Certified Digital Forensics Examiner

Similar documents
Certified Digital Forensics Examiner

Certified Digital Forensics Examiner

CERTIFIED DIGITAL FORENSICS EXAMINER

InfoSec Academy Forensics Track

CDFE Certified Digital Forensics Examiner (CFED Replacement)

Hands-On How-To Computer Forensics Training

Certified Digital Forensics Examiner (CDFE)

EC-Council Ethical Hacking and Countermeasures

C HFI C HFI. EC-Council. EC-Council. Computer Hacking Forensic Investigator. Computer. Computer. Hacking Forensic INVESTIGATOR

C HFI C HFI. EC-Council. EC-Council. Computer Hacking Forensic Investigator. Computer. Computer. Hacking Forensic INVESTIGATOR

Computer Hacking Forensic Investigator v8

Computer Forensics and Investigations Duration: 5 Days Courseware: CT

How To Get A Computer Hacking Program

e-discovery Forensics Incident Response

CST 244 Computer Forensics and Investigation Spring, 2010

Digital Forensics for Attorneys Overview of Digital Forensics

MSc Computer Security and Forensics. Examinations for / Semester 1

To Catch a Thief: Computer Forensics in the Classroom

Information Technologies and Fraud

CYBER FORENSICS (W/LAB) Course Syllabus

ESI Risk Assessment: Critical in Light of the new E-discovery and notification laws

Introduction to Data Forensics. Jeff Flaig, Security Consultant January 15, 2014

Digital Forensics & e-discovery Services

Digital Forensics & e-discovery Services

plantemoran.com What School Personnel Administrators Need to know

information security and its Describe what drives the need for information security.

Ricoh Legal. Live Data Acquisition: The New Default Standard for Capturing ESI?

Course overview. CompTIA A+ Certification (Exam ) Official Study Guide (G188eng verdraft)

ITM 642: Digital Forensics Sanjay Goel School of Business University at Albany, State University of New York

About Your Presenter. Digital Forensics For Attorneys. Overview of Digital Forensics

COMPUTER FORENSICS (EFFECTIVE ) ACTIVITY/COURSE CODE: 5374 (COURSE WILL BE LISTED IN THE CATE STUDENT REPORTING PROCEDURES MANUAL)

ENTERPRISE COMPUTER INCIDENT RESPONSE AND FORENSICS TRAINING

Computer Forensic Capabilities

Services. Computer Forensic Investigations

e-discovery Forensics Incident Response

How To Be A Computer Forensics Examiner

Impact of Digital Forensics Training on Computer Incident Response Techniques

Breakfast Meeting: Securing your Secured Data Digital Forensics, Fraud and Forensic Advancements

I. PREREQUISITES For information regarding prerequisites for this course, please refer to the Academic Course Catalog.

Data Preservation Duties and Protocols

70250 Graduate Certificate in Digital Forensics

Legal Framework to Combat Cyber Crimes in the Region: Qatar as a Model. Judge Dr. Ehab Elsonbaty Cyber Crime expert ehabelsonbaty@hotmail.

Understanding ediscovery and Electronically Stored Information (ESI)

(Instructor-led; 3 Days)

Digital Forensics Tutorials Acquiring an Image with FTK Imager

COWLEY COLLEGE & Area Vocational Technical School

CYBER FORENSICS. KRISHNA SASTRY PENDYALA Cyber Forensic Division Central Forensic Science Laboratory Hyderabad.

Spoliation of Evidence. Prepared for:

Lecture outline. Computer Forensics and Digital Investigation. Defining the word forensic. Defining Computer forensics. The Digital Investigation

The Proper Acquisition, Preservation, & Analysis of Computer Evidence: Guidelines & Best-Practices

Digital Forensic Techniques

Tuskegee University Department of Computer Science Course No: CSCI 390 (Computer Forensics) Fall MWF 1:00-2:300, BRIM 301

2. Neither the name of SWGIT, nor the names of its contributors, may be used to endorse or promote products derived from its documents.

DIGITAL FORENSIC INVESTIGATION, COLLECTION AND PRESERVATION OF DIGITAL EVIDENCE. Vahidin Đaltur, Kemal Hajdarević,

Case Study: Smart Phone Deleted Data Recovery

Regional Computer Forensic Laboratory & Digital Forensics. Presented By: D. Justin Price FBI - Philadelphia Computer Analysis Response Team

The Role of Digital Forensics within a Corporate Organization

Course Title: Computer Forensic Specialist: Data and Image Files

CTC 328: Computer Forensics

Chapter 7 Securing Information Systems

KIMMONS INVESTIGATIVE SERVICES, INC. Texas Largest & Most Experienced Investigative Firm

KIMMONS INVESTIGATIVE SERVICES, INC.

