Master new skills with our 21-day learning paths, broken into easy 5-minute daily lessons.

Start your journey for free.

security Advanced 21 lessons

Digital Forensics

Investigate cybercrimes and recover evidence. Master disk imaging, memory forensics, and chain of custody procedures for legal and corporate cases.

CSI for computers. This course covers the scientific process of preserving, identifying, extracting, and documenting computer evidence. You will learn to create forensic images of disks (bit-by-bit copies), analyze Windows Registry artifacts, and carve deleted files. We also cover Memory Forensics to find malware that resides only in RAM. Crucially, you will learn the legal Chain of Custody procedures required for evidence to be admissible in court or corporate hearings.

100% Free & Lifetime Access
⏱️ 5-Minute Lessons (Bite-sized learning)
🚀 21-Lesson Path (Independent modules)
📱 Mobile Friendly (Learn anywhere)
Forensics Team
Start Learning
Secure Enrollment via SSL

Complete Course Syllabus

  • 1
    Forensic Process
    Collection, Examination, Analysis, and Reporting.
  • 2
    Data Acquisition
    Write blockers and creating E01/Raw images.
  • 3
    Windows Forensics
    Registry, Prefetch, and Event Log analysis.
  • 4
    File Recovery
    Recovering deleted data from NTFS/FAT systems.
  • 5
    Memory Analysis
    Using Volatility to inspect running processes in RAM.

Estimated completion time: 21 lessons • Self-paced learning • Lifetime access

Career Outlook

Estimated Salary
$100k - $150k

Career Paths

Forensic Examiner $100k-$145k
Incident Responder $110k-$150k
eDiscovery Analyst $90k-$130k

What You Will Learn

Acquire forensically sound disk images without altering data
Analyze Windows Registry and file system artifacts
Recover deleted files using file carving techniques
Perform memory forensics to analyze volatile RAM data
Maintain a legal Chain of Custody for all evidence

Skills You Will Gain

Disk Imaging File System Analysis Memory Forensics Chain of Custody Registry Analysis

Who Is This For

Law Enforcement
Corporate Investigators
Incident Responders

Prerequisites

OS Internals (Win/Linux)
Hardware basics

Digital Forensics FAQs

Law enforcement?

Used by police, but also corporate HR/Legal.

Tools?

We focus on Open Source (Autopsy) and industry standards.

Certification?

Prepares for CHFI or GCFA concepts.

Is it technical?

Yes, requires deep OS and file system knowledge.

Need more info?
All Reork courses are 100% free, self-paced, and fully accessible on mobile devices. No prior experience is required. Read our full Platform FAQ.

Tech Stack & Tools

Autopsy
FTK Imager
Volatility
Wireshark
Linux

Recommended Next Steps

Malware Analysis

security Advanced

Dissect malicious software safely. Master static and dynamic analysis, assembly basics, and reverse engineering to understand how malware works.

IoT Security

security Advanced

Secure the Internet of Things. Analyze firmware, audit hardware interfaces (UART/JTAG), and dissect IoT communication protocols.

Identity Mgmt (IAM)

security Intermediate

Identity is the new perimeter. Master SSO, MFA, OAuth 2.0, and directory services to manage access securely across the enterprise.

Start Learning