Certified Digital Forensics Examiner

Similar documents
CERTIFIED DIGITAL FORENSICS EXAMINER

Certified Digital Forensics Examiner

Certified Digital Forensics Examiner

InfoSec Academy Forensics Track

CDFE Certified Digital Forensics Examiner (CFED Replacement)

Hands-On How-To Computer Forensics Training

EC-Council Ethical Hacking and Countermeasures

Computer Forensics and Investigations Duration: 5 Days Courseware: CT

Certified Digital Forensics Examiner (CDFE)

C HFI C HFI. EC-Council. EC-Council. Computer Hacking Forensic Investigator. Computer. Computer. Hacking Forensic INVESTIGATOR

How To Get A Computer Hacking Program

C HFI C HFI. EC-Council. EC-Council. Computer Hacking Forensic Investigator. Computer. Computer. Hacking Forensic INVESTIGATOR

Computer Hacking Forensic Investigator v8

e-discovery Forensics Incident Response

Information Technologies and Fraud

To Catch a Thief: Computer Forensics in the Classroom

Course overview. CompTIA A+ Certification (Exam ) Official Study Guide (G188eng verdraft)

How To Be A Computer Forensics Examiner

Introduction to Data Forensics. Jeff Flaig, Security Consultant January 15, 2014

plantemoran.com What School Personnel Administrators Need to know

CYBER FORENSICS (W/LAB) Course Syllabus

ENTERPRISE COMPUTER INCIDENT RESPONSE AND FORENSICS TRAINING

Digital Forensics for Attorneys Overview of Digital Forensics

Course Title: Computer Forensic Specialist: Data and Image Files

Digital Forensics & e-discovery Services

I. PREREQUISITES For information regarding prerequisites for this course, please refer to the Academic Course Catalog.

MSc Computer Security and Forensics. Examinations for / Semester 1

The Proper Acquisition, Preservation, & Analysis of Computer Evidence: Guidelines & Best-Practices

Understanding ediscovery and Electronically Stored Information (ESI)

Impact of Digital Forensics Training on Computer Incident Response Techniques

Services. Computer Forensic Investigations

Case Study: Smart Phone Deleted Data Recovery

information security and its Describe what drives the need for information security.

COMPUTER FORENSICS (EFFECTIVE ) ACTIVITY/COURSE CODE: 5374 (COURSE WILL BE LISTED IN THE CATE STUDENT REPORTING PROCEDURES MANUAL)

Digital Forensic Techniques

70250 Graduate Certificate in Digital Forensics

Regional Computer Forensic Laboratory & Digital Forensics. Presented By: D. Justin Price FBI - Philadelphia Computer Analysis Response Team

DIGITAL FORENSIC INVESTIGATION, COLLECTION AND PRESERVATION OF DIGITAL EVIDENCE. Vahidin Đaltur, Kemal Hajdarević,

Chapter 7 Securing Information Systems

CTC 328: Computer Forensics

Modern Digital Forensics!!

Track 2: Introductory Track PREREQUISITE: BASIC COMPUTER EXPERIENCE

Ricoh Legal. Live Data Acquisition: The New Default Standard for Capturing ESI?

Developing Computer Forensics Solutions for Terabyte Investigations

The Role of Digital Forensics within a Corporate Organization

ITM 642: Digital Forensics Sanjay Goel School of Business University at Albany, State University of New York

Legal Framework to Combat Cyber Crimes in the Region: Qatar as a Model. Judge Dr. Ehab Elsonbaty Cyber Crime expert ehabelsonbaty@hotmail.

MCOLES Information and Tracking Network. Security Policy. Version 2.0

JAMES R. SWAUGER Digital Forensic Examiner

Lecture outline. Computer Forensics and Digital Investigation. Defining the word forensic. Defining Computer forensics. The Digital Investigation


Introduction to Network Security Comptia Security+ Exam. Computer Forensics. Evidence. Domain 5 Computer Forensics

Digital Forensics Tutorials Acquiring an Image with FTK Imager

CURRICULUM VITAE JAMES R. SWAUGER Digital Forensic Examiner

WILLIAM OETTINGER PHONE (702)

About Your Presenter. Digital Forensics For Attorneys. Overview of Digital Forensics

Future of Digital Forensics: A Survey of Available Training

Digital Forensics: The aftermath of hacking attacks. AHK Committee Meeting April 19 th, 2015 Eng. Jamal Abdulhaq Logos Networking FZ LLC

Computer Forensics and What Is, and Is Not, There on Your Client s Computer. Rick Lavaty, Computer Systems Administrator, District of Arizona

S. Robert Radus, CPA CFE PI Curricula Vitae. Examination of plaintiff, respondent, and defendant books and records to determine:

CSI Crime Scene Investigations

Spoliation of Evidence. Prepared for:

To Catch a Thief II: Computer Forensics in the Classroom

What is Digital Forensics?

Digital Forensics, ediscovery and Electronic Evidence

Large Scale Cloud Forensics

3 "C" Words You Need to Know: Custody - Control - Cloud

Computer Forensics as an Integral Component of the Information Security Enterprise

BEST PRACTICES FOR A COLLECTION OF AN IOS MOBILE DEVICE

CYBER FORENSICS. KRISHNA SASTRY PENDYALA Cyber Forensic Division Central Forensic Science Laboratory Hyderabad.

Xact Data Discovery. Xact Data Discovery. Xact Data Discovery. Xact Data Discovery. ediscovery for DUMMIES LAWYERS. MDLA TTS August 23, 2013

Reduce Cost and Risk during Discovery E-DISCOVERY GLOSSARY

Computer Forensic Capabilities

EnCase Portable. Extend Your Forensic Reach with Powerful Triage & Data Collection

Page 1 of 5 Position Code #P Forensic Identification - Technological Crimes Unit ASSOCIATION: Civilian LOCATION: Headquarters

FedVTE Training Catalog SPRING advance. Free cybersecurity training for government personnel. fedvte.usalearning.gov

Comprehensive Digital Forensic Solutions

What You Should Know About ediscovery

EnCase 7 - Basic + Intermediate Topics

Overview of Computer Forensics

EPA Classification No.: CIO 2155-P-3.0 CIO Approval Date: 04/04/2014 CIO Transmittal No.: Review Date: 04/04/2017

How to Avoid The Biggest Electronic Evidence Mistakes. Ken Jones