Home    |    Instructor-led Training    |    Online Training     
         
 
Courses
ADA
Adobe
Agile
AJAX
Android
Apache
AutoCAD
Big Data
BlockChain
Business Analysis
Business Intelligence
Business Objects
Business Skills
C/C++/Go programming
Cisco
Citrix
Cloud Computing
COBOL
Cognos
ColdFusion
COM/COM+
CompTIA
CORBA
CRM
Crystal Reports
Data Science
Datawarehousing
DB2
Desktop Application Software
DevOps
DNS
Embedded Systems
Google Web Toolkit (GWT)
IPhone
ITIL
Java
JBoss
LDAP
Leadership Development
Lotus
Machine learning/AI
Macintosh
Mainframe programming
Mobile
MultiMedia and design
.NET
NetApp
Networking
New Manager Development
Object oriented analysis and design
OpenVMS
Oracle
Oracle VM
Perl
PHP
PostgreSQL
PowerBuilder
Professional Soft Skills Workshops
Project Management
Rational
Ruby
Sales Performance
SAP
SAS
Security
SharePoint
SOA
Software quality and tools
SQL Server
Sybase
Symantec
Telecommunications
Teradata
Tivoli
Tomcat
Unix/Linux/Solaris/AIX/
HP-UX
Unisys Mainframe
Visual Basic
Visual Foxpro
VMware
Web Development
WebLogic
WebSphere
Websphere MQ (MQSeries)
Windows programming
XML
XML Web Services
Other
CERTIFIED DIGITAL FORENSIC EXAMINER
This course is provided by Wintrac. Wintrac provides one stop shopping for all your IT training needs. Wintrac’s course catalog of over two thousand courses includes courses on Security Training
Overview

Computer Forensics was developed by U.S. federal law enforcement agents during the mid to late 1980s to meet the challenges of white-collar crimes being committed with the assistance of a PC. By 1985 enforcement agents were being trained in the automated environment and by 1989 software and protocols were beginning to emerge in the discipline. The Certified Digital Forensics Examiner program is designed to train Cyber Crime Investigators whereby students are taught electronic discovery and advanced investigation techniques. This course is essential to anyone encountering digital evidence while conducting an investigation. Certified Digital Forensics Examiner graduates will obtain real world computer forensic knowledge that will help them recognize, seize, preserve and present digital evidence. Graduates will be able to confidently attempt the following professional computer forensic certifications: The Certified Computer Examiner (CCE) Certification and the external Certified Forensic Computer Examiner (CFCE) certification.

Audience:

Individuals interested in pursuing the Certified Computer Examiner Certification and the external Certified Forensic Computer Examiner certification.

Prerequisites

Experience in using a computer.

