CTE Solutions chair
Quick Search:  
Course No.  
FacebookTwitterLinkedInYouTube
Savings

Got A Question?
Talk to an Educational Consultant and get the answers you need.

By Phone
Ottawa: 613-798-5353
Toronto: 416-284-2700
Toll Free: 866-635-5353

right arrow Ask your question online

CFA01 - Computer Forensics and Analysis

View Dates and Locations

Summary


Duration: 5 days  


Receive a FREE IPAD 3 when you register and attend this course on June 18th in Ottawa


This workshop was developed to provide an introduction to the exciting and growing field of computer crime investigations and computer forensics. It is designed to train investigators in electronic discovery and the fundamentals of conducting an effective computer forensic examination. 


The workshop provides an introductionon to the field of computer forensics and the basis for gathering electronic digital artifacts. Participants are introduced to the concepts, situations and personalities they may encounter while investigating an incident.


Computer Forensic Analysis is ideal for someone new to the computer forensic field. However, this course is also valuable to someone who has been in the field for a while and would like to brush up on a few topics. The attendee will learn through instruction and practical exercises sound forensic imaging procedures, how to conduct examinations, and validate forensic operations as well as how to report findings in a clear and concise manner.


Audience 


The "Computer Forensic Analysis" workshop is specifically designed for corporate and government personnel who, in the performance of their duties may be asked to conduct a basic digital forensic examination. This workshop is essential to information security, risk management, loss prevention, corporate security and law enforcement personnel who encounter digital evidence while conducting an investigation. 


Prerequisites


This course has been created to ensure the student has the required skill set to perform forensically sound computer examination and document the findings in a clear concise report.


Participants must be familiar with common computer functions. This workshop caters to those with no previous experience in computer forensics.


How You Will Benefit


This workshop examines and teaches the methodology for conducting a computer forensic examination.


Upon completion of this course, participants will have the skills and knowledge to perform forensically sound computer examinations and to clearly and concisely report on their findings.


What will you get?


  • Fundamentals of computer crime investigations and computer forensics
  • State of the art, current research
  • Hands on labs that are designed to train government, corporate, military and law enforcement investigators to conduct legally approved forensics methodology for electronic discovery and digital evidence gathering

What will you learn?


  • Fundamentals of conducting an effective computer forensic examination
  • Incident investigation Forensic examination
  • Electronic discovery and digital evidence
  • Tools of the trade
  • Seizure concepts

Lab work includes:


  • Bit-by-bit imaging digital media and preserving the integrity of the image
  • Hiding and discovering potential evidence Recovering, categorizing and analyzing data
  • Understanding anti-forensics and steganography
  • Identifying and reconstructing information within various file systems
  • Recovering electronically stored data for civil litigation
  • Conducting an investigation into a complaint of sexual harassment
  • Investigating a misappropriations of proprietary information complaints

You will learn to use forensically sound investigative techniques to:


  • Evaluate the scene
  • Collect important data and information
  • Document what is relevant Interview personnel
  • Maintain chain-of-custody Write a report of findings

Real life case studies will be used to answer such questions as:


  • How a computer has been used
  • What data is stored on the hard drive?
  • Has data been copied off of the computer?
  • What websites have been visited?
  • What e-mails have been sent and received?
  • What data has been deleted, and why?

Certification


CPE Credit Information          


All participants are eligible to receive CPE credits. These credits are recognized by ISACA for CISA and CISM and (ISC)2  for CISSP continuing professional education hours and, where appropriate, by other professional organizations. Attendees are urged to contact their certifying body to determine eligibility. 


Student Materials


The student kit includes a comprehensive workbook and other necessary materials for this class.


Course Outline


Introduction


  • Fundamentals of Computer Forensics
  • Computer Crimes and Criminals

The Legal System


  • Legalese, Warrants, Case Law and Courtroom Testimony
  • Initial Contact
  • First Responder
  • Law, Investigations, Standards and Ethics
  • Criminal Incidents
  • Civil Incidents
  • Computer Fraud
  • Internal Threats
  • External Threats

Digital Evidence Presentation


  • The Best Evidence Rule
  • Digital Evidence: Hearsay
  • Authenticity and Alteration

Investigative Challenges


  • Case Documentation
  • First Responder
  • Seizing Assets
  • Hardware Recognition
  • Incident / Equipment Location
  • Available Response Resources
  • Securing Digital Evidence
  • Chain of Custody
  • Potential Digital Evidence
  • Lab Planning and Funding
  • Court Room Testimony

Disk Structures


  • Disk Based Operating Systems
  • OS and File Storage Concepts
  • Disk Storage Concepts
  • Slack Space
  • File Management
  • File Formats
  • Operating Systems
  • Boot Sequences
  • Forensic Boot Disk
  • File & Data Compression
  • BIOS & Password Bypass
  • Physical Disk Structures
  • Logical Disk Structures
  • RAID and Large Storage

Forensic Backup


  • Digital Acquisition
  • Digital Acquisition Procedures
  • Digital Forensic Analysis Tools
  • Hashing/Hash Sets
  • Sterile Media and Validation
  • Forensic Backup Theory
  • Forensic Hardware
  • Disk Write Blockers and Imagers

File Structures


  • FAT
  • FAT32
  • NTFS
  • EXT 2 & 3
  • HFS
  • CDFS

Forensic Examination Protocols


  • What is Forensic Science?
  • Applying the Scientific Method
  • Cardinal Rules
  • Tools of the Trade
  • Forensic Tools
  • Anti-Forensic Tools

Digital Evidence Protocols


  • Digital Evidence Concepts
  • Active Data
  • Archival Data
  • Backup Data
  • Residual Data
  • Background Data
  • Metadata
  • Admissibility

Protocols and Architectures


  • Network Protocols and Architectures
  • Protocols and Network Artifacts
  • Internet Artifacts - Browsers, history cache & cookies
  • Email Headers and Email recovery
  • Chat and IM (IRC, AIM, ICQ)
  • Peer-to-Peer File Sharing
  • On-Line Investigations

OS Evidence - Artifacts and Remnants


  • File Headers
  • File/Data Compression
  • BIOS and Password Bypass
  • Encryption
  • Windows Registry, Artifacts and Remnants

      3 Ways to Register
$3,495.00
$3,320.25 CAD
online only
Register Online
1 (866) 635-5353
sales@ctesolutions.com
Ask About This Course

  Latest Tweet


About This Course
Certifications

Register Online and instantly save!