Of the programs offered by IACIS, the Basic Computer Forensic Examiner (BCFE) Training Program is at the forefront.



Similar documents
Cyber Incident Forensic Response (CIFR) 2015

CTC 328: Computer Forensics

CYBER FORENSICS (W/LAB) Course Syllabus

FINAL SCHEDULE YEAR 1 AUGUST WEEK 1

RE: School of Computer Forensic Investigation, Class 7, Eastern Michigan University

Computer Forensics and Investigations Duration: 5 Days Courseware: CT

EC-Council Ethical Hacking and Countermeasures

EnCase 7 - Basic + Intermediate Topics

ENTERPRISE COMPUTER INCIDENT RESPONSE AND FORENSICS TRAINING

Course Syllabus - IST 454 Computer and Cyber Forensics General Course Information

CDFE Certified Digital Forensics Examiner (CFED Replacement)

COS/PSA 412 Computer Forensics and Investigations

Introduction to Computer Forensics ITP 499 (3 Units)

HOWARD. UNIVERSITY School of Business

CCE Certification Competencies

Advanced Digital Forensics ITP 475 (4 Units)

Computer Forensics (3 credit hours)

IS 6363 Computer Forensics Spring 2006

RouseABOUT Graphics Seminar 2008 Summer Session

Computer Forensics. Securing and Analysing Digital Information

Engineering Problem Solving and Programming (CS 1133)

Introduction to Computer Forensics Course Syllabus Spring 2012

Syllabus -- CIS Computer Maintenance / A+ Certification

Module C5 Longitudinal Data Analysis

(Part 2) Lunch Block 7 1:05 PM 2:27 PM

OUR LADY OF THE LAKE UNIVERSITY SCHOOL OF BUSINESS AND LEADERSHIP CISS 3342 SYLLABUS

NEBB Cleanroom Performance Testing Certified Professional Seminar and Exams

MARK J. ESKRIDGE, OWNER / INVESTIGATOR DIGITAL FORENSIC INVESTIGATIONS, INC. California Private Investigator license #26633

ACCT 510 Forensic Accounting Spring 2015 T/R 10:50 12:05 PM, Tate 304

Physics 21-Bio: University Physics I with Biological Applications Syllabus for Spring 2012

Nurse Assistant Training Program Application MISSION STATEMENT ADMISSION REQUIREMENTS BACKGROUND CHECKS/BARRIER CRIMES

Overview of Computer Forensics

Developing Computer Forensics Solutions for Terabyte Investigations

CSC 314: Operating Systems Spring 2005

CMJ CRIME SCENE INVESTIGATION Spring Syllabus 2015

Thursday 11:00 a.m. - 12:00 p.m. and by appointment

A High School Diploma: The Foundation for Life. USD 489 Hays EOE. Individualized, Mastery-Based Instruction Work at your own pace Online or in our Lab

Course overview. CompTIA A+ Certification (Exam ) Official Study Guide (G188eng verdraft)

Hands-On How-To Computer Forensics Training


2016 Training Catalog Thermal Management Training Catalog Liebert Cooling Products

MPAY Software 12th Annual User Conference

Module C5 Longitudinal Data Analysis

SERVICE CERTIFICATION TRAINING PROGRAM

Security and Computer Forensics ITP 477 (4 Units)

South Plains College. MATH 2320 Differential Equations Section 001, M W 8 9:15 am Math Bldg., Rm. 105

Introduction to Forensic Anthropology ASM 275, Section 6146, Glendale Community College, Spring 2008

SERVICE CERTIFICATION TRAINING PROGRAM

Training Course CompTIA A+

ABNORMAL PSYCHOLOGY (PSYCH 238) Psychology Building, Rm.31 Spring, 2010: Section K. Tues, Thurs 1:45-2:45pm and by appointment (schedule via )

INTRO TO COMPUTER GRAPHICS

FBI NATIONAL ACADEMY ASSOCIATES

MS-50292: Administering and Maintaining Windows 7. Course Objectives. Required Exam(s) Price. Duration. Methods of Delivery.

Discovery of Electronically Stored Information ECBA conference Tallinn October 2012

Math 103, College Algebra Fall 2015 Syllabus TTh PM Classes

How To Get A Computer Hacking Program

The Basics of Digital Forensics; John Sammons; Syngress, 2011; ISBN-13:

MAT 1111: College Algebra: CRN SPRING 2013: MWF 11-11:50: GRAY 208

California State University, Chico Department of Health & Community Services

Computer and Network Forensics INF 528 (3 Units)

FDA/Centers: your center training contact, who will submit it to the DHRD training officer.