Modern Digital Forensics!!

Massachusetts Digital Evidence Consortium. Digital Evidence Guide for First Responders

Overview of Computer Forensics

Digital Forensics, ediscovery and Electronic Evidence

Digital Forensics. Larry Daniel

CyberNEXS Global Services

E- Discovery in Criminal Law

S. Robert Radus, CPA CFE PI Curricula Vitae. Examination of plaintiff, respondent, and defendant books and records to determine:

PREREQUISITE(S): CTS 1131, CTS 1133 and CTS 1120

Digital Evidence Collection and Use. CS 585 Fall 2009

DIGITAL FORENSIC TECHNOLOGY SEE BEYOND THE NUMBERS

Large Scale Cloud Forensics

MCOLES Information and Tracking Network. Security Policy. Version 2.0

Scientific Working Group on Digital Evidence

Introduction. IMF Conference September 2008

WILLIAM OETTINGER PHONE (702)

Digital Forensics for Attorneys - Part 2

Robotics Core School 1

EnCase Implementation Statement of Work

What is Digital Forensics?

Future of Digital Forensics: A Survey of Available Training

Investigation Techniques

Panel Title: Data Breaches: Industry and Law Enforcement Perspectives on Best Practices

Sensitive Incident Investigations. Digital Risk Management. Forensics Testing.

Digital Forensics: The aftermath of hacking attacks. AHK Committee Meeting April 19 th, 2015 Eng. Jamal Abdulhaq Logos Networking FZ LLC

Validating Tools for Cell Phone Forensics

Introduction to Cyber Security / Information Security

NIST CYBERSECURITY FRAMEWORK COMPLIANCE WITH OBSERVEIT

Certified Cyber Security Analyst VS-1160

Information Technology Audit & Forensic Techniques. CMA Amit Kumar

Xact Data Discovery. Xact Data Discovery. Xact Data Discovery. Xact Data Discovery. ediscovery for DUMMIES LAWYERS. MDLA TTS August 23, 2013

Computer Forensics and What Is, and Is Not, There on Your Client s Computer. Rick Lavaty, Computer Systems Administrator, District of Arizona

How to Win the Battle Over Electronic Discovery in Employment Cases. By Philip L. Gordon, Esq.

Incident Response and Forensics

Data Security Incident Response Plan. [Insert Organization Name]

Certified Secure Computer User

102 ediscovery Shakedown: Lowering your Risk. Kindred Healthcare

Transcription:

Certified Digital Forensics Examiner Course Name: CDFE V6.0 Duration: Language: 5 days English Format: Instructor-led (Lecture and Lab) Prerequisite: Experience in using a computer Student Materials: Student workbook Student reference manual Student Lab Guide Software/ tools DVD Certification Exam: CDFE Certified Digital Forensics Examiner Certification Track: CDFE Certified Digital Forensics Examiner CPTEng Certified Pen Testing Engineer CPTC -- Certified Pen Testing Consultant The Certified Digital Forensics Examiner program is designed to train Cyber Crime and Fraud Investigators whereby students are taught electronic discovery and advanced investigation techniques. This course is essential to anyone encountering digital evidence while conducting an investigation. BENEFITS OF THIS COURSE The CDFE course will benefit organizations, individuals, government offices, and law enforcement agencies interested in pursuing litigation, proof of guilt, or corrective action based on digital evidence. An example of corrective action would be the termination of an employee for a violation of computer usage where digital evidence was needed to support the allegation. The investigator must furnish an irrefutable burden of proof based on that digital evidence. If not irrefutable, an attorney knowledgeable about Computer Forensics could have the case thrown out of court. Government or investigative agencies need proper training to succeed in cases like the above as well as those including acts of fraud, computer misuse, illegal pornography, counterfeiting, and so forth. Mile2 s Certified Digital Forensics Examiner training teaches the methodology for conducting a computer forensic examination. Students will learn to use forensically sound investigative techniques in order to evaluate the scene, collect and document all relevant information, interview appropriate personnel, maintain chain-of-custody, and write a findings report. Also available as: LIVE REMOTE TRAINING Attend live class from anywhere in the world! Live Presentations with Powerful functionality that delivers easy viewing of slides and other documents, shared Internet access, virtual whiteboard, and a media center all through an easy-touse toolbar. Application, file, and desktop sharing enable you to view live demonstrations. Dedicated high spec remote PC per student with full access as if you are sitting in-front of the PC in the classroom. Instructor views each students session when you perform your hands on labs, the instructor can access your remote system to demonstrate and assist while you sit back to absorb the classroom style mentoring you expect. Public and private text chat allows for increased interactivity between students and instructor

