CDFE Certified Digital Forensics Examiner (CFED Replacement)



Similar documents
Certified Digital Forensics Examiner

Certified Digital Forensics Examiner

Certified Digital Forensics Examiner

Hands-On How-To Computer Forensics Training

CERTIFIED DIGITAL FORENSICS EXAMINER

CCE Certification Competencies

Computer Forensics and Investigations Duration: 5 Days Courseware: CT

EC-Council Ethical Hacking and Countermeasures

MSc Computer Security and Forensics. Examinations for / Semester 1

Computer Hacking Forensic Investigator v8

ENTERPRISE COMPUTER INCIDENT RESPONSE AND FORENSICS TRAINING

C HFI C HFI. EC-Council. EC-Council. Computer Hacking Forensic Investigator. Computer. Computer. Hacking Forensic INVESTIGATOR

CYBER FORENSICS (W/LAB) Course Syllabus

C HFI C HFI. EC-Council. EC-Council. Computer Hacking Forensic Investigator. Computer. Computer. Hacking Forensic INVESTIGATOR

The Proper Acquisition, Preservation, & Analysis of Computer Evidence: Guidelines & Best-Practices

CTC 328: Computer Forensics

COMPUTER FORENSICS (EFFECTIVE ) ACTIVITY/COURSE CODE: 5374 (COURSE WILL BE LISTED IN THE CATE STUDENT REPORTING PROCEDURES MANUAL)

Chapter Contents. Operating System Activities. Operating System Basics. Operating System Activities. Operating System Activities 25/03/2014

Incident Response and Computer Forensics

Developing Computer Forensics Solutions for Terabyte Investigations

How To Get A Computer Hacking Program

Course Title: Computer Forensic Specialist: Data and Image Files

To Catch a Thief: Computer Forensics in the Classroom

Certified Digital Forensics Examiner (CDFE)

Tuskegee University Department of Computer Science Course No: CSCI 390 (Computer Forensics) Fall MWF 1:00-2:300, BRIM 301

Digital Forensics. Larry Daniel

Computer Forensic Tools. Stefan Hager

DIGITAL FORENSIC INVESTIGATION, COLLECTION AND PRESERVATION OF DIGITAL EVIDENCE. Vahidin Đaltur, Kemal Hajdarević,

CSN08101 Digital Forensics. Module Leader: Dr Gordon Russell Lecturers: Robert Ludwiniak

InfoSec Academy Forensics Track

RE: School of Computer Forensic Investigation, Class 7, Eastern Michigan University

Digital Forensics Tutorials Acquiring an Image with FTK Imager

Course overview. CompTIA A+ Certification (Exam ) Official Study Guide (G188eng verdraft)

Of the programs offered by IACIS, the Basic Computer Forensic Examiner (BCFE) Training Program is at the forefront.

Computer Forensics Today

Loophole+ with Ethical Hacking and Penetration Testing

information security and its Describe what drives the need for information security.

e-discovery Forensics Incident Response

What is Digital Forensics?

ITM 642: Digital Forensics Sanjay Goel School of Business University at Albany, State University of New York

Information Technology Audit & Forensic Techniques. CMA Amit Kumar

Digital Forensic. A newsletter for IT Professionals. I. Background of Digital Forensic. Definition of Digital Forensic

Certified Cyber Security Analyst VS-1160

Computer Forensics introduction part A

USB 2.0 Flash Drive User Manual

A+ Guide to Software: Managing, Maintaining, and Troubleshooting, 5e. Chapter 3 Installing Windows

Lecture outline. Computer Forensics and Digital Investigation. Defining the word forensic. Defining Computer forensics. The Digital Investigation

STUDY GUIDE CHAPTER 4

Introduction to Data Forensics. Jeff Flaig, Security Consultant January 15, 2014

Master of Science in Information Systems & Security Management. Courses Descriptions

Design and Implementation of a Live-analysis Digital Forensic System

Digital Forensics, ediscovery and Electronic Evidence

Operating System Today s Operating Systems File Basics File Management Application Software

Chapter 4. Operating Systems and File Management

Discovery of Electronically Stored Information ECBA conference Tallinn October 2012

EnCase Portable Demo P A G E 0

introducing COMPUTER ANTI FORENSIC TECHNIQUES

Introduction to Cyber Security / Information Security

Modern Digital Forensics!!

Scientific Working Group on Digital Evidence

File System Forensics FAT and NTFS. Copyright Priscilla Oppenheimer 1

70250 Graduate Certificate in Digital Forensics

FORBIDDEN - Ethical Hacking Workshop Duration

Comparing and Contrasting Windows and Linux Forensics. Zlatko Jovanovic. International Academy of Design and Technology

Digital Forensics. Tom Pigg Executive Director Tennessee CSEC

Alternate Data Streams in Forensic Investigations of File Systems Backups

HW 07: Ch 12 Investigating Windows

Overview of Computer Forensics

Understanding Backup and Recovery Methods

Ten Deadly Sins of Computer Forensics

Introduction to Network Security Comptia Security+ Exam. Computer Forensics. Evidence. Domain 5 Computer Forensics

IAPE STANDARDS SECTION 16 DIGITAL EVIDENCE

EnCase 7 - Basic + Intermediate Topics

2! Bit-stream copy. Acquisition and Tools. Planning Your Investigation. Understanding Bit-Stream Copies. Bit-stream Copies (contd.

