CFA01- Computer Forensics and Analysis

This workshop was developed to provide an introduction to the exciting and growing field of computer crime investigations and computer forensics.

Course Outline

Summary

This workshop was developed to provide an introduction to the exciting and growing field of computer crime investigations and computer forensics. It is designed to train investigators in electronic discovery and the fundamentals of conducting an effective computer forensic examination. 

The workshop provides an introduction to the field of computer forensics and the basis for gathering electronic digital artifacts. Participants are introduced to the concepts, situations and personalities they may encounter while investigating an incident.

Computer Forensic Analysis is ideal for someone new to the computer forensic field. However, this course is also valuable to someone who has been in the field for a while and would like to brush up on a few topics. The attendee will learn through instruction and practical exercises sound forensic imaging procedures, how to conduct examinations, and validate forensic operations as well as how to report findings in a clear and concise manner.

Audience

The "Computer Forensic Analysis" workshop is specifically designed for corporate and government personnel who, in the performance of their duties may be asked to conduct a basic digital forensic examination. This workshop is essential to information security, risk management, loss prevention, corporate security and law enforcement personnel who encounter digital evidence while conducting an investigation.

How You Will Benefit

This workshop examines and teaches the methodology for conducting a computer forensic examination.

Upon completion of this course, participants will have the skills and knowledge to perform forensically sound computer examinations and to clearly and concisely report on their findings.

What will you get?

• Fundamentals of computer crime investigations and computer forensics
• State of the art, current research
• Hands on labs that are designed to train government, corporate, military and law enforcement investigators to conduct legally approved forensics methodology for electronic discovery and digital evidence gathering

What will you learn?

• Fundamentals of conducting an effective computer forensic examination
• Incident investigation Forensic examination
• Electronic discovery and digital evidence
• Tools of the trade
• Seizure concepts

Lab work includes:

• Bit-by-bit imaging digital media and preserving the integrity of the image
• Hiding and discovering potential evidence Recovering, categorizing and analyzing data
• Understanding anti-forensics and steganography
• Identifying and reconstructing information within various file systems
• Recovering electronically stored data for civil litigation
• Conducting an investigation into a complaint of sexual harassment
• Investigating a misappropriations of proprietary information complaints

You will learn to use forensically sound investigative techniques to:

• Evaluate the scene
• Collect important data and information
• Document what is relevant Interview personnel
• Maintain chain-of-custody Write a report of findings

Real life case studies will be used to answer such questions as:

• How a computer has been used
• What data is stored on the hard drive?
• Has data been copied off of the computer?
• What websites have been visited?
• What e-mails have been sent and received?
• What data has been deleted, and why?

Course Outline

Introduction

• Fundamentals of Computer Forensics
• Computer Crimes and Criminals

The Legal System

• Legalese, Warrants, Case Law and Courtroom Testimony
• Initial Contact
• First Responder
• Law, Investigations, Standards and Ethics
• Criminal Incidents
• Civil Incidents
• Computer Fraud
• Internal Threats
• External Threats

Digital Evidence Presentation

• The Best Evidence Rule
• Digital Evidence: Hearsay
• Authenticity and Alteration

Investigative Challenges

• Case Documentation
• First Responder
• Seizing Assets
• Hardware Recognition
• Incident / Equipment Location
• Available Response Resources
• Securing Digital Evidence
• Chain of Custody
• Potential Digital Evidence
• Lab Planning and Funding
• Court Room Testimony

Disk Structures

• Disk Based Operating Systems
• OS and File Storage Concepts
• Disk Storage Concepts
• Slack Space
• File Management
• File Formats
• Operating Systems
• Boot Sequences
• Forensic Boot Disk
• File & Data Compression
• BIOS & Password Bypass
• Physical Disk Structures
• Logical Disk Structures
• RAID and Large Storage

Forensic Backup

• Digital Acquisition
• Digital Acquisition Procedures
• Digital Forensic Analysis Tools
• Hashing/Hash Sets
• Sterile Media and Validation
• Forensic Backup Theory
• Forensic Hardware
• Disk Write Blockers and Imagers

File Structures

• FAT
• FAT32
• NTFS
• EXT 2 & 3
• HFS
• CDFS

Forensic Examination Protocols

• What is Forensic Science?
• Applying the Scientific Method
• Cardinal Rules
• Tools of the Trade
• Forensic Tools
• Anti-Forensic Tools

Digital Evidence Protocols

• Digital Evidence Concepts
• Active Data
• Archival Data
• Backup Data
• Residual Data
• Background Data
• Metadata
• Admissibility

Protocols and Architectures

• Network Protocols and Architectures
• Protocols and Network Artifacts
• Internet Artifacts - Browsers, history cache & cookies
• Email Headers and Email recovery
• Chat and IM (IRC, AIM, ICQ)
• Peer-to-Peer File Sharing
• On-Line Investigations

OS Evidence - Artifacts and Remnants

• File Headers
• File/Data Compression
• BIOS and Password Bypass
• Encryption
• Windows Registry, Artifacts and Remnants

Additional Details

Pre-Requisites

This course has been created to ensure the student has the required skill set to perform forensically sound computer examination and document the findings in a clear concise report. Participants must be familiar with common computer functions. This workshop caters to those with no previous experience in computer forensics.

Certificates offered

CPE Credit Information All participants are eligible to receive CPE credits. These credits are recognized by ISACA for CISA and CISM and (ISC)2 for CISSP continuing professional education hours and, where appropriate, by other professional organizations. Attendees are urged to contact their certifying body to determine eligibility. Student Materials The student kit includes a comprehensive workbook and other necessary materials for this class.

Cancellation Policy

Map & Reviews

CTE Solutions
[ View Provider's Profile ]

CTE Solutions Ottawa
11 Holland Avenue suite 100
Ottawa, Ontario
Canada   K1Y 4S1

Reviews

 

This course has not yet been rated by one of our members.

If you have taken a course through this vendor please log into your account and leave feedback for this vendor. You will be helping ensure our members get directed to the best training facilities.

Here are some reviews of the training vendor.

   

This course was great, very informative, had Lionel as instructor and he was also very good.

Reviewed by Robin T. 2012

   

Instructor was eager to assist but lacked subject matter expertise. Course time management was very poor. Content provided could have been delivered effectively in a one day course.

Reviewed by Inta N. 2012

   

Good Course, good trainer. All questions addressed equally and in a timely professional manner.

Reviewed by Joe L. 2011

   

The course content was interesting; however, the instructor didn't have enough knowledge about Microsoft Sharepoint 2010 Development and wasn't able to answer questions without google search. In the future CTE needs to make sure the instructors have real on-hands experience and are highly trained in the technologies they are supposed be teaching.

Reviewed by Heliana P. 2011