Coursera

Digital Forensics Essentials (DFE) (Coursera)

Offered by EC-Council,
Digital Forensics Essentials (DFE) (Coursera)

Digital Forensics Essentials helps learners increase their competency and expertise in digital forensics and information security skills, thereby adding value to their workplace and employer. This course will introduce learners to Computer Forensics Fundamentals as well as the Computer Forensics Investigation Process. Plan to learn about Dark Web, Windows, Linux, Malware Forensics, and so much more! The interactive labs component of this course ensures that learners receive the hands-on, practical experience required for a future in digital forensics.

Class Deals by MOOC List - Click here and see Coursera's Active Discounts, Deals, and Promo Codes.

DFE-certified learners have an assured means of formal recognition to add to their resumes and show off their expertise and skills to prospective employers. This improves their prospects for employment advancement, higher salaries, and greater job satisfaction.
Course 3 of 3 in the Cybersecurity Attack and Defense Fundamentals Specialization.

What You Will Learn

  • Network forensics fundamentals, event correlation, and network traffic investigation
  • Data acquisition concepts, types, format, and methodology
  • Computer forensics investigation process and its phases
  • Fundamental concepts of computer forensics

Syllabus

WEEK 1
Module 01: Computer Forensics Fundamentals
Computer forensics plays a vital role in the investigation and prosecution of cybercriminals. The process includes the acquisition, inspection, and reporting of information stored across computers and networks in relation to a civil or criminal incident. Forensic investigators are trained professionals who extract, analyze/investigate, and report crimes that either target technology or use it as a tool to commit a crime. This module discusses the role of computer forensics in today’s world.
Module 02: Computer Forensics Investigation Process
One of the goals of performing a forensic investigation process is to have a better understanding of an incident by identifying and analyzing the evidence thereof. This module describes the different stages involved in the complete computer forensic investigation process and highlights the role of expert witnesses in solving a cybercrime case. It also outlines the importance of formal investigation reports presented in a court of law during a trial.

WEEK 2
Module 03: Understanding Hard Disks and File Systems
Storage devices such as Hard Disk Drives (HDDs) and Solid-State Drives (SSDs) are an important source of information during forensic investigation. The investigator should locate and protect the data collected from storage devices as evidence. Therefore, it is necessary for the investigator to have knowledge on the structure and behavior of storage devices. The file system is also important as the storage and distribution of the data in a device is dependent on the file system used. This module provides insight into hard disks and file systems.
Module 04: Data Acquisition and Duplication
Data acquisition is the first proactive step in the forensic investigation process. Forensic data acquisition does not merely entail the copying of files from one device to another. Through forensic data acquisition, investigators aim to extract every bit of information present in the victim system’s memory and storage, in order to create a forensic copy of this information. Further, this forensic copy must be created in a manner such that integrity of the data is verifiably preserved and can be used as evidence in the court. This module discusses the fundamental concepts of data acquisition and the various steps involved in the data acquisition methodology.

WEEK 3
Module 05: Defeating Anti-forensics Techniques
After compromising a system, attackers often try to destroy or hide all traces of their activities; this makes forensic investigation extremely challenging for investigators. The use of various techniques by cyber-criminals to destroy or hide traces of illegal activities and hinder forensic investigation processes are referred to as anti-forensics. Forensic investigators need to overcome/defeat anti-forensics so that an investigation yields concrete and accurate evidence that helps identify and prosecute the perpetrators. This module outlines the fundamentals of anti-forensics techniques and elaborately discusses how forensic investigators can defeat them using various tools.
Module 06: Windows Forensics
Windows forensics refers to investigation of cyber-crimes involving Windows machines. It involves gathering of evidence from a Windows machine so that the perpetrator(s) of a cybercrime can be identified and prosecuted. Windows is one of the most widely used OSes; therefore, the possibility of a Windows machine being involved in an incident is high. So, investigators must have a thorough understanding of the various components of a Windows OS such as the file system, registries, system files, and event logs where they can find data of evidentiary value. This module discusses how to collect and examine forensic evidence related to incidents of cybercrime on Windows machines.

WEEK 4
Module 07: Linux and Mac Forensics
Windows may be the most commonly used platform for forensic analysis owing to its popularity in enterprise systems. Several digital forensics tools exist for systems operating on Windows. However, when it comes to conducting forensics investigation on Linux and Mac systems, investigators are faced with a different kind of challenge. While the forensics techniques are the same, the tools used might differ. This module discusses how to collect and examine evidence related to incidents of cybercrime on Linux and MacOS–based machines.
Module 08: Network Forensics
Network forensic investigation refers to the analysis of network security events (which include network attacks and other undesirable events that undermine the security of the network) for two broad purposes — to determine the causes of the network security events so that appropriate safeguards and countermeasures can be adopted, and to gather evidence against the perpetrators of the attack for presentation in the court of law. This module discusses the methods of investigating network traffic to locate suspicious packets and identify indicators of compromise (IoCs) from the analysis of various log files.

