How much do I need to know about computers to take
your training?
This is not an entry level course. Although
we try to teach you computer forensics from the
ground up, you should have a reasonable basic
knowledge of computers and you should use a
computer on a regular
basis.
Critical portions of a forensic examination are
done at a low level, frequently at a DOS
level. You should be able to use a DOS
prompt and run simple DOS commands from the
command line. If you are not familiar with
DOS, you should have experience running other
programs or operating systems from the command
line. If you are uncomfortable using DOS
prompt commands, we do have a DOS primer that can
be studied when initially starting the course
. You do not have to be a DOS "guru" to take
the course. However, you should be
comfortable operating
outside
the Windows GUI
interface from a command
prompt.
You also should be comfortable with, or want to,
open up the computer and to remove and install
hard disk drives and other hardware. Making
forensic copies of drives frequently involves
removing a hard drive from one computer, making
and verifying jumper setting changes and
installing a drive into a second
computer.
Much of the actual "learning" in our course is
through completing our practical exercises.
If you are comfortable studying a topic and then
actually solving problems related to that topic,
you will do fine in the
course.
Before you enroll in our course, we would like to
talk to you about your qualifications and your
expectations about where this course will take
you. We want to be sure that this course is
right for you.
What kind of hardware and software will I need to
complete the course?
Minimum requirements to complete the
course:
-
A 300 Mhz PC (desktop or tower computer) or
above operating with Windows 95 (32 bit FAT)
or Windows 98. Laptop computers are not
suitable for completing the last module of the
course.
-
At least one extra hard disk drive in the 800
meg to 2 gigabyte
range.
-
A supply of HD 3 ½ inch
diskettes.
-
A printer.
-
A modem with Internet access.
Minimum Software
Requirements:
-
Windows 95B (OS2) 32 bit FAT or Windows 98
(either version)
-
Our forensic utilities (provided with
enrollment)
-
DataLifter (provided with
enrollment)
-
QuickView Plus (a viewing
application)
-
Norton Utilities (Diskedit and
Unerase)
-
Norton Ghost 2002
or above
Norton's System Works Professional contains
Norton Utilities, Norton's Ghost and a good virus
scanning utility. We would suggest
purchasing System Works Professional instead
of purchasing each Norton utility
separately. The cost will be
less. QuickView
Plus
can be purchased
online
at
avantstar.com
for about
$40.00
See
Hardware and
software
requirements
for more
information.
Can I use my Compaq computer for forensic
examinations?
No, Compaq or Gateway computers do not make
good general examination machines. They
contain proprietary hardware and a BIOS that may
not be compatible with other hardware and
computers. However, a Compaq or Gateway
computer is normally necessary to examine a
computer of the same brand.
Can I use the Windows ME or other operating system
newer than Windows 98 on an examination
machine?
You will need a 32 bit FAT operating system "real
mode" boot disk. You cannot easily create a
bootable "real mode" DOS diskette with ME.
Even after a Windows ME boot disk is created, it
has some controls and restrictions that Windows 98
or Windows 95B (OS2) "real mode" DOS does not
have. You must have total control of what
the operating system is doing when you access the
original media. Any alteration to the
original media is not
acceptable.
During the course, we show you how to make some
modifications to the IO.SYS file on the Windows 98
boot diskette to prevent Drive Space from loading
compressed drives and to prevent some other
operating system writes to the original
drive. The ME and later versions of DOS do
not allow that level of control. Since
some critical portions of a forensic examination
are done at a "real mode" DOS level, Windows ME,
Windows 2000, Windows NT or Windows XP cannot be
used.
If you are currently using Windows ME/2000/NT/XP,
you can continue to use it, but not for the beginning
of the course. If you have
acquired the image of the original drive
using Forensic Tool Kit or Encase, Windows
XP is recommended for the examination
of the image. However, normally you
will need a 32 bit FAT version of Windows
for the actual access and acquisition
of the image of the original hard drive. We
will provide assistance with the operating
systems.
Can I use a laptop computer to complete your
course?