GGR272: GEOGRAPHIC INFORMATION AND MAPPING I. Course Outline

Computer Hacking Forensic Investigator v8

Digital Forensics at the National Institute of Standards and Technology

AAT Level 2 Award Computerised Accounting and Sage Instant Accounts course

SOUTHWESTERN MICHIGAN COLLEGE SCHOOL: Arts and Sciences Niles, Michigan COURSE SYLLABUS Fall Semester 2014

ADVANCED COMPOSITION: AMERICAN ACADEMIC CULTURE

Surgical Technology Accelerated Alternate Delivery (AAD) Program (For all students in the program January 2015 or later)

LECTURE - 3 RESOURCE AND WORKFORCE SCHEDULING IN SERVICES

How To Learn To Use A Trane Building Control System

ACC 7145: ACCOUNTING SYSTEMS DESIGN AND CONTROL SYLLABUS FOR SUMMER SESSION 2014

Fundamental Theory & Practice of Digital Forensics. Training Course

Sandra Day O Connor High School N. 35 th Avenue Phoenix, Arizona (623) (623) (fax) sdohs.dvusd.org

Syllabus: Office Technology Medical Office Assistant

2015 Federal Workers Compensation Conference Exhibitor & Sponsor Information July 27 29, 2015 Marriott Tampa Waterside Hotel: Tampa, FL

AUGUST Register for our workshops on Academica. Workshops. Consultation Services. otl.wayne.edu

NATO CIVILIAN PRE-DEPLOYMENT COURSES IN 2010 JOINING INSTRUCTIONS

Cosc Microcomputer Applications Course Syllabus: Fall 2014

Transcription:

BCFE 2015 BASIC Certified Examiner Training Program Program Description and Syllabus Contents A. Program Overview B. Prerequisites C. Automated Tools, Hardware, and Software D. Required Equipment and Supplies E. Attendance and Program Conduct Requirements F. Course Schedule for Week 1 and Week 2 A. Program Overview IACIS is an independent, non-profit, peer-review organization that has been recognized as a leader in computer forensics training since 1991. Each year IACIS offers several courses of study, at various locations worldwide, including a variety of advanced and specialized courses and programs that are specifically targeted to a particular topical focus or a particular sub-specialty within the field of computer forensics. Of the programs offered by IACIS, the Basic Computer Examiner (BCFE) Training Program is at the forefront. The IACIS BCFE Training Program is a 80-hour course of instruction this is offered over a period of two (2) consecutive weeks, and which is designed to provide students with the foundation knowledge necessary to enter the IACIS Certified Computer Examiner (CFCE) process. Through a combination of lectures, instructor-led and independent hands-on practical exercises, and independent laboratory activities students will learn the underlying principles of computer forensic examination and how to apply them in practice. While this program might seem to be primarily for those students who are new to or just starting out in the field of computer forensics, it is in fact equally suitable for more advanced students and those who are long-time practitioners: IACIS espouses, and the BCFE program champions, a forensic tool-independent and forensic methodologyindependent approach to learning computer forensics. This enables IACIS to provide students with a deeper exploration of underlying principles than might be afforded in other programs, which are designed to teach students how to use a particular forensic tool to complete a particular task. Approximately 90% of what is needed for students to successfully complete the BCFE program and the subsequent certification process is provided during course program IACIS The International Association of Computer Investigative Specialists Page 1 of 7

lectures and practical exercises, and so students are expected to do additional outside reading and to perform additional independent research. The program schedule includes substantial laboratory time (optional) for students who need or want additional assistance on particular topics. B. Prerequisites While there are no prerequisites for entry into the BCFE program beyond the applicable IACIS membership requirements, students are expected to be comfortable using a computer and working with electronic devices; and students should have an appropriate interest in the field of computer forensics generally. And while students are also expected to be familiar with the family of operating systems, no advanced level knowledge of the various versions or editions is expected or required. That said, the student whose experience with is limited to XP versions and earlier may find the BCFE program very challenging. Finally, while knowledge of and experience working within different operating system environments such as DOS, various versions of Apple/Mac/iOS, and various flavors of the Linux operating system can be helpful for students, such knowledge and experience are by no means required for successful completion of the BCFE program or the CFCE process. It is important to note that the BCFE program does not distinguish between someone who has very basic computing skills and who is just starting out in the field of computer forensics, and one who has more advanced knowledge of computers or prior training in general information technology topics or in computer forensics. Certainly one who has more extensive experience will initially be more comfortable with some of the foundational course material, but as the program advances whatever knowledge gap there might be at the start of the program will quickly close. In the end, all students are considered at the same level, as it were; and individual courses are constructed with this in mind. C. Automated Tools, Hardware, and Software IACIS espouses a forensic tool-independent and forensic methodology-independent approach to teaching computer forensics. To this end, IACIS does not endorse or support any particular forensic software tool, forensic hardware device, or any particular software program generally. Students are not required or expected to have any knowledge of any particular forensic software or automated tool suite; and in fact there is no expectation that students in the BCFE program be familiar with or have any experience using any particular software program. Similarly, students are not required or expected to have any knowledge of any particular IACIS The International Association of Computer Investigative Specialists Page 2 of 7

