This
is not a "watered down" training
course. Not like other courses,
we tell you in detail what we cover
during the course and what our
experience and expertise is. We
have a great training course, great
material, experienced instructors and
we truly want you to learn the material
and to become good forensic examiners.
We want you to compare and decide
what is best for you.
You will be
provided well
developed, detailed
handouts of the course
material. The
course contains a
number of practical
exercise problems in
the form of specially
prepared USB thumb drives, mobile phones and
a hard disk drive that
must be
examined. The
practical
exercises
will reinforce the
material and teach
"hands-on" skills.
A case scenario will
be used where a
fictional private
investigator brings
you, the examiner,
each USB, mobile phone or a
hard disk drive for
examination.
Each USB will
build to the next
exercise, until
finally a hard disk
drive is examined and
the case is
concluded. Real
life computer forensic
issues will be covered
by the practical
exercises.
Clear, concise,
accurate reports that
draw appropriate
conclusions are a
very important
factor in presenting
the results of a
forensic examination.
We require
reports detailing each
"practical exercise"
examination. We
critically review
your reports as if we
were the "other side"
and will help you
develop excellent
report writing skills.
Your final
reports can be used as
your "template" for
real
examinations.
Our instructors are
all Certified Forensic
Computer Examiners or
Certified Computer
Examiners (CCE)® who are
currently involved in
computer forensic
examinations.
They will coach and
tutor you through the
practical exercises,
your reports and
through the test
questions for each
module.
Our instructors
are
highly qualified,
experienced and
understand forensic
examinations far
beyond the material in
this course.
Your interaction
with your instructor
will normally be via
email, but direct
assistance is
sometimes available for setup issues.
We truly want you to
learn the material and
to become a good
forensic
examiner.
The current Guided Self-Study course
is broken up into eight
modules.
The material is
constantly being
revised and is subject
to change. The
current modules
consist
of:
.
Module 1 – Introduction to Computer Forensics
-
Recommended Machine Configurations
-
What makes a good computer forensic examiner?
-
Computer Forensics vs. E Discovery
-
Dealing with clients or employers
- Work Product
- Client Contracts
- Legal and privacy issues
- Software Licensing
- Ethical Conduct Issues
- Cases that may include digital evidence
- Forensic Examination Procedures
- Determining Scope of Examinations
- Hardware and Imaging Issues
- USB and Optical Media Examination
- Limited Examinations
- Forensically Sterile Examination Media
- Examination Documentation and Reports
- ASCII Table
- General Overview of Boot Process and Operating Systems
- BIOS History
- Networked Computers
- Media Acquisition
- Acquisition Documentation
- Chain of Custody
.
Module 2 – Imaging
- Imaging Theory and Process
- Imaging Methods
- Write Blocking
- Imaging Flash Drives
- Wiping, Hashing, Validation, Image Restoration, Cloning, Unallocated Space
- Drive Partitioning
- One (1) Student Lab Practical Exercise
.
Module 3 – File Signatures, Data Formats & Unallocated Space
- File Identification
- File Headers
- General File Types
- File Viewers
- Examination of Compressed Files
- Data Carving
- One (1) Student Lab Practical Exercise
.
Module 4 – FAT File System
- Logical structures of DOS and Windows Operating System
- Master Boot Record
- File Allocation Table
- Directory Entries
- Clusters
- Unallocated Space
- Sub-Directories
- FORMAT
- Six (6) Student Lab Practical Exercises
.
Module 5 – NTFS
- Introduction and Overview
- Basic Terms
- Basic Boot Record Information
- Time Stamps
- Root Directory
- Recycle Bin
- File Creation
- File Deletion
- Examining NTFS Drives
- Two (2) Student Lab Practical Exercises
.
Module 6 – Registry & Artifacts
- Creating an Examination Boot Disk
- Data Recovery
- Windows Swap and Page Files
- Forensic Analysis of the Windows Registry
- Internet Cache Files, Cookies and Internet Sites
- Microsoft Outlook
- MSMAIL
- Logical Structures
- Tracking User Specific Computer Use
- Internet Explorer Cache Index
- Basic Mail Issues
- Basic Internet Issues
- Common Situations Encountered during Examinations
- Password Protection and Defeating Passwords
- Compound Documents
- Examining CDR Media
- Three (3) Student Lab Practical Exercises
.
Module 7 – Forensic Policy, Case Writing, Legal Process & Forensic Tool Kits
- Use of Policy and Checklists in Forensic Practice
- Data Presentation to Client
- Case Report Writing
- Legal Process
- Expert Admission
- Going to Court
- Use of Forensic Tools and Software
- One (1) Student Lab Practical Exercise – Hard drive examination
Module 8 – Introduction to Mobile Data Exploitation
- Mobile Phone Extraction Process
- Collection
- Isolation
- Interrogation
- Imaging
- Analysis
- Mobile Networks
- International Mobile Subscriber Identity
- Use of Forensic Tools and Software
- One (1) Student Lab Practical Exercise
We will provide a
detailed manual for each
module covered. These
manuals can be used later in your career for
reference purposes.
Sample reports, additional
practical exercises, Diskedit primer
and other useful
information and
applications will also be provided. You will be subscribed
to our listservers that provide both
administrative and technical information.
Even after you complete the course,
as material is updated, you will be able
to download the new material from our
web site.
All Guided Self-Study CCE BOOTCAMP® students receive fully licensed copies of the following software upon enrollment:
-
Raptor - Linux Imaging Tool
-
-
.
Please visit our Requirements page to view any hardware / software requirements for this course.
.
Contact
us