Editor
4. Installation of 010 Editor
5. Working with 010 Editor
6. 010 Editor, Let us start
7. Explore the View Options
8. Viewing Unicode Files
9. View Options: Edit As
10. View: Font & Character Set
11. View: Line Width & Addresses
12. View: Group by, Division Lines, Left & Right View Areas
13. View: Highlighting, Ruler, & Status Bar
14. More View Options
15. File Offsets
16. Relative Offsets
17. Examples on Relative Offsets 1
18. Examples on Relative Offsets #2
19. Search Menu: Find using Hex
20. Search Menu: Find using Text
21. Search Menu: Replace
22. Search Menu: Find Strings
23. Search Menu: Find in Files
24. Search Menu: Replace in Files
25. Search Menu: Goto...
26. Search Menu: Goto using Directions
27. The Format Menu
28. Tools Menu Part #1
29. Tools Menu Part #2
30. Inspector (Interpreting Data) Part #1
31. Inspector (Interpreting Data) Part #2
32. Templates Part #1
33. Templates (File Signatures) Part #2
34. Templates - PE File (Part #1)
35. Templates - PE File (Part #2)
36. Templates - PE File (Part #3)
37. Templates - PE File (Part #4)
38. Templates - PE File (Part #5)
39. Templates - PE File (Part #6)
40. Templates - PE File (Part #7)
41. Templates - PE File (Part #8)
42. Templates - PE File (Part #9)
43. Templates - PE File (Part #10)
44. Templates - PE File (Part #11)
45. Templates - PE File (Part #12)
46. Reviewing 010 Template for PE File Format
47. Required Files
48. Introduction to File Signature
49. Text Files
50. Microsoft Word Files
51. PDF Files
52. TAR Files
53. Zip Files
54. PNG Files
55. JPEG Files
56. EXE Files
57. MP3 Files
58. MP4 Files
59. System Metadata
60. Embedded Metadata
61. Required Files -- Exercises
62. Exercise #1
63. Exercise #2
64. Exercise #3
65. Solutions of Exercises
66. Have a Question?!
1. Introduction to File System and Data Carving
2. What is File System
3. Hard Disk
4. NTFS
5. Ext4
6. NTFS vs EXT4
7. Required Files -- Data Carving
8. Introduction to Data Carving
9. Manual Data Carving - Using Hex Editor
10. Manual Data Carving - Carving an Image from a Doc File
11. Automatic Data Carving - Photorec
12. Automatic Data Carving - foremost
13. Required Files -- Exercises
14. Exercise #1
15. Exercise #1 - Solution
16. Exercise #2
17. Exercise #2 - Solution
18. Exercise #3
19. Exercise #3 - Solution
20. Have a Question?!
1. Introduction
2. Converting Times
3. Converting Dates
4. Exercise 01
5. Exercise 01 - Solution
6. File Operations
7. Required Files -- Timestamps and File Operation
8. Exercise 02 -- Inspecting Timestamps
9. Exercise 02 -- Solutions
10. Have a Question?!
1. Required Files
2. Lab #1 - Working with Autopsy
3. Lab #1 - Working with Autopsy (Solution)
4. Extra Reading Resources
1. What is the Forensics Report ?
2. Preparing For Forensics Report
3. The Importance of the Forensics Report
4. Why Documenting is Important?
5. Forensics Report Sections
6. Reporting Standards And Guidelines
7. Conclusions
8. Have a Question?!
1. Before You Go (End of the Course)

About this course

Free
217 lessons

Social Proof: Reviews

Rating Course

SUKONKAN SANTISUWAN

easy to learn and easy to read workshop step by step

Read Less

C5W-100 INTRODUCTION TO DIGITAL FORENSICS

Arif Chowdhury

Great

Read Less

Working With file and File Signature

Jayaram Pudasaini

Wonderful explanation and learn a lot about executable file format and other file signature and metadata.

Read Less

barry sahya

Excellent Course i've ever had

Read Less

Digital forensics

ABDULJALIL JIBRIL HUSSAINI

I learn more on This course now I can call my self Digital forensics investigator, I learn more about digital forensics thank you I will try and pay live one.

Read Less

DFIR

Divyam Bhavsar

I am happy to share i learn a lot of form this cource and i respect you because you share free cource, i am not able to pay this DFIR traning fees that's why...

I am happy to share i learn a lot of form this cource and i respect you because you share free cource, i am not able to pay this DFIR traning fees that's why i love this.

Read Less

Digital Forensics is like the detective work of the digit...

Mylene Rubia

Absolutely! Digital forensics is like the detective work of the digital world—it’s fascinating how investigators can uncover hidden truths within data, trace...

Absolutely! Digital forensics is like the detective work of the digital world—it’s fascinating how investigators can uncover hidden truths within data, trace cybercrimes, and even recover "lost" information. From examining encrypted files to analyzing digital footprints, it’s a field that combines technology, problem-solving, and a bit of mystery. Superb!

Read Less

I like it.

Willian Brandão

Read Less

DIGITAL FORENSICS CONCEPTS!

Samuel Orr

DIGITAL FORENSICS CONCEPTS!

Read Less

John Samuel Thiong'o K.

John Samuel Thiong'o Kamwaro

I loved everything about the course, and to be specific the step by step guide to the practical tasks

Read Less

C5W-100

franklin ijomah

The course provided good, clear, precise material on digital forensics, it was a wonderful experience with good exercises to reinforce knowledge and i would ...