WEEK 5
Module 09: Investigating Web Attacks
Web applications allow users to access their resources through client-side programs such as web browsers. Some web applications may contain vulnerabilities that allow cyber criminals to launch application-specific attacks such as SQL Injection, cross site scripting, local file inclusion (LFI), command injection, etc., which cause either partial or complete damage of the underlying servers.
Moreover, such attacks against web applications can lead to massive financial and reputational damage for organizations. In most cases, organizations are unable to trace the root cause of an attack, which leaves security loopholes for the attackers to exploit. This is where web application forensics assumes significance. This module discusses the procedure of web application forensics, various types of attacks on web servers and applications, and where to look for evidence during an investigation. Furthermore, it explains how to detect and investigate various types of web-based attacks.
Module 10: Dark Web Forensics
The web as three layers: the surface web, deep web, and dark web. While the surface web and deep web are used for legitimate purposes, the dark web is mostly used by cyber criminals to perpetrate nefarious/antisocial activities. Access to the dark web requires the use of the Tor browser, which provides users a high level of anonymity through a complex mechanism, thereby allowing criminals to hide their identities.
This module outlines the fundamentals of dark web forensics, describes the working of the Tor browser, and discusses steps to perform forensic investigation of the Tor browser.

WEEK 6
Module 11: Investigating Email Crimes
Over the past few decades, email services have been extensively used for communication all over the world for exchanging texts and multimedia messages. However, this has also made email a powerful tool for cybercriminals to spread malicious messages and perform illegal activities. The current module intends to familiarize you with the subject of email crimes and how they occur. It primarily focuses on the steps an investigator needs to follow in an email crime investigation.
Module 12: Malware Forensics
Currently, malicious software, commonly called malware, is the most efficient tool for compromising the security of a computer or any other electronic device connected to the internet. This has become a menace owing to the rapid progress in technologies such as easy encryption and data hiding techniques. Malware is the major source of various cyber-attacks and internet security threats; therefore, computer forensic analysts need to have the expertise to deal with them.
This module elaborately discusses the different types of malware, malware forensics fundamentals, and different types of malware analysis that investigators can perform to examine the malicious code and determine how the malware interacts with the system resources and the network during the runtime.

Go to Class
MOOC List is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

Related Courses

Hands-on Introduction to Linux Commands and Shell Scripting (Coursera) Coursera
IBM

Hands-on Introduction to Linux Commands and Shell Scripting (Coursera)

Security & Networking

This mini-course provides a practical introduction to commonly used Linux / UNIX shell commands and teaches you basics of Bash shell scripting to automate a variety of tasks. The course includes both video-based lectures as well as hands-on labs to practice and apply what you learn. You will have no-charge access to a virtual Linux server that you can access through your web browser, so you don't need to download and install anything to perform the labs.

Jun 22nd 2026
1 Week
Operating Systems Linux Scripting
Details
Real-Time Project for Embedded Systems (Coursera) Coursera
University of Colorado Boulder

Real-Time Project for Embedded Systems (Coursera)

Engineering Sci: Physics

The final course emphasizes hands-on building of an application using real-time machine vision and multiple real-time services to synchronize the internal state of Linux with an external clock via observation. Compare actual performance to theoretical and analysis to determine scheduling jitter and to mitigate any accumulation of latency.

Jun 22nd 2026
5-12 Weeks
Linux Embedded Systems Timing Analysis
Details
Introduction to Cybersecurity for Business (Coursera) Coursera
University of Colorado System

Introduction to Cybersecurity for Business (Coursera)

Security & Networking

The world runs computers. From small to large businesses, from the CEO down to level 1 support staff, everyone uses computers. This course is designed to give you a practical perspective on computer security. This course approaches computer security in a way that anyone can understand. Ever wonder how your bank website is secure when you connect to it? Wonder how other business owners secure their network? Wonder how large data breaches happen? This is practical computer security. It will help you answer the question – what should I focus on?

