CCE Certification Competencies



Similar documents
What is Digital Forensics?

CDFE Certified Digital Forensics Examiner (CFED Replacement)

EnCase 7 - Basic + Intermediate Topics

CYBER FORENSICS (W/LAB) Course Syllabus

Hands-On How-To Computer Forensics Training

COMPUTER FORENSICS (EFFECTIVE ) ACTIVITY/COURSE CODE: 5374 (COURSE WILL BE LISTED IN THE CATE STUDENT REPORTING PROCEDURES MANUAL)

A Short Introduction to Digital and File System Forensics

winhex Disk Editor, RAM Editor PRESENTED BY: OMAR ZYADAT and LOAI HATTAR

Incident Response and Computer Forensics

EC-Council Ethical Hacking and Countermeasures

Digital Forensics. Tom Pigg Executive Director Tennessee CSEC

Computer Forensics and Investigations Duration: 5 Days Courseware: CT

2! Bit-stream copy. Acquisition and Tools. Planning Your Investigation. Understanding Bit-Stream Copies. Bit-stream Copies (contd.

Chapter 7 Securing Information Systems

Overview of Computer Forensics

The Proper Acquisition, Preservation, & Analysis of Computer Evidence: Guidelines & Best-Practices

Discovery of Electronically Stored Information ECBA conference Tallinn October 2012

Just EnCase. Presented By Larry Russell CalCPA State Technology Committee May 18, 2012

SWGDE Minimum Requirements for Quality Assurance in the Processing of Digital and Multimedia Evidence

Defining Digital Forensic Examination and Analysis Tools Using Abstraction Layers

Administrative Procedure 3720 Computer and Network Use

How To Do Digital Forensics

Digital Forensics & e-discovery Services

How To Be A Computer Forensics Examiner

DIGITAL FORENSIC INVESTIGATION, COLLECTION AND PRESERVATION OF DIGITAL EVIDENCE. Vahidin Đaltur, Kemal Hajdarević,

Computer Forensics Today

Reduce Cost and Risk during Discovery E-DISCOVERY GLOSSARY

Introduction to Network Security Comptia Security+ Exam. Computer Forensics. Evidence. Domain 5 Computer Forensics

User Manual. Published: 12-Mar-15 at 09:36:51

MSc Computer Security and Forensics. Examinations for / Semester 1

Services. Computer Forensic Investigations


Computer Forensics introduction part A

Digital Forensics Lecture 3. Hard Disk Drive (HDD) Media Forensics

Digital Forensics, ediscovery and Electronic Evidence

Computer Forensics Principles and Practices

Of the programs offered by IACIS, the Basic Computer Forensic Examiner (BCFE) Training Program is at the forefront.

Chapter 5: Operating Systems Part 1

Open Source Digital Forensics Tools

Computer Hacking Forensic Investigator v8

CTC 328: Computer Forensics

information security and its Describe what drives the need for information security.

Immigration and Customs Enforcement Forensic Analysis of Electronic Media

Digital Forensic. A newsletter for IT Professionals. I. Background of Digital Forensic. Definition of Digital Forensic

Computer Forensics: an approach to evidence in cyberspace

Introduction to Data Forensics. Jeff Flaig, Security Consultant January 15, 2014

Linux in Law Enforcement

ITM 642: Digital Forensics Sanjay Goel School of Business University at Albany, State University of New York

Scientific Working Group on Digital Evidence

ENTERPRISE COMPUTER INCIDENT RESPONSE AND FORENSICS TRAINING

Where is computer forensics used?

Medical Networks and Operating Systems

EnCase Portable. Extend Your Forensic Reach with Powerful Triage & Data Collection

Computer Forensics as an Integral Component of the Information Security Enterprise

Information Technology Audit & Forensic Techniques. CMA Amit Kumar

CERTIFIED DIGITAL FORENSICS EXAMINER

Certified Digital Forensics Examiner

Certified Digital Forensics Examiner

Certified Digital Forensics Examiner

To Catch a Thief: Computer Forensics in the Classroom

Course overview. CompTIA A+ Certification (Exam ) Official Study Guide (G188eng verdraft)

SSD Guru. Installation and User Guide. Software Version 1.4

How To Get A Computer Hacking Program

INCIDENT RESPONSE & COMPUTER FORENSICS, SECOND EDITION

Introducing, Installing, and Upgrading Windows 7. Lesson 6

Digital Forensics with Open Source Tools

RECOVERING FROM SHAMOON

Page 1 of 5 Position Code #P Forensic Identification - Technological Crimes Unit ASSOCIATION: Civilian LOCATION: Headquarters

What Happens When You Press that Button? Explaining Cellebrite UFED Data Extraction Processes

FORENSIC ANALYSIS OF USB MEDIA EVIDENCE. Jesús Alexander García. Luis Alejandro Franco. Juan David Urrea. Carlos Alfonso Torres

Metadata, Electronic File Management and File Destruction

InfoSec Academy Forensics Track

BECOMING AN EXPERT AS AN EXPERT WITNESS

Incident Response and Forensics

Computer Forensic Tools. Stefan Hager

Excerpts from EnCase Introduction to Computer Forensics

New Technologies File System (NTFS) Priscilla Oppenheimer. Copyright 2008 Priscilla Oppenheimer