Yes, you can with
some additional hardware. You can easily
use a laptop computer for modules
1 through 4, if it has Windows 95B (OS2) or
Windows 98 installed on
it or is a dual boot system (Win 98/XP). For module
5, you must be
able to place a second hard disk drive in your
computer to make a forensic copy to complete the
forensic examination required in Module 5.
Firewire devices with a write blocking device will work
for module 5. we would recommend
that you have a computer, other than
a laptop to actually conduct examinations.
Can I use my office machine for your
course?
Yes, if you have additional hard disk drives that
are specifically set aside as examination drives
and target drives. During the course we
instruct you how to make a master examination
drive and how to make and verify "forensically
sterile" media. "Forensically sterile" media
should be used for both your examination drive
(the drive that holds your forensic utilities) and
the target drive (the forensic copy of the
original media).
How does your course
work?
We provide a detailed student handout for each
module that covers the specific topics for that
module. The student should study the module
and discuss anything that he or she doesn't
understand about the module with the
instructor. Once the student feels that he
or she has a reasonable grasp of the topics in the
module, they should then do the practical
exercises for the module. The practical
exercises "teach" the technical issues and provide
practice and understanding of the techniques
involved. If any problems are encountered in
understanding the technical issues or techniques,
the instructor will provide as much help and
information as necessary to complete the practical
exercises.
Can I take your course online or from a distance
without going to a
classroom?
Our computer forensic examiner course is designed
for distance learning and the course is conducted
online through email and accessing our site.
We have forensic labs, overview courses and
advanced courses in the classrooms at Kennesaw
State
University.
How much interaction will I have with my
instructor?
You will have as much interaction as it takes to
learn each topic. Your instructor will
explain any issues that are not clear to you in
the student handout. Your instructor will
guide you through the practical exercises and will
provide as much help and information as necessary
to complete the practical exercises. There is a
detailed examination after each module that
essentially covers all of the issues covered in
the module. Your instructor will review the
examination and explain and discuss any issues
that are not clear on the examination. We,
and your instructor, want you to learn the
material and we will do whatever it takes to help
you learn and fully understand the
material.
How much does the course
cost?
We have entered into a training partnership with
Kennesaw State University, Kennesaw,
Georgia. The University will be handling all
new registrations. The course fee is $2750
(discounts are available for law enforcement,
military, & government personnel) For
more information visit our web page at the
Southeast CyberCrime Institute above
or
their web
site
at
the
Southeast CyberCrime
Institute
.
Can I make payments for the
course?
There is a "pay as you go" payment plan and
financial assistance available
through
Kennesaw State
University
.
The course is open for immediate enrollment.
If you
enroll
online
, you could start
today. If you have been thinking about
starting our training, now is the
time. Included in the course fee are the
following utilities:
These utilities have over a $600 retail
value. There is a good bit of information
about the utilities on our site
at
this
link
.
How long does the course
take?
Typically the course takes about 4 months to
complete. The actual time to complete the
course depends on the amount of time that the
student commits to the course and how quickly the
student can learn. The strength of our
course is that it is self-paced. This is a
superior learning method to any one or two week
classroom training course. Our training
method gives the student much more time to
understand and "digest" the material
and
as much time
as it
takes
to learn and practice the skills necessary to
conduct forensic examinations. This also allows
the student much more time to interact with his or
her coach. Since the course is self-paced,
it allows you to proceed to the next topic when
you have learned and understand the material, not
when the time allotted for a particular block of
instruction is over. It also allows for
interruptions caused by work or family and doesn't
require 100% of your time while taking the
course.
Do you offer a
certification?
Our students will be provided with our certificate
of completion of our forensic
computer
examination
course.
In connection with our training partnership with
Kennesaw State University, Kennesaw, Georgia,
the
Certified Computer
Examiner
(CCE)TM
certification is available. Our course will
help you prepare for the CCE
examination.
After completion of our course (all 5 modules) you
are eligible, without further training or testing,
to obtain the High Tech Crime Network Certified
Computer Forensic Technician [Basic] or [Advanced]
certifications. A letter from us and a copy
of your examinations will satisfy their training
and written examination requirements.
You
must meet the
experience requirements
for the
certification that you are applying
for.