Jun 22nd 2026
5-12 Weeks
Security Risk Assessment Information Security
Details
NIST DoD RMF (Coursera) Coursera
Infosec

NIST DoD RMF (Coursera)

Security & Networking

The Risk Management Framework (RMF) provides a disciplined, structured and flexible process for managing security and privacy risk. It includes information security categorization; control selection, implementation and assessment; system and common control authorizations; and continuous monitoring. It includes activities to prepare organizations to execute the framework at appropriate risk management levels.

Jun 22nd 2026
5-12 Weeks
Security Risk Management Information Security
Details
Linux Basics: The Command Line Interface - 6 (Coursera) Coursera
Institut Mines-Telecom,Dartmouth College

Linux Basics: The Command Line Interface - 6 (Coursera)

CS: Software Engineering CS: Programming

This course will introduce you to Linux, a powerful operating system used by most professional developers! Why add Linux to your C programming skills? Most people use Linux without knowing it! Whether you use a smartphone, search the web, or use an ATM, each time Linux is involved somewhere in the background. It is the most used operating system for embedded devices and high-performance servers. It is also the most common operating system used by developers to create software applications.

Jun 22nd 2026
3 Weeks
Linux C Programming Coursera Plus
Details
Linux System Administration with IBM Power Systems (Coursera) Coursera
IBM

Linux System Administration with IBM Power Systems (Coursera)

CS: Information & Technology

This course introduces administrative tasks that a system administrator can perform with Linux hosted on IBM Power servers. This includes virtualization concepts such as logical partitioning, installation of Linux, command-line operations, and more interesting administration and device management tasks. This course includes hands-on exercises with systems from an IBM data center.

Jun 22nd 2026
4 Weeks
Linux Information Technology Cloud Computing
Details
Introduction to Cybersecurity Essentials (Coursera) Coursera
IBM

Introduction to Cybersecurity Essentials (Coursera)

Security & Networking

Build key skills needed to recognize common security threats and risks. Discover the characteristics of cyber-attacks and learn how organizations employ best practices to guard against them. Designed specifically for beginners and those who are interested in a Cyber Analyst I or an entry-level Cloud & Security Engineer role, this course dives into the world of cybersecurity to give you the critical skills employers need. This course also supports the needs of technical support roles, who can find themselves on the front lines of defense for cybersecurity issues and is part of the IBM Technical Support Professional Certificate.

Jun 22nd 2026
4 Weeks
Cryptography Security Information Security
Details
IT Infrastructure and Emerging Trends (Coursera) Coursera
University of Minnesota

IT Infrastructure and Emerging Trends (Coursera)

CS: Information & Technology

Today organizations are either embracing digital technologies to improve their businesses or being disrupted by entrants with such capabilities. Therefore it is important for managers and executives of all organizations to learn about various technologies and apply them in innovative ways. Some of the most important trends in Information Technology are in mobile, cloud, security, and blockchains.

Jun 22nd 2026
5-12 Weeks
Management Information Technology Cloud Computing
Details
Operating Systems and You: Becoming a Power User (Coursera) Coursera
Google

Operating Systems and You: Becoming a Power User (Coursera)

Security & Networking

In this course, you’ll learn how to use the major operating systems, Windows and Linux, which are a core component of IT. Through a combination of video lectures, demonstrations, and hands-on practice, you’ll learn about the main components of an operating system and how to perform critical tasks like managing software and users, and configuring hardware.

Jun 22nd 2026
5-12 Weeks
Operating Systems Windows Linux
Details
Sistemas Operacionais e Você: Tornando-se um Usuário Avançado (Coursera) Coursera
Google

Sistemas Operacionais e Você: Tornando-se um Usuário Avançado (Coursera)

Security & Networking

Neste curso – com uma combinação de palestras em vídeo, demonstrações e atividades práticas – você conhecerá os principais componentes de um sistema operacional e verá como executar tarefas críticas, como gerenciamento de software e usuários, e configuração de hardware. Vamos terminar com um exemplo de como esse conteúdo pode acabar surgindo em uma entrevista.

Jun 22nd 2026
5-12 Weeks
Operating Systems Linux File Systems
Details
Writing Java Application Code (Coursera) Coursera
LearnQuest

Writing Java Application Code (Coursera)

CS: Programming Computer Science

This is the third course in a Specialization titled Java as a Second Language. This course presents instruction to IT professionals for developing Java applications. The material targets professional that are familiar with application programming, but do not have strong Java skills. The type of Java applications focus on: Console based Java applications, Java windows applications, and Java web and mobile applications. This course presents material on developing real applications, and includes hands-on application development labs. Learners will gain strong Java application development skills.

Jun 22nd 2026
4 Weeks
Programming Java Mobile
Details