2 WHAT DO STUDENTS LEARN? The CDFE training covers a wide range of topics including: Forensic Examination Tools of the trade Seizure Concepts Incident Investigation Fundamentals of conducting an effective computer forensic examination Electronic Discovery and Digital Evidence WHO IS THIS COURSE FOR Anyone who is or may be to be involved in examining electronic devices for digital artifacts (i.e. evidence) needed for company, legal, or law enforcement investigations. OBJECTIVES COVERED IN LABORATORY SCENARIOS Recovering electronically stored data for civil litigation Recovering, categorizing and analyzing data Hiding and discovering potential evidence Investigating a misappropriations of proprietary information complaints Bit-by-bit imaging digital media and preserving the integrity of the image Identifying and reconstructing information within various file systems Conducting an investigation into a complaint of sexual harassment Understanding anti-forensics and steganography Discover how a computer has been used and learn: What websites have been visited? What data has been deleted, and why? What data is stored on the hard drive? What e-mails have been sent and received? Has data been copied off of the computer?

4 COURSE HISTORY Computer Forensics as a field was born and developed by U.S. federal law enforcement agents during the mid to late 1980s. New techniques were needed to meet the challenges of white-collar crimes being committed with the assistance of a PC. By 1985 enforcement agents were being trained in the automated environment and by 1989 software and protocols were beginning to emerge in the discipline. mile2 s originally had two courses forensics related courses: CFED (Computer Forensics and Electronic Discovery) and AFCT (Advanced Forensics Computer Techniques). These courses and related materials were created by practitioners in the forensics field. In 2008 CFED and AFCT were combined into the CDFE course. Course content and materials are updated periodically to keep up with technology and concepts in the digital forensics field. UPON COMPLETION Certified Digital Forensics Examiner graduates obtain real world computer forensic knowledge that will help them recognize, seize, preserve and present digital evidence. Mile2 s computer forensic graduates gain the skills and knowledge to perform forensically sound computer examinations and to clearly and accurately report on their findings. Students will also be able to confidently attempt mile2 s Certified Digital Forensics Examiner certification exam. MAJOR TOPICS COVERED Module 1: Module 2: Module 3: Module 4: Module 5: Module 6: Module 7: Module 8: Module 9: Introduction Computer Forensic Incidents Investigation Process Disk Storage Concepts Digital Acquisition & Analysis Forensic Examination Protocols Digital Evidence Protocols CFI Theory Digital Evidence Presentation Module 11: Module 12: Module 13: Module 14: Module 15: Module 16: Module 17: Appendix 1: Appendix 2: Computer Forensic Processing Techniques Digital Forensics Reporting Specialized Artifact Recovery e-discovery and ESI Cell Phone Forensics USB Forensics Incident Handling PDA Forensics Investigating Harassment Module 10: Computer Forensic Laboratory Protocols

5 CDFE Lab Outline Mile2 - Lab 1: Preparing Forensic Workstation AccessData FTK Imager Installation AccessData FTK Installation KFF Library Database Installation AccessData Registry Viewer Installation AccessData Password Recovery Toolkit Installation Mile2 - Lab 2: Chain of Custody Chain of Custody Search and Seizure Chain of Custody Forensic Imaging Mile2 - Lab 3: Imaging Case Evidence / FTK Imager Mile2 - Lab 4: Reviewing Evidence / AccessData Tools Creating a Case in AccessData Forensic Toolkit Reviewing Evidence in AccessData FTK Imager Reviewing Software File in AccessData Registry Viewer Reviewing System File in AccessData Registry Viewer Reviewing SAM File in AccessData Registry Viewer

6 C)DFE COURSE OUTLINE Module 1 Introduction Introductions (Instructor) Introductions (Students) Disclaimers Notice Course Schedule Student Guide (Layout) Introduction to Computer Forensics Course Objectives Module 2 - Computer Forensic Incidents The Legal System Criminal Incidents Civil Incidents Computer Fraud Internal Threats Investigative Challenges Common Frame of Reference Media Volume CDFE Module 3 Investigation Process Investigating Computer Crimes Prior to the Investigation Forensics Workstation Building Your Team of Investigators Who is involved in Computer Forensics? Decision Makers and Authorization Risk Assessment Forensic Investigation Toolkit Investigation Methodology Preparing for an Investigation Search Warrant Forensic Photography Preliminary Information First Responder Collecting Physical Evidence Collecting Electronic Evidence Guideline for Acquiring Electronic Evidence Securing the Evidence Managing the Evidence Chain of Custody Duplicate the Data Verify the Integrity of the Image Recover Last Data Data Analysis Data Analysis Tools Assessing the Evidence Assessing the Case Location Assessment Best Practices Documentation Gathering and Organizing Information Writing the Report Expert Witness Closing the Case Module 4 - OS Disk Storage Concepts Disk Based Operating Systems OS / File Storage Concepts Disk Storage Concepts Module 5- Digital Acquisition and Analysis Digital Acquisition Digital Acquisition Procedures Digital Forensic Analysis Tools Module 6 - Forensic Examination Protocols Forensic Examination Protocols Forensic Examination