C HFI C HFI. EC-Council. EC-Council. Computer Hacking Forensic Investigator. Computer. Computer. Hacking Forensic INVESTIGATOR

Impact of Digital Forensics Training on Computer Incident Response Techniques

Developing Computer Forensics Solutions for Terabyte Investigations

File System Forensics FAT and NTFS. Copyright Priscilla Oppenheimer 1

Litigation Support. Learn How to Talk the Talk. solutions. Document management

What You Should Know About ediscovery

EUCIP IT Administrator - Module 2 Operating Systems Syllabus Version 3.0

X-Ways Capture. The program executes the following steps unless you specify a different procedure in the configuration file:

Determining VHD s in Windows 7 Dustin Hurlbut

ailexpert MailExpert Security form

Master of Science in Information Systems & Security Management. Courses Descriptions

e-discovery Forensics Incident Response

Information Technology Services Guidelines

Digital Forensics for IaaS Cloud Computing

Forensically Determining the Presence and Use of Virtual Machines in Windows 7

GUIDELINES FOR USE OF THE MODEL AGREEMENT REGARDING DISCOVERY OF ELECTRONICALLY STORED INFORMATION

Transcription:

CCE Certification Competencies May 10, 2012 Page 1

The Certified Computer Examiner (CCE) has evolved into one of the most desired certifications in the computer forensics industry. The certification is granted only after an applicant has completed a rigorous, standardized testing process. Additionally, an applicant is required to agree to and sign The ISFCE Code of Ethics and Professional Responsibility, submit a notarized statement that all work on the certification is done without assistance, undergo a criminal background check and achieve approval from the ISFCE Certification Board. The goal of the following core competencies is outline the necessary level of proficiency required for a valid CCE test candidate. The CCE applicant may or may not be tested on all subject areas listed below. The CCE testing process is designed to test an applicant s proficiency in several areas pertinent to computer forensics. The applicant is required to complete an online test and forensically examine three pieces of media, submitting a report after each examination. The Certified Computer Examiner (CCE) certification process is a pure testing process. CCE candidates are not permitted to solicit or accept assistance from anyone at any level after they register for the CCE certification process. Review and comment on CCE practical examination reports is not allowed. CCE candidates are required to abide by a signed ISFCE Code of Ethics and Professional Responsibility and are made aware of all testing requirements and guidelines at the beginning of the certification process: All work to complete the CCE certification process must be done solely by the individual CCE candidate. CCE candidates may not corroborate, work jointly, cheat or plagiarize other s work to complete the CCE process. May 10, 2012 Page 2

Ethics and Law 5% Understand ethics in practice (particularly privacy) and the CCE ethical approach. What are the requirements of professionals, privacy and confidentiality What constitutes an ethics issue CCE code of ethics Filing an ethics complaint Use of legal software Software licensing types Awareness of the existence of key pieces of legislation related to digital forensics and understanding the legislation has a direct impact on the practice of digital forensics. Also ensure students are aware of what is expected of professional examiners in court. This content is not intended to interpret or teach specific law, but only to ensure students become familiar with the existence of such legislation and understand that legal counsel may be necessary to ensure work is done in compliance with legislation. Representation of facts Components of the Discovery Process The 4 th Amendment Federal Rules of Evidence (basics) Consent Legal process for civil and criminal cases Expert Testimony and process Daubert and Frye cases Courtroom behavior Privacy issues Consent to image Possession of contraband May 10, 2012 Page 3

Hardware 5% Understand hardware specifically; hardware involved in imaging and data collection activities. Minimum requirements include visual aids and examples of hardware used, hands on demonstrations using hardware. Optical drives Hard drives Hard drive connections RAID connections and issues Boot process/bios Commonly encountered media Networks 5% Understand networking and its impact on both forensic evidence and site seizures. Networking overview Networking device identification Network acquisitions Wireless issues Encountering complex networks Offsite storage Network Forensics (very brief) Operating Systems/File Systems 20% Understanding of user interface, default set up, structures and user accounts. NTFS 15% Linux 1% Mac 2% FAT/ExFAT 2% Virtualization Legacy Master Boot Record Boot Parameter Block (BPB) components Preparation 5% Prepare examination media May 10, 2012 Page 4

Disk wiping Disk formatting Hashing Installation of operating system Installation of forensic software/tools Acquisition 10% Data Acquisition Seizure of storage media Understand safe boot procedures and forensic boot disks. Authentication 5% Controlling / security access logs etc for image media Chain of Custody Procedure Maintaining evidence integrity Ensuring evidence image authenticity via hashing Analysis (primarily NTFS) 25% Text gathering General use of a hex editor Hexadecimal notation Explanation of ASCII Explanation of Unicode Explanation of offsets Process forensic image Document examination process Registry Analysis Password recovery Metadata analysis Data carving Internet history analysis OS artifacts MACB times File recovery Email analysis Presentation/Reporting 15% Disposition of evidence May 10, 2012 Page 5

Report preparation Preparation of documents for trial o Summation and Analysis sections o Format examples o Appendices and Glossaries Media Geometry 5% Understand how drives and storage works physically and logically. Nibbles/Bits/Bytes Sectors Clusters File/sector slack Unallocated space CHS addressing Logical based addressing Addressing translation Disk partitioning Partitioning utilities GUID Partition Tables GPT DCO s and HPA s May 10, 2012 Page 6

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information