The course provided good, clear, precise material on digital forensics, it was a wonderful experience with good exercises to reinforce knowledge and i would recommend it for anyone interested in digital forensics.

Read Less

DFIR review

anita munala

A very good introduction to DFIR.

Read Less

Frequently asked questions

How do I purchase a course?

You can enroll in any course directly through our platform using secure online payment.
How do I access my course after enrollment?

Once payment is complete, you will be redirected to the course and receive a confirmation email. You may also log in at any time to access your content via the My Dashboard section.
How long will I have access to the course material?

Lifetime access while the course remains available, with a guaranteed minimum of 1 year, even if it is updated or retired.
What are the general technical requirements?
Our platform is accessible from any device with internet access. For hands-on labs, we recommend:

A modern operating system capable of running virtual machines

8 GB RAM (minimum)

500 GB disk space

Hypervisor software: Virtualbox, VMWare, HyperV, etc

Alternatively, we offer fully hosted Virtual Labs that allow you to complete technical exercises via the cloud. Please check our labs at: labs.cyber5w.com.
Can I ask for help if I don't understand something?

Of course! Reach out by email anytime.
What is the expected time commitment for each course?

Each course is self-paced and designed to accommodate different learning speeds. The time you'll need depends on your current knowledge, experience, and how deeply you choose to engage with the materials and hands-on labs.
Do you offer student discounts?

Yes, we offer a 25% discount to verified university or college students (must register with a valid academic email). Please contact us at [email protected] after registering and before purchasing.
Do you offer law enforcement and military professionals discounts?

Yes, we offer a 25% discount to active law enforcement and military professionals (official verification required). Please contact us at [email protected] after registering and before purchasing.
Do you offer corporate training or customized training solutions?

Absolutely. We provide customized training solutions for teams, security operations centers, and government entities, including on-site workshops, simulations, and private lab access. Please contact us at [email protected] for arrangement.
Do your courses include Certificate of Completion?

All of our courses include a Certificate of Completion, awarded upon successful completion of lessons, labs, or a final exam (where applicable). These certificates are designed to support your professional development in the DFIR and cybersecurity fields.
Do you deliver on-site training for employees?

Yes, we tailor on-site training programs to your team's specific needs. Please contact us to discuss options, dates, and pricing.
Do you travel internationally?

Yes. Our instructors can deliver on-site training globally. Travel expenses will apply.
How long are your on-site training sessions?

Courses can range from one-day workshops to multi-week immersive programs, depending on your goals.
Can we customize the syllabus?

Absolutely! We work with you to design a tailored syllabus that matches your team's skill level and focus areas.
Do you provide virtual lab access?

Yes, all labs are accessible at labs.cyber5w.com.
What if my computer isn't good enough for the labs?

No worries, you can complete all exercises in our prebuilt virtual lab environment. No special hardware is needed, only a modern web browser to access the online labs.
What software or tools are installed in the virtual labs?

Each lab comes preloaded with the tools you'll need to successfully complete the exercises in the course you are learning.
How long do I have access to the labs?

Your virtual lab access comes with a predefined set of hours, but you can extend the lab access time as preferred (optional).
What professional certifications can I earn?
Cyber5W offers a series of hands-on, industry-recognized certifications to validate your expertise in digital forensics and threat analysis. These certifications are available as optional exams after completing the relevant training.

Cyber 5W Certified Digital Forensic Analyst (CCDFA)

Cyber 5W Certified Linux Forensic Analyst (CCLFA)

Cyber 5W Certified Malware Analyst (CCMA)

Cyber 5W Certified Threat Analyst (CCTA)

Note: Detailed exam requirements, structure, and registration links are available on each certification's dedicated page. Each exam comes with 1 retake.
I'm new to DFIR, which professional certifications are available for beginners?
Cyber 5W Certified Digital Forensics Evidence Handler

Cyber 5W Certified Digital Forensics Foundations)

Note: DetailedDetailed exam requirements, structure, and registration links are available on each certification's dedicated page.
Can I retake a test if I do not pass the exam?

Yes, we allow multiple retake attempts. Check your exam specifics or contact support if you need further help.
What support is available during an exam?

You may email [email protected] for logistics and technical issues, but no exam-specific assistance will be provided.
How are CYBER 5W certification exams different from traditional tests?

At CYBER 5W, our certification exams are skill-based, not just multiple-choice. We assess your practical knowledge through real-world tasks to ensure you can apply what you've learned.

Still have questions?

Can't find the answer you're looking for? Please chat to our friendly team.

Get in touch

Stay ahead in DFIR!

Sign up for the latest findings, field advancements, and updates on upcoming webinars, conferences, seminars, and free courses.

Regular Enrollment

Free

with 20h lab

$50.00

NICE Framework Alignment

1. Self-Paced Online Learning (Free Option)

2. Premium Option with Virtual Lab Access

Before You Start

DIGITAL FORENSICS CONCEPTS

WORKING WITH VIRTUAL HARD DISK

EVIDENCE ACQUISITION UNDER WINDOWS

WORKING WITH FTK IMAGER

COMPUTER DATA REPRESENTATION

WORKING WITH FILES

FILE SYSTEM AND DATA CARVING

WORKING WITH TIME ZONES AND DATES

WORKING WITH AUTOPSY

WRITING FORENSIC REPORTS

Before You Go (End of the Course)

About this course

Still have questions?