Computer Forensics Fundamentals | Online Course | The Waldrep Company Skip to main content
Online Courses › Computer Forensics Fundamentals
10–12 Hours — Online Self-Paced

Computer Forensics Fundamentals

Windows, macOS, and Linux forensic acquisition and analysis — including memory forensics, Windows Registry, event logs, cloud storage artifacts, and anti-forensics detection. Designed for practitioners who handle real evidence, write real reports, and testify in real cases. 15 modules, 36 lessons, module quizzes, and a final assessment.

🌐 Developed by Eric L. Waldrep — U.S. State Dept. ATA Cyber Mentor · MCFE Certified · 200+ Cases
$497
per seat · agency licensing available
Duration10–12 hrs
FormatOnline Self-Paced
Modules15 modules
Lessons36 lessons
Tools (educational)Autopsy, FTK, X-Ways, AXIOM
CPE Credits12 CPEs
CertificateYes
✅ You're enrolled. Go to Course →

New student? You'll create a free account first, then go straight to secure checkout.

🛡️ 7-Day Money-Back Guarantee
Request Group Pricing Government PO / Net-30

Secure checkout via Stripe. Instant access after payment confirmation. Government PO and net-30 billing available by request.

Free Download · PDF

Not ready to enroll? Get the full syllabus.

Every module and lesson in Computer Forensics Fundamentals, plus pricing, CPE, and certificate details. We'll email you the PDF instantly. No spam, no sales calls.

Prefer to talk? Call (251) 216-1164 or request group / agency pricing above.

Learning Outcomes

What You'll Learn

Establish legal authority before any examination — consent, warrants, and corporate authorization
Perform forensically sound dead-box and live acquisitions with write blockers and hash verification
Analyze Windows NTFS artifacts — MFT, $UsnJrnl, MACE timestamps, and deleted file recovery
Recover volatile evidence from memory images using Volatility 3 and interpret process, network, and credential artifacts
Parse Windows Registry hives to surface execution artifacts — Shimcache, AmCache, Prefetch, SRUM, and UserAssist
Analyze Windows Event Logs and correlate key Event IDs for logon activity, privilege escalation, and persistence
Identify cloud storage sync artifacts and detect anti-forensics activity including secure deletion and timestomping
Extract and interpret browser history, email artifacts, and user activity from Windows and macOS
Identify USB connection artifacts and connect device usage to specific users via registry and LNK files
Build defensible event timelines from multiple artifact sources without timestamp interpretation errors
Operate Autopsy, FTK, X-Ways, and Magnet AXIOM workflows and cross-validate critical findings across tools
Write court-ready forensic reports that separate findings from opinions and withstand cross-examination
Who This Course Serves

Built for Practitioners

Not an academic overview. This course is designed for professionals who will use this knowledge in real cases, real courts, and real investigations.

🚔
Law Enforcement
⚖️
Attorneys & Paralegals
🏛️
Government Agencies
🪖
Military & Intelligence
🏢
Corporate Security
🔍
Private Investigators
🧪
Forensic Examiners
📋
Compliance Teams
Course Curriculum

15 Modules  ·  36 Lessons  ·  Final Assessment

01Computer Forensics Foundations
  • What Computer Forensics Is
  • Civil, Criminal, Corporate & Legal Use Cases
  • Digital Evidence Concepts
  • Forensic Soundness
  • Common Mistakes
✓ Module Quiz
02Legal Authority, Ethics & Scope
  • Consent, Warrants & Court Orders
  • Corporate Authorization & Private-Sector Scope
  • Scope Control & Documentation Requirements
03Evidence Handling & Chain of Custody
  • Evidence Intake & Labeling
  • Storage, Hashing & Chain-of-Custody Records
04Acquisition Fundamentals
  • Live vs. Dead-Box Acquisition
  • Imaging Concepts & Validation
  • Write Blockers & Image Formats
05File System Artifacts
  • Windows File System Artifacts (NTFS, MFT, $UsnJrnl, MACE)
  • macOS File System Artifacts
  • Linux File Systems
  • File Carving Techniques
06Memory Forensics
  • Volatile Memory Concepts & Acquisition
  • Volatility Analysis
07Windows Registry Forensics
  • Registry Architecture & Hive Structure
  • Key Registry Artifacts
  • Execution Artifacts (Prefetch, Shimcache, AmCache, SRUM)
08Windows Event Logs
  • Event Log Architecture & EVTX Format
  • Key Event IDs (Logon, Account Management, Privilege, Persistence)
09Browser, Email & User Activity
  • Browser Artifacts (Chrome, Firefox, Edge)
  • Email Artifacts (PST, OST, headers)
10Cloud Storage & Anti-Forensics
  • Cloud Storage Sync Artifacts (OneDrive, Dropbox, Google Drive)
  • Anti-Forensics Detection (Secure Deletion, Timestomping, Log Clearing)
11USB & External Device Activity
  • USB Connection Artifacts & User Attribution
12Timeline Reconstruction
  • Building a Defensible Timeline
13Analysis Workflow & Tool Validation
  • Autopsy Workflow
  • FTK & X-Ways; Cross-Tool Validation
  • Magnet AXIOM Workflow
14Reporting & Court Readiness
  • Forensic Report Structure
  • Expert Witness Testimony Preparation
15Final Assessment
  • Course Review & Key Takeaways
★ Final Knowledge Quiz  ·  Certificate of Completion
Your Instructor