Information about their certification and their
experience requirements is available
at
http://www.htcn.org
. There is a fee
for this certification which must be paid to the
HTCN people after completion of our
course.
It
should be noted that any certification alone is normally
not enough to get someone accepted as an expert witness
in court. A combination of knowledge, training, experience and certification
will probably be necessary to get you recognized in court as a computer forensic
expert.
I live outside the United States. Can I take
your course?
Yes, you can. Our course was designed for
distance learning and is working very well.
We have students from as far away as South
America, Canada, the United Kingdom, Hong Kong,
Singapore and
Australia.
Who are your instructors?
Our instructors are all certified, qualified
forensic examiners who currently conduct forensic
examinations. They understand forensic
examinations far beyond the course material and
can provide outstanding instruction to you.
You can learn much more than the course material
from our instructors because of their vast
experience. See
staff
for information
about our instructors.
Why is this course better than the Encase training
or the Access Data training?
There are a number of reasons why our training is
better. We teach the basic methodologies for
conducting sound forensic examinations. The
other courses teach you how to use their software
to conduct forensic examinations. Using
these software "suites", the examiner does not
need to know very much about the methodology
necessary to conduct a forensic examination, the
operating system and what the software is actually
doing.
We believe that it is extremely important that a
forensic computer examiner knows the underlying
methodologies, operating system theory and the
principles of what the automated software is doing
when it "examines" a drive. Once the
fundamentals are understood by the student, the
"tool" that is used to conduct the examination is
far less important than the process and
methodology used to conduct the
examination.
Remember, it is you the examiner who must qualify
as an expert witness and testify in court, not the
software "suite" that you may use. Simply
stating that you used this software "suite" or
that software "suite" to recover the data, is not
going to work for very long, if at all. Sooner or
later you will be asked some hard technical
questions. You should be able to answer
them.
One strength of our course is that you learn at
your own pace. You decide when you are ready
to go to the next technical issue or topic.
In all of the classroom courses, the structure is
fairly rigid and the topics are covered in a
certain period of time. If you don't
understand one topic before they move on to the
next topic, they will probably leave you
behind. You may attend a week's training and
learn very little, other than how to use their
software's interface.
Another strength of our course is the quality of
our instructors. All of our instructors are
certified forensic computer examiners who are
currently conducting forensic examinations.
They are keeping abreast of changes in technology
and techniques and their knowledge goes far beyond
the course material. Their instruction will
reflect that. The staff and the instructors
truly care about you and want you to learn the
material.
What have your students said about your
course?
There has been exceptionally good feedback from
our students. See
testimonials for
their comments.
Learning computer forensics sounds like a great
idea. Will completing your course guarantee
that I will get a job in the computer forensic
examination field?
No, we
will
teach you the skills
to become a good forensic examiner, but we cannot
assure you that you will be able to obtain a
position in the field. If you already have a
position or are looking for a position in the
computer field, our course will greatly enhance
your skills and your potential marketability for
advancing within your own company or for gaining a
new position.
I want to start my own forensic examination
business. Will this course
help?
Yes, it will help, but it will not assure that the
business will be successful. We
will
teach you the skills
to become a good forensic examiner, however there
are a number of factors that will affect your
ability to find work. These
are:
-
Your training and education
-
Your skills
-
The need for forensic examinations in your
area
-
Your contacts with attorneys, private
investigators, fraud investigators,
etc.
-
Your ability to market your skills and make
contacts
- Your reputation
We try to screen all of our students before they start
our course, because computer forensics is not the kind
of work that one can simply take a course and
immediately start a successful business. We
discourage those potential students who do not have
the basic computer skills necessary for the course or
who are not realistic about where this course will
take them. We strongly believe, however, that
the computer forensic examination field will continue
to grow at a huge pace and many more qualified
examiners will be needed in the
future.
Do you support your students after they complete
the course?
We have had a number of our students start their
own businesses. Most are doing very
well. We try to send them business when we
can. We have frequent contact with former
students who require advice on actual cases.
We support our former students in any way
possible. We will soon be initiating a regional
laboratory system where we can better support our
students who wish to start their own businesses.
This will better support our clients as
well.
Contact
Us