forensic hardware device or component. The above notwithstanding, automated and manual forensic software tools will be used during instructional modules to illustrate teaching points and to facilitate MANUAL study of data structures and data recovery by using a limited functionality of particular tool or suite of tools. Similarly, particular forensic hardware devices might also be used to teach students about particular forensic processes. In cases where use of any particular hardware item or software program of any type is required for an instructor-led activity, in-class practical exercise, or independent laboratory exercise, students will be provided access to the particular hardware item or software program, and there will be instruction as to the use of that particular hardware item or software program for the limited purpose of the activity at hand. So there are no misunderstandings, regardless of what hardware item or software program might be used, the purpose of any instruction that might be provided with respect the item or program is intended solely for the immediate purpose of the instructional block at hand, and is not designed to provide specific training on that hardware item or software program. D. Required Equipment and Supplies Students will be supplied with all of the materials needed to successfully complete the BCFE program. This includes a program manual that includes instructor-led practical and independent laboratory exercises, various hardware and software tools/items, and other items and resources that are needed for particular courses or that might be of benefit later, in the field. Students are not required to bring a computer with them to the training program. With participation in the BCFE training event, IACIS is providing each student a laptop computer for their use during the event and also to take home with them and use. Along with the laptop, student will also receive a write-blocker amongst other equipment. The BCFE Training is contained in three (3) printed manuals. Students should be aware that they will be returning home with more baggage than they came with and should make arrangements for this. In the past, IACIS has tried to get a package mailing company to stop by the hotel towards the end of the event so that students can ship extra equipment back to their homes or Agencies. This is at the students own cost. IACIS will try to find a similar vendor for 2015, but if that is not possible, there is a UPS store within walking distance from the hotel. Students may bring a laptop computer or other digital device with them for personal use outside of the classroom. Students are not permitted to use their personal laptop computers, pad/tablet computing devices, cellular telephones, and other personal computing devices in the classroom. IACIS The International Association of Computer Investigative Specialists Page 3 of 7

E. Attendance and Program Conduct Requirements The BCFE program provides approximately eighty (80) hours of instruction in various computer forensics courses. The program runs for two (2) consecutive weeks, Monday through Friday, from 8:00 AM to 5:00 PM daily each week, with a one (1) hour break for lunch from 12:00 noon to 1:00 PM each day. On the 2 nd Friday of the program, the event will conclude by 5:00 PM after closing ceremonies, as noted below. Courses are timed using the traditional 50 minute hour to allow for a short break near the top of each hour, whenever possible. On the first day of the program, the first hour (from 8:00 AM to 9:00 AM) is used for administrative purposes such as staff introductions and providing students information about the programming to follow. That hour is considered part of the overall program due to the vital information provided. The afternoon on the last day of the program (3:00 PM to 5:00 PM) is dedicated to various administrative and IACIS membership services topics. This includes a critical presentation on the Certified Computer Examiner (CFCE) process. At the conclusion of the presentations students who met all requirements for successful completion of the program will be issued certificates of completion for the BCFE program. So there is no misunderstanding, the certificate of completion awarded to students who successfully complete the 80-hour BCFE course of instruction and is not the IACIS Certified Computer Examiner certificate. The CFCE process is a process unto itself. The CFCE process will be addressed during the BCFE program. Students are expected to attend all training sessions. Classes begin promptly at 8:00 AM, and students are expected to be prepared to begin the instructional day at that time. Classes will always continue until 5:00 PM on each class day. On the final day, the program will close by 5:00 PM. It is important for students to understand that the presentations in the afternoon of the last day, are considered mandatory: The bulk of the afternoon consists of a lengthy session addressing the CFCE process, and it is during this time that all of the information regarding that process is presented to students. Moreover, vital information is provided on what IACIS services and resources are available to members; and instructions are provided on how these services and resources are accessed. Due to the important information being discussed towards the end of the training event, information that will help you during the CFCE process, please do not book return flights out of Orlando before 7:00 or 7:30 p.m. on Friday to allow for security clearances and traffic to the airport. IACIS understands that unforeseen circumstances and emergency situations may arise, and so students are permitted to briefly leave the classroom to deal with such situations. That said, students who have prolonged absences from class may not be issued a certificate of completion at the end of the program, and may not qualify for entry into the CFCE process. While students are encouraged to take notes during classes, activities, and laboratory sessions, students are not permitted to use their personal laptop computers or other personal computing devices during any classes. Similarly, students are not permitted to use any audio or video recording devices, at any time during any classroom or laboratory IACIS The International Association of Computer Investigative Specialists Page 4 of 7