Investigation Techniques

Lesson Plans Microsoft s Managing and Maintaining a Microsoft Windows Server 2003 Environment

State of the art of Digital Forensic Techniques

Forensics source: Edward Fjellskål, NorCERT, Nasjonal sikkerhetsmyndighet (NSM)

Certified Cyber Security Analyst VS-1160

New Technologies File System (NTFS) Priscilla Oppenheimer. Copyright 2008 Priscilla Oppenheimer

EnCase v7 Essential Training. Sherif Eldeeb

ITU Session Four: Device Imaging And Analysis. Mounir Kamal Q-CERT

Services. Computer Forensic Investigations

Computer Forensics Principles and Practices

Chapter 11 Security+ Guide to Network Security Fundamentals, Third Edition Basic Cryptography

Scene of the Cybercrime Second Edition. Michael Cross

Defining Digital Forensic Examination and Analysis Tools Using Abstraction Layers

Windows Operating Systems. Basic Security

LINUX / INFORMATION SECURITY

CHAPTER 17: File Management

Just EnCase. Presented By Larry Russell CalCPA State Technology Committee May 18, 2012

About Your Presenter. Digital Forensics For Attorneys. Overview of Digital Forensics

Digital Forensics for Attorneys Overview of Digital Forensics

Capturing a Forensic Image. By Justin C. Klein Keane <jukeane@sas.upenn.edu> 12 February, 2013

Transcription:

Course: CDFE Certified Digital Forensics Examiner (CFED Replacement) Description: Price: $3,450.00 Category: Popular Courses Duration: 5 days Schedule: Request Dates Outline: COURSE OVERVIEW Computer Forensics was developed by U.S. federal law enforcement agents during the mid to late 1980s to meet the challenges of white-collar crimes being committed with the assistance of a PC. By 1985 enforcement agents were being trained in the automated environment and by 1989 software and protocols were beginning to emerge in the discipline. The Certified Digital Forensics Examiner program is designed to train Cyber Crime and Fraud Investigators whereby students are taught electronic discovery and advanced investigation techniques. This course is essential to anyone encountering digital evidence while conducting an investigation. UPON COMPLETION Certified Digital Forensics Examiner graduates will obtain real world computer forensic knowledge that will help them recognize, seize, preserve and present digital evidence. Graduates will be able to confidently attempt the following professional computer forensic certifications: 1.Certified Digital Forensics Examiner (CDFE) 2.The Certified Computer Examiner (CCE) certification. 3.Computer Hacking Forensic Investigator (CHFI) 4.The external Certified Forensic Computer Examiner (CFCE) certification. Module 1: Legal Aspects and the Need for Digital Forensics Module 2: Computer Hardware Module 3: File Systems, Disks and Storage Media Module 4: First Response Model Module 5: Boot Process: Windows, Linux and Macintosh

Module 6: PDA Forensics Module 7: Acquiring Digital Evidence Module 8: Forensic Models and Protocols Module 9: Forensics Software and Hardware Module 10: Cryptography, Password Cracking and Steganography Module 11: Lab Protocols Module 12: Forensic Investigative Theory Module 13: Processing Evidence Module 14: Documenting and Reporting Digital Evidence Module 15: Presentation of Digital Evidence Module 16: Fraud and it Implications Module 17: Evidence of Fraud How do you find it? Module 1: Legal Aspects and the Need for Digital Forensics Computer Forensics Overview Origins of Computer Forensic science Criminal and civil Laws Council of Europe Types of computer fraud incidents Internal and external threats Investigative challenges?www.cybercrime.gov Module 2: Computer Hardware Computer Hardware Components The Boot Process Hard Disk Partitioning File System Overview Exam Tips?The BIOS (Basic Input Output System)?Virtual Machine BIOS?Boot Sequence Modification (Physical and Virtual) Module 3: File Systems, Disks and Storage Media File System Basics - What about the Linux and MAC File System? FAT (File Allocation Table) Basics?Physical Layout of FAT?Viewing FAT Entries The Function of FAT?How a file is stored (Media Creation, Modified, Accessed)?The effects of deleting and un-deleting files?slack Space

?Directory entry status byte Instructor Demonstration Viewing FAT NTFS (New Technology File System)?Alternate Data Streams Linux Files Systems?FSSTND File System Standard?FHS File System Hierarchy Standard?EFS Extensible File System?GoboLinux Mac File Systems?HFS Hierarchical File System?HFS+ - Hierarchical File System + VFS Virtual File System CD and DVD File Systems?ISO9660?UDF Universal Disk Format Media Devices:?Magnetic Tapes CFS Cluster Files System?Floppy Disk?Compact Discs, DVD and Blue Ray?Ipods, Zune, PSP, Flash Memory Cards?Viewing File Systems Using a HEX editor?ultimate Boot CD?Helix Linux Live Boot CD?Sanitizing Media Storage?Alternate Data Streams, Creation, Detection and removal Module 4: First Response Model What is Computer Evidence??Incidents, and Evidence Types Search & Seizure?Voluntary Surrender?Subpoena?Search Warrant Planning and Preparation?The Physical Location?Personnel?Computer Systems?What Equipment to take?search Authority Handling Evidence at the scene?securing the Scene?Taking Photographs?Seizing Electronic Evidence?Bagging and Tagging Chain Of Custody

