Course Details

    This is not a "watered down" training course.  Not like other courses, we tell you in detail what we cover during the course and what our experience and expertise is.  We have a great training course, great material, experienced instructors and we truly want you to learn the material and to become good forensic examiners.  We want you to compare and decide what is best for you.    

    You will be provided well developed, detailed handouts of the course material.   The course contains a number of practical exercise problems in the form of specially prepared diskettes or a hard disk drive that must be examined.  The practical exercises will reinforce the material and teach "hands-on" skills.   A case scenario will be used where a fictional private investigator brings you, the examiner, each diskette or a hard disk drive for examination.  Each diskette will build to the next exercise, until finally a hard disk drive is examined and the case is concluded.  Real life computer forensic issues will be covered by the practical exercises.   

    Clear, concise, accurate reports that draw appropriate conclusions are a very important factor in presenting the results of a forensic examination.  We require reports detailing each "practical exercise" examination.  We critically review your reports as if we were the "other side" and will help you develop excellent report writing skills.  Your final reports can be used as your "template" for real examinations.

    Our instructors are all Certified Forensic Computer Examiners or Certified Computer Examiners (CCE)® who are currently involved in computer forensic examinations.  They will coach and tutor you through the practical exercises, your reports and through the test questions for each module.  Our instructors are highly qualified, experienced and understand forensic examinations far beyond the material in this course.  Your interaction with your instructor will normally be via email, but direct assistance is sometimes available for setup issues.   We truly want you to learn the material and to become a good forensic examiner.

    If you are a "Guided Self-Study" CCE Bootcamp student who had enrolled in your training prior to June 14, 2010, please follow this link to view your course outline.  

    If you are an "Online" CCE Bootcamp student who had enrolled in your training prior to February 2, 2009, please follow this link to view your course outline.  

    The current Guided Self-Study course is broken up into seven modules.   The material is constantly being revised and is subject to change.  The current modules consist of:


    Module 1 – Introduction to Computer Forensics

    • Recommended Machine Configurations
    • What makes a good computer forensic examiner?
    • Computer Forensics vs. E Discovery
    • Dealing with clients or employers
      • Work Product
      • Client Contracts
      • Legal and privacy issues
    • Software Licensing
    • Ethical Conduct Issues
    • Cases that may include digital evidence 
    • Forensic Examination Procedures
    • Determining Scope of Examinations
    • Hardware and Imaging Issues
    • Floppy Diskette, USB and Optical Media Examination
    • Limited Examinations
    • Forensically Sterile Examination Media
    • Examination Documentation and Reports
    • ASCII Table
    • General Overview of Boot Process and Operating Systems
    • Floppy Diskette Sides, FD Tracks, Hard Disk Drives
    • BIOS History
    • Networked Computers
    • Media Acquisition
    • Acquisition Documentation
    • Chain of Custody


    Module 2 – Imaging

    • Imaging Theory and Process
    • Imaging Methods
    • Write Blocking
    • Imaging Flash Drives
    • Wiping, Hashing, Validation, Image Restoration, Cloning, Unallocated Space
    • Drive Partitioning
    • One (1) Student Lab Practical Exercise


    Module 3 – File Signatures, Data Formats & Unallocated Space

    • File Identification
    • File Headers
    • General File Types
    • File Viewers
    • Examination of Compressed Files
    • Data Carving – Using Simple Carver
    • One (1) Student Lab Practical Exercise


    Module 4 – FAT File System

    • Logical structures of DOS, Windows 95, Windows 98
    • Master Boot Record
    • File Allocation Table
      • 16 Bit FAT
      • 32 Bit FAT
    • Directory Entries
    • Clusters
    • Unallocated Space
    • Sub-Directories
    • FORMAT
    • Six (6) Student Lab Practical Exercises


    Module 5 – NTFS

    • Introduction and Overview
    • Basic Terms
    • Basic Boot Record Information
    • Time Stamps
    • Root Directory
    • Recycle Bin
    • File Creation
    • File Deletion
    • Examining NTFS Drives
    • Two (2) Student Lab Practical Exercises


    Module 6 – Registry & Artifacts 

    • Creating an Examination Boot Disk
    • Data Recovery
    • Windows Swap and Page Files
    • Forensic Analysis of the Windows Registry
    • Internet Cache Files, Cookies and Internet Sites
    • Microsoft Outlook
    • MSMAIL
    • Logical Structures
    • Tracking User Specific Computer Use
    • Internet Explorer Cache Index
    • VISTA
    • Basic Mail Issues
    • Basic Internet Issues
    • Common Situations Encountered during Examinations
    • Password Protection and Defeating Passwords
    • Compound Documents
    • Examining CDR Media
    • FTK
    • Three (3) Student Lab Practical Exercises


    Module 7 – Forensic Policy, Case Writing, Legal Process & Forensic Tool Kits 

    • Use of Policy and Checklists in Forensic Practice
    • Data Presentation to Client
    • Case Report Writing
    • Legal Process
    • Expert Admission
    • Going to Court
    • Use of Forensic Tools and Software
    • One (1) Student Lab Practical Exercise – Hard drive examination

    We will provide a detailed manual for each module covered.  These manuals can be used later in your career for reference purposes.  Sample reports, additional practical exercises, a DOS primer, Diskedit primer and other useful information and applications will also be provided. You will be subscribed to our listservers that provide both administrative and technical information.  Even after you complete the course, as material is updated, you will be able to download the new material from our web site.

    All Guided Self-Study CCE BOOTCAMP® students receive fully licensed copies of the following software upon enrollment:

  • Paladin by Sumuri - Linux Imaging Tool
  • WinHex Specialist - www.X-Ways.net
  • Simple Carver - www.SimpleCarver.com
  • Passware Kit - www.LostPassword.com
  • Forensic Tool Kit (Demo version) - www.AccessData.com  (Student discount offered through developer)
  • (FTK Discount offered to all CCE BootCamp® students)            



    Please visit our Requirements page to view any hardware / software requirements for this course.


    Contact us