7 Module 7 - Digital Evidence Protocols Digital Evidence Concepts Digital Evidence Categories Digital Evidence: Admissibility Module 8 - CFI Theory Computer Forensic Investigative Theory Module 9 - Digital Evidence Presentation Digital Evidence Presentation Digital Evidence Digital Evidence: Hearsay Digital Evidence: Summary Module 10 Computer Forensics Lab Protocols Overview Quality Assurance Standard Operating Procedures Reports Peer Review Who should review? Peer Review Consistency Accuracy Research Validation Relevance Peer Review Annual Review Deviation Lab Intake Tracking Storage Discovery Module 11 CF Processing Techniques Computer Forensic Processing Techniques Module 12 - Digital Forensics Reporting Analysis Report Definition Computer Sciences Ten Laws of Good Report Writing Cover Page Table of Contents Examination Report Background Request Summary of Findings Forensic Examination Tools Evidence Items of Evidence Analysis Findings Conclusion Exhibits Signatures Module 13 - Specialized Artifact Recovery Prep System Stage Background Overview Prep System Stage Windows File Date/Time Stamps File Signatures Image File Databases The Windows OS Windows Registry Alternate Data Streams Windows Unique ID Numbers Decode GUID's

8 Historical Files Windows Recycle Bin Copy out INFO2 for Analysis Web E-mail Module 14 - ediscovery and ESI ediscovery Discoverable ESI Material ediscovery Notification Required Disclosure ediscovery Conference Preserving Information ediscovery Liaison ediscovery Products Metadata What is Metadata? Data Retention Architecture Safe Harbor Rule 37(f) ediscovery Spoliation Tools for ediscovery Module 15 - Cell Phone Forensics Cell Phones Types of Cell Networks What can a criminal do with Cell Phones? Cell Phone Forensics Forensics Information in Cell Phones Subscriber Identity Module (SIM) Integrated Circuit Card Identification (ICCID) International Mobile Equipment Identifier (IMEI) Electronic Seal Number (ESN) Helpful Hints for the Investigation Things to Remember when Collecting Evidence Acquire Data from SIM Cards SIM Cards Cell Phone Memory Analyze Information Analyze Cell Phone Forensic Tools Device and SIM Card Seizure Cell Phone Analyzer Tools Forensic Card Reader ForensicSIM Tool Forensic Challenges Paraben Forensics Hardware Paraben Forensics Hardware Paraben: Remote Charger Paraben: Device Seizure Toolbox Paraben: Wireless Stronghold Tent Paraben: Passport Stronghold Bag Paraben: Project-a-phone Paraben: Project-a-phone Paraben: SATA Adapter Paraben: Lockdown Paraben: SIM Card Reader Paraben: Sony Clie Paraben: CSI Stick Paraben: USB Serial DB9 Adapter Paraben: P2 Commander Module 16 - USB Forensics USB Components USB Forensics USB Forensics Investigation Determine USB Device Connected Tools for USB Imaging Module 17 - Incident Handling Incident Handling Defined What is a security event? Common Security Events of Interest What is a security incident? What is an incident response plan? When does the plan get initiated? Common s of Incident Response Management Incident Handling Steps Be Prepared The Incident Response Plan Incident Handling Incident Response Plan Roles of the Incident Response Team Incident Response Team Makeup Challenges of building an IRT

9 Incident Response Training and Awareness Jump Kit Prepare Your Sites and Systems Identification of an Incident Basic Incident Response Steps Proper Evidence Handling Containment Onsite Response Secure the Area Conduct Research Make Recommendations Establish Intervals Capture Digital Evidence Change Passwords Determine Cause Defend Against Follow-on Attacks More Defenses Analyze Threat and Vulnerability Restore System(s) to Operation Report Findings Restore System Verify Decide Monitor Systems Follow-up Report Appendix 2 - Investigating Harassment Sexual Harassment Overview Examples of Sexual Harassment What it is not? Approach of General Investigation Conduct Your Investigation Preventative Action Appendix 1 - PDA Forensics Personal Digital Assistants Characteristics Palm OS Palm OS Architecture Pocket PC Windows Mobile Architecture Linux-based PDAs Linux OS for PDAs-Architecture Typical PDA State Security Issues ActiveSync and HotSync PDA Forensic Steps Tips for Conducting the Investigation PDA Forensic Tools Countermeasures

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information