Skip to content
CBT Nuggets
DemoRequest Demo

<h1>Digital Forensics and Computer Examiner Training Online Training</h1>

This digital forensics training teaches you how to collect, preserve, and analyze digital evidence with confidence. You’ll master skills in digital forensics and incident response, from recovering artifacts in memory and unallocated space to analyzing network traffic and hidden data. Explore tools like hex editors, registry analyzers, and steganography software to uncover what others miss. Whether you’re training to become a digital forensics examiner, advancing as a digital forensic analyst, or building computer examiner training into your team’s skill set, this course gives you the legal, ethical, and technical know-how to succeed. You’ll learn proper chain of custody, expert witness testimony, and lab setup for professional investigations.

Erik Choron
Erik ChoronOffensive Security & Security Operations

Updated December 2024

Request a Demo
15Skills
124Videos
12h 19mTotal
124 videos12h 19m

Who This Course Is For

This training is considered professional-level digital forensics training, which means it was designed for digital forensic investigators. This digital forensics skills course is designed for digital forensic investigators with three to five years of experience with cybersecurity.

Course Curriculum

  • Premium skill.Digital Forensics Introduction46m
  • Premium skill.Chain of Custody46m
  • Premium skill.Software Loadout50m
  • Premium skill.Installing and Configuring Kali52m
  • Premium skill.Monitoring with Kali57m
  • Premium skill.Metasploit Framework49m
  • Premium skill.Looking at the Files45m
  • Premium skill.File Steganography45m
  • Premium skill.Digital Artifacts within Windows47m
  • Premium skill.Unallocated Artifacts within Windows1h 1m
  • Premium skill.Examining Unallocated Data46m
  • Premium skill.Examining Volatile Memory49m
  • Premium skill.Learning About Our System with Volatility45m
  • Premium skill.Analyze RAM while Learning Volatility52m
  • Premium skill.Federal Rules of Evidence49m
Part of the Security & Compliance training initiative

Platform Features

For IT leaders

What IT leaders need to know before assigning this course

Security incidents create both technical and legal risk when evidence is collected inconsistently or reported without a defensible process. IT Directors can assign this professional-level course to digital forensic investigators, incident response staff, or senior security practitioners with roughly 3–5 years of cybersecurity experience who need a shared workflow for collecting, preserving, analyzing, and reporting digital evidence.

The course is about 12 hours and 20 minutes per learner, making it realistic for a focused upskilling sprint or phased rollout across an investigations team. It covers chain of custody, Kali setup and monitoring, Windows artifacts, unallocated data, volatile memory analysis with Volatility, steganography, and Federal Rules of Evidence. For change management, Team Leads should align learners on internal evidence-handling procedures before applying these skills in live investigations. CBT Nuggets Playlists and Team Reporting help Training Managers assign the course, monitor progress, and verify completion across the team.

Team Impact

How this training helps your team succeed

IT teams complete this training to make forensic investigations more consistent, defensible, and useful during security incidents or legal review. The course connects evidence handling with practical examination tasks across systems, files, memory, and network behavior.

  • Reduce investigation risk: Teams learn chain of custody concepts and Federal Rules of Evidence considerations that support defensible evidence handling.
  • Improve incident reconstruction: Investigators examine Windows artifacts, unallocated data, files, and volatile memory to better understand what happened on a system.
  • Strengthen response readiness: Practitioners work through Kali setup, monitoring, and Metasploit-related concepts so they can recognize and investigate security activity more effectively.
  • Find hidden or deleted evidence: Teams study file steganography and unallocated artifacts, helping investigators look beyond active files when reviewing compromised systems.

After completion

Knowledge & ability your team will gain

Knowledge

  • Core digital forensics concepts, including evidence collection, preservation, analysis, and reporting
  • Chain of custody requirements and why documentation matters during investigations
  • How Windows artifacts, unallocated space, and volatile memory can support incident analysis
  • How file steganography can hide data during an investigation
  • Federal Rules of Evidence concepts relevant to digital evidence handling

Ability

  • Follow a more consistent workflow for handling and documenting digital evidence
  • Install and configure Kali for investigation-related monitoring tasks
  • Examine files, Windows artifacts, unallocated data, and RAM for forensic clues
  • Use Volatility concepts to learn about a system and analyze memory captures
  • Communicate findings in a way that supports technical review and legal or compliance stakeholders

This course is included with every subscription

Get your team access to all 559 courses, virtual labs, and practice exams.

Small Team

$599per seat / year

2–4 learner seats

Get Started
Most Popular

Team

$749per seat / year

5+ learner seats

Get Started

Enterprise

Customannual contracts

Any size

Contact Enterprise Sales
Calculate the ROI of training your team

Trusted by 23,000+ organizations

Frequently Asked Questions

Related Courses

Cisco

Cisco CyberOps

Keith Barker, Bob Salmans, Kelvin Tran, John Munjoma

119114h 47m

CompTIA

Network+

Keith Barker

2703038h 8m

CompTIA

Security+

Keith Barker, Erik Choron

27729h 58m

Ready to upskill your team?

Talk to our sales team to find the right plan for your organization.

Request a Demo