session. Students are expected to dress professionally and appropriately for a business casual environment (collared shirt, slacks, etc.). Shorts, tank tops, sandals, flip-flops, and similar casual apparel will not be permitted in the classroom at any time. Something for students to consider is that the classroom is air conditioned, and the temperature is set lower than what one may typically expect to keep the room comfortable given the heat that can be generated by a large group people and over 200 computers. At times, however, when the computers are idle, the room can become too cold for some students, so one might consider bringing a sweater or light jacket to wear. Students must be mindful of the fact that the classroom is large, with approximately 200 students and staff. Even small distractions can make it difficult for others to hear or to remain focused on the instructor. So, then, students are asked to be courteous and aware of their fellow students. During classes, students are expected to be attentive and fully engaged. Cell phones must be put on vibrate or silent mode, and students should step out of the classroom if it becomes necessary. The training event takes place at the Marriott Lake Mary, 1501 International Parkway, Lake Mary Fl 32746, Phone 407-995-1100. The hotel is located about 40 miles from the Orlando International Airport (MCO). A taxi ride from MCO to the hotel can cost $80.00 (US) and up, based on traffic congestion at the time. Towards the start of the training event, you may be able to post to the IACIS Listserv to find cab-share for students. There are many eating establishments within walking distance from the hotel including a supermarket, banks, and a cleaner. The hotel does have a coin-operated laundry facility. IACIS The International Association of Computer Investigative Specialists Page 5 of 7

F. BCFE Course Schedule Week 1 Week 1 Monday Tuesday Wednesday Thursday Friday 8:00 Opening Ceremonies and Administrative Tasks 8:30 Admin Task/Competencies Disk Structures NTFS File Hardware Identification 08:50-9:00 9:00 Numbering s Disk Structures First Responder I - Planning 9:50-10:00 10:00 Numbering s 10:50-11:00 11:00 Introduction to WinHex 11:50-13:50-14:50-15:50-16:00 FAT File First Responder II - Crime Scene First Responder II - Crime Scene LUNCH LUNCH LUNCH LUNCH LUNCH BIOS, Boot Sequence, and Boot Environments Intro to Analysis & Practical Scenario BIOS, Boot Sequence, and Boot Environments Legal/Ethics Acquisition Practical Exercise BIOS, Boot Sequence, and Boot Environments 16:00 Disk Structures 16:50-17:00 NTFS File Legal/Ethics Acquisition Practical Exercise END OF DAY END OF DAY NTFS File Hashing & Hash Sets Acquisition Practical Exercise END OF DAY END OF DAY END OF DAY LAB NO LAB LAB LAB LAB NO LAB IACIS The International Association of Computer Investigative Specialists Page 6 of 7

F. BCFE Course Schedule Week 2 Week 2 Monday Tuesday Wednesday Thursday Friday 8:00 Active File Review Registry File Metadata P2P Cloud Storage 08:50-9:00 9:00 9:50-10:00 10:00 10:50-11:00 11:00 11:50-13:50-14:50-15:50-16:00 16:00 16:50-17:00 Registry Compound Files P2P Search Strategies Registry Mac Triage Methodologies Encryption Mac Triage Report Writing LUNCH LUNCH LUNCH LUNCH LUNCH Encryption Mac Triage Courtroom Testimony File Headers and Carving Small Scale Devices Courtroom Testimony File Headers and Carving (Social Media) Small Scale Devices Administrative / eservices END OF DAY File Headers and Carving (Email) Small Scale Devices Certification Process END OF DAY END OF DAY END OF DAY END OF DAY LAB LAB LAB LAB NO LAB NO LAB IACIS The International Association of Computer Investigative Specialists Page 7 of 7

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information