Computer Forensics Boot Camp Training

Course 2075

  • Duration: 5 days
  • Language: English
  • Level: Intermediate

Learn how to investigate cybercrime! This boot camp goes in-depth into the tools, techniques and processes used by forensics examiners to find and extract evidence from computers.

Infosec’s Computer Forensics Boot Camp teaches you how to identify, preserve, extract, analyze, and report forensic evidence on computers. You will learn about the challenges of computer forensics, walk through the process of analysis and examination of operating systems, and gain a deep understanding of differences in evidence locations and examination techniques on Windows and Linux computers.

More than 30 hands-on labs simulating a real cybercrime investigation provide you with practical experience using commercial and open- source forensic tools. The boot camp also prepares you to become a Certified Computer Forensics Examiner (CCFE).

Students must have no criminal record. Basic computer skills, including the ability or desire to work outside the Windows GUI interface, are necessary. A+ certification and/or similar training and experience is not required, but recommended.

This is a very in-depth training course and is not intended for individuals who have limited or no computer skills.

  • Law enforcement professionals looking to expand into computer crime investigations
  • Legal professionals
  • IT and information security professionals being tasked with corporate forensics and incident handling
  • Anyone with a desire to learn about computer forensics and develop their skills

Computer Forensics Training Course Delivery Methods

  • Train your whole team by bringing this course to your facility

    • In-Person
    • Online

Computer Forensics Training Course Informartion

In this course, you will:

  • Understand the provisions of IT law.
  • Understand complex technical forensics concepts.
  • How to apply forensics concepts to forensic investigations.
  • Handle evidence (procedures and rules).
  • Use a range of computer forensics toolsAcquire forensic evidence.
  • Locate forensic artifacts in various operating systems.
  • Analyze extracted evidence and properly report findings.
  • Track an offender on the internetWork with law enforcement.
  • Design an incident response strategy.

Prerequisites

Students must have no criminal record. Basic computer skills, including the ability or desire to work outside the Windows GUI interface, are necessary. A+ certification and/or similar training and experience is not required but recommended.

This is a very in-depth training course and is not intended for individuals who have limited or no computer skills.

Computer Forensics Training Course Outline

Course introduction
  • Computer forensics and investigation as a profession
  • Define computer forensics
  • Describe how to prepare for computer investigations and explain the difference between law enforcement agency and corporate investigations
  • Explain the importance of maintaining professional conduct
  • Digital evidence — legal issues
  • Identifying digital evidence
  • Evidence admissibility
    • Federal rules of evidence
    • Daubert standard
  • Discovery
  • Warrants
    • What is seizure?
    • Consent issues
  • Expert witness
  • Roles and responsibilities
  • Ethics
  • (ISC)²
    • AAFS
    • ISO
Investigations
  • Investigative process
  • Chain of custody
  • Incident response
  • E-discovery
  • Criminal vs. civil vs. administrative investigations
  • Intellectual property
    • Markman hearing
  • Reporting
  • Quality control
    • Lab and tool
    • Investigator
    • Examination
    • Standards
  • Evidence management
    • SOPS
    • Collection
    • Documentation
    • Preservation
    • Transport/tracking
    • Storage/access control
    • Disposition
  • Current computer forensics tools and hardware
    • Commercial
    • Free/open source
Forensic science fundamentals
  • Principles and methods
    • Locard’s Principle
    • Inman-Rudin Paradigm
    • Scientific method
    • Peer review
  • Forensic analysis process
Hardware
  • Storage media
    • Hard disk geometry
    • Solid state drives
    • RAIDS
  • Operating system
    • Boot process
    • BIOS/CMOS
    • The Swap File
File systems
  • File systems
    • NTFS file system
    • FAT file system
    • HFS+
    • Ext2/3/4
    • Embedded
  • Erased vs. deleted
  • Live forensics
File and operating system forensics
  • Keyword searching
  • Metadata
  • Timeline analysis
  • Hash analysis
  • File signatures
    • File filtering (KFF)
  • Volume Shadow Copies
  • Time zone issues
  • Link files
  • Print spool
  • Deleted files
    • Recycle bin forensics
  • File slack
  • Damaged media
    • Physical damage
    • Logical damage
    • File carving
  • Registry forensics
    • USB devices
    • HKLM
  • Multimedia files
    • EXIF data
  • Compound files
    • Compression
    • Ole
    • AD
    • Passwords
Web and application forensics
  • Common web attack vectors
    • SQL injection
    • Cross-site scripting
    • Cookies
  • Browser artifacts
  • Email investigations
    • Email headers
    • Email files
  • Messaging forensics
  • Database forensics
  • Software forensics
    • Traces and application debris
  • Software analysis (hashes, code comparison techniques, etc.)
  • Malware analysis
  • Malware types and behaviors
  • Static vs. dynamic analysis
Network forensics
  • TCP/IP
    • IP addressing
    • Proxies
    • Ports and services
  • Types of attacks
  • Wired vs. wireless
  • Network devices forensics
    • Routers
    • Firewalls
    • Examining logs
Packet analysis
  • OS utilities
    • Netstat
    • Net sessions
    • Openfles
  • Network monitoring tools
    • SNORT
    • Wireshark
    • NetworkMiner
Anti-forensics
  • Hiding
  • Encryption
    • Symmetric
    • Asymmetric
    • TrueCrypt hidden partitions
  • Steganography
  • Packing
  • Hidden devices (NAS)
  • Tunneling/Onion routing
  • Destruction
    • Wiping/overwriting
    • Corruption/degaussing
  • Spoofing
    • Address spoofing
    • Data spoofing
    • Timestomping
  • Log tampering
  • Live operating systems
New & emerging technology
  • Legal issues (privacy, obtaining warrants)
  • Social networks forensics
  • Types of social networks
  • Types of evidence
  • Collecting data
  • Virtualization
  • Virtualization forensics
  • Use of virtualization in forensics
  • Cloud forensics
  • Types of cloud services
  • Challenges of cloud forensics
  • Big data
  • Control systems and IOT
Mobile forensics introduction
  • Types of devices
  • GPS
  • Cell phones
  • Tablets
  • Vendor and carrier identification
  • Obtaining information from cellular provider
  • GSM vs. CDMA
  • Common tools and methodology

Need Help Finding The Right Training Solution?

Our training advisors are here for you.

Computer Forensics Training Course FAQs

  • Law enforcement professionals looking to expand into computer crime investigations
  • Legal professionals
  • IT and information security professionals being tasked with corporate forensics and incident handling
  • Anyone with a desire to learn about computer forensics and develop their skills

Yes! We know your busy work schedule may prevent you from getting to one of our classrooms which is why we offer convenient online training to meet your needs wherever you want. This course is available in class and live online.

Chat With Us