Developed by the Practitioner Who Built It

Eric L. Waldrep
Eric L. Waldrep
Director of Training — The Waldrep Company  |  U.S. State Dept. ATA Cyber Mentor  |  MCFE Certified

Eric Waldrep has been in law enforcement for 27+ years and active digital forensics for 17+ years. He has examined 200+ cases in federal and state courts with a 100% expert witness qualification rate. Selected by the U.S. State Department's Antiterrorism Assistance (ATA) program as a Cyber Mentor, training allied nation law enforcement in digital forensics. Every module in this course comes directly from real casework — not textbook scenarios.

MCFE Certified
State Dept. ATA Cyber Mentor
17+ years forensics
27+ years law enforcement
200+ cases
0 disqualifications
Completion

Certificate of Completion

🎓
Certificate of Completion — The Waldrep Company

Students who complete all 15 modules and the final assessment receive a Certificate of Completion from The Waldrep Company, issued in the student's name and signed by Eric L. Waldrep. The certificate includes course title, completion date, and course duration.

Note: This is a Certificate of Completion from The Waldrep Company. It does not constitute a third-party forensic certification such as MCFE or CCPA.

Common Questions

Frequently Asked Questions

What access do I get after purchasing?
Immediate access to all 15 modules and 36 lessons after Stripe payment confirmation. Access is tied to your student account and available on any device.
How does this online course compare to the live 3-day cohort?
The online course covers the same topics, the same practitioner-authored content, and earns 12 CPE credits. It runs 10–12 hours of focused, self-paced instruction. The live 3-day cohort runs 24 hours and adds instructor-guided hands-on lab work, group exercises, and real-time Q&A. Choose the online format for concept mastery on your schedule; choose the live cohort if you want guided lab time and live instruction.
Do I need forensic tools installed to take this course?
No tool installation is required to complete the course. The course covers Autopsy, FTK, X-Ways, and Magnet AXIOM workflows through detailed written instruction and concept-based lessons. Autopsy is free and open-source if you wish to follow along.
Can my agency purchase seats via purchase order?
Yes. Government purchase orders and net-30 invoicing are accepted. Contact us at (251) 216-1164 or submit an inquiry to arrange PO-based enrollment.
Do you offer group pricing?
Yes — discounted rates are available for groups of 8 or more. Contact us to arrange group enrollment and invoicing.
Is a refund available?
7-day satisfaction guarantee. If within 7 days of enrollment you decide the course is not for you, contact info@thewaldrepcompany.com or call (251) 216-1164 for a full refund. See the full refund policy.

This course is provided for educational purposes only. References to commercial forensic products — including but not limited to Autopsy, FTK®, X-Ways®, and Magnet AXIOM® — are made solely to illustrate concepts, methodologies, and publicly documented workflows that practitioners may encounter in the field.

Discussion of any specific tool is not intended as, and shall not be construed as: (i) an endorsement, recommendation, or comparative evaluation of one product over another; (ii) operational training, certification, or qualification in the use of that product; (iii) an authoritative statement of any vendor's current capabilities, features, version behavior, or pricing; or (iv) the disclosure of confidential, proprietary, or non-public information. This course is not a substitute for the vendor-provided training and certification required to operate any specific tool.

All tool references rely exclusively on information made publicly available by the respective vendors or in published literature. All trademarks, product names, and registered marks are the property of their respective owners and are used herein for identification and educational purposes only. The Waldrep Company is not affiliated with, sponsored by, or endorsed by any of the tool vendors mentioned in this course.

Certificate Disclaimer. The Certificate of Completion issued by The Waldrep Company evidences that the holder completed the course curriculum and passed the required assessments. It is not a license, an accreditation, a government or POST certification, vendor certification, or a guarantee that any specific court will qualify the holder as an expert witness under Daubert, Kumho, Frye, or any state analogue. Whether a witness is qualified in a specific matter is a determination reserved to the trial court in that matter. See our Terms of Service for full details.

Enroll or Inquire

Ready to Get Started?

Enroll online now, request group pricing, or contact us to discuss government PO billing and custom on-site delivery.

Request Group Pricing

Government PO · Net-30 billing · Group rates for 8+ · Custom on-site delivery · (251) 216-1164