?Definition?Controls?Documentation Evidence Admissibility in a Court?Relevance and Admissibility?Best Practices for Admissibility?Hearsay Rule, Exculpatory and Inculpatory Evidence?Report and documentation Overview?Working with the Chain Of Custody Module 5: Boot Process: Windows, Linux and Macintosh The Boot Process?System StartUp?Loading MSDOS?Loading Windows XP?Loading Windows Vista?Loading Windows 2003 Server?Loading Linux?Loading Linux Server?Loading Macintosh When to Pull the Plug or Shutdown??Boot Process Observation Linux Windows XP Module 6: PDA Forensics TBA Investigative options available to crack password-protected files?tba Module 7: Acquiring Digital Evidence Using Live Forensics Boot CD s Boot Disks?Viewing the Invisible HPA and DCO data?drive-to-drive DOS acquisition?instructor Demonstration Drive to Drive Imaging Forensics Image Files?File Formats?Data Compression?Image File Forensics Tools?Instructor Demo: Creating a Bit-by-Bit Image File?Copy Right Issue s Graphic Files Network Evidence acquisition?why Network acquisition?

?Network Cables?What tools can you use? FastBloc acquisition?fastbloc Models?Fastbloc acquisition process LinEn acquisition?mounting a File System as Read Only?Updating a Linux Boot CD with the Latest Version of LinEn?Running LinEn?Steps to using LinEn Acquisition?VMware Technology?Creating a Forensics Image of a USB Thumb Drive?Deleting Files and recovering them?erasing Files?Deleted Partition Recovery Tools?File Creation, Modification and Accessed Stamps?Changing the Time Stamp with timestomper Module 8: Forensic Models and Protocols Four Cardinal Rules Alpha 5 Best Practices Module 9: Forensics Software and Hardware Software Licensing Types Free Software Industry Accepted Software Forensics Hardware Devices:?Disk Duplicators?Write Blockers?Various Other?FTK Case?Encase Case Scenario?Hex Editors Indepth?Hex File Analysis?Helix Live Linux CD Module 10: Cryptography, Password Cracking and Steganography Origins of cryptology and cryptography?cryptography and cryptanalysis?hash Types?Pre-Computated Hash Tables?Types of encryption concepts?principles of diffusion and confusion Investigative options available to crack password-protected files

?Breaking a Windows XP Password?Brute Force Attacks?Dictionary Attacks?Username and Password list files Introduction: Past and Future Classification of Steganography?Insertion, Substitution and Creation Steganography Catagories?Substitution System?Transform Domain Technique?Spread Spectrum Techniques?Statistical Methods?Distortion Techniques?Cover Generation Methods Types of Steganography Applying Steganography?Pictures, Video, Audio, Text?Hidden Partitions?Slack Space?Unused Sectors Steganography Tools Detecting Steganography?Creating Steganography?Image Hide Tool?Blind Side Tool?Your Own Tool?Detecting Steganography?Using FTK?Using Encase?Other Methods Module 11: Lab Protocols Quality Assurance Standard Operating Procedures Peer Review Administrator Review Annual Review Deviations from the SOP Lab Intake and what you must receive Tracking Digital Evidence in the Lab Storage Requirements Proficiency Tests Code of Ethics Module 12: Forensic Investigative Theory

Locard s Exchange Principal Aspects of Reconstruction Classification?Comparison?Individualization Behavioral Evidence Analysis?Equivocal Forensic Analysis?Victimology?Incident Scene Characteristics Module 13: Processing Evidence MAC times and image metadata Windows Registry System identifiers Sources of unique identification within OS Aspects of OS data files, to include Index.dat and AOL system files Recycle folder and deleted files Module 14: Documenting and Reporting Digital Evidence Reviews and analyzes the methods used to document and report the results of a computer forensic examination. Students will present their finding and electronic discoveries in an exercise to demonstrate their abilities to create an effective presentation. Module 15: Presentation of Digital Evidence Students are introduced to aspects of presenting digital evidence in a courtroom environment. They are exposed to the specialized tools necessary to effectively create and present the results of a cyber crime investigation to an administrative body or court of law. Both civil and criminal incidents are covered during this lesson. This is the final exercise where students are faced with the challenge of presenting their findings in a low-tech format where non-technical personnel are able to decipher and understand the results. The students will physically present their findings in layman s terms, which is critical during any investigation. Students will have mastered this critical skill by the end of this exercise. Best evidence concept Hearsay concept Authenticity and Alteration of Computer Records concepts Layman s analogies available to the Computer Forensic practitioner Admissibility of digital evidence in a court of law Module 16: Fraud and it Implications

Module 17: Evidence of Fraud How do you find it?