Course duration

5 days

Course outline

Introduction to Computer Crime

  • This is an introduction to the field of computer forensics and the basis for gathering electronic digital artifacts. Students are introduced to the concepts, situations and personalities they may encounter while investigating a computer incident.
  • Origins of Computer Forensic science
  • Criminal and civil incidents
  • Types of computer fraud incidents
  • Internal and external threats
  • Investigative challenges
Disk Storage Concepts
  • Having a clear understanding of how data is stored is having the upper hand during any investigation. Microsoft operating systems have a systematic way of storing data that is unknown to most end users. Here you will learn hard drive storage dynamics and understand “lost” data recovery methods.
  • Operating systems and file structures
  • Disk storage methodologies
  • OS procedures involving file & directory creation
  • Disk-based media file storage concepts
  • Slack space & the recovery of digital evidence
  • File management and file format concepts
Computer Forensics
  • This is a detailed review of standard and advanced procedures and how you can effectively implement these procedures into your organization. This section covers the advanced procedures necessary to conduct an accurate and carefully documented computer forensic examination. Advanced methods of computer forensic protocols are implemented.
  Application of scientific methods
  • Three major categories of digital evidence
  • Four cardinal rules of Computer Forensics
  • ALPHA 5 system
  • Best practices - the twenty steps
Electronic Discovery and Digital Evidence
  • Students learn recovery methods of digital artifacts from various file structures and gain an overview of different operating systems and file structures encountered. Exercises detail what to look for, as well as the various techniques for retrieving the information in a forensically sound manner.
  • The digital acquisition process
  • Procedures used in digital duplication
  • Digital authentication types
  • Identifying types of digital evidence attacks
  • Digital evidence classification/comparison
  • Identify types of digital evidence clues
  • Identify aspects of a Computer Forensic behavioral analysis
Specialized Examination Tools
  • Multiple software and hardware solutions are covered during this session. Students learn the numerous tools available to them in a vendor neutral environment. A clear understanding of what the tools do and how they work is presented in layman’s terms.
  • Forensic tools (hardware & software) available
  • Forensic Tool Kit
  • EnCase
  • WinHe
Seizure Concepts
  • Proper seizure of digital media is the start of every computer investigation. Students learn the correct protocol relating to handling of evidence.
  • Digital incident situation assessment
  • Procedures necessary to secure digital evidence
  • Protocols required establishing a “chain of custody” and submitting items as “digital evidence”
  • Identification of equipment encountered during a digital incident situation
Forensic Examination
  • Covers the advanced procedures necessary to conduct an accurate and carefully documented computer forensic examination. Advanced methods of computer forensic protocols are implemented, including physical evidence recovery.
  • “Pre-exam” analysis employment
  • Computer Forensic duplication types
  • Digital evidence processing methods
  • Digital data extraction techniques from nontraditional areas of digital media
Advanced Artifact Recovery
  • A hands-on laboratory where students conduct an advanced forensic examination of digital media. The focus of this lesson is to utilize advanced automated tools for the recovery of digital artifacts that are unattainable by conventional methods. There are several practical exercises that challenge even the senior cyber crime investigator. Focus is placed on using the advanced tools and thinking “outside the box” to try to discover incriminating digital evidence on a live case file.
Crypto and Password Recovery
  • Covers digital encryption file structures and password-protected data that an investigator may encounter while conducting and examining. Students are exposed to methods to decode and crack passwords that are used to protect potential evidence. They also learn techniques to gain access to encrypted files that may reside within the information.
  • Origins of cryptology and cryptography
  • Cryptography and cryptanalysis
  • Steganography and Alternate Data Streams
  • Types of encryption concepts
  • Principles of “diffusion” and “confusion”
  • Investigative options available to crack password- protected files
Specialized Digital Media Analysis and Recovery
  • Covers state of the art software where students are required to examine digital media in an attempt to recover data pertaining to a civil or criminal offence. Students will present their findings to the class during an evidence presentation exercise. Students will compete to see who completes the most thorough investigation. This exercise is very in-depth and competitive.
  • MAC times and image metadata
  • Windows Registry
  • System identifiers
  • Sources of unique identification within OS
  • Aspects of OS data files, to include Index.dat and AOL system files
  • “Recycle” folder and deleted files
Cyber-terrorism and Internet Investigations
  • Students are exposed to possible threats to their infrastructure and learn to effectively combat cyber-terrorism. These are hands-on exercises where students learn how to identify digital Internet artifacts left by potential cyber-terrorists.
  • Definition of digital evidence
  • Concepts and protocols associated with digital evidence and “levels of proof”
  • Categories of digital evidence
Electronic Discovery, Acquisition and Analysis Laboratory
  • Students acquire and analyze digital evidence using specialized forensic tools and will conduct a proper “seizure and search” for digital evidence. Proper authentication and analysis skills are taught using advanced forensic utilities and software tools.
  • Hands-on case file
  • Live/Indexed Keyword searching
  • Analysis and identification of relevant digital evidence
  • Quality assurance and documentation
  • Peer review process
  • Annual review procedures
  • Forensic lab deviation policy
  • Long term storage options
  • Lab items subject to the legal discovery process
  • Report compilation and presentation
Documenting and Reporting Digital Evidence
  • Reviews and analyzes the methods used to document and report the results of a computer forensic examination. Students will present their finding and electronic discoveries in an exercise to demonstrate their abilities to create an effective presentation.
Presentation of Digital Evidence
  • Students are introduced to aspects of presenting digital evidence in a courtroom environment. They are exposed to the specialized tools necessary to effectively create and present the results of a cyber crime investigation to an administrative body or court of law. Both civil and criminal incidents are covered during this lesson. This is the final exercise where students are faced with the challenge of presenting their findings in a low-tech format where non-technical personnel are able to decipher and understand the results. The students will physically present their findings in “layman’s terms,” which is critical during any investigation. Students will have mastered this critical skill by the end of this exercise.
  • “Best evidence” concept
  • “Hearsay” concept
  • “Authenticity” and “Alteration of Computer Records” concepts
  • “Layman’s analogies” available to the Computer Forensic practitioner
  • Admissibility of digital evidence in a court of law
Please contact your training representative for more details on having this course delivered onsite or online

Training Outlines - the one stop shopping center for IT training.
© Training Outlines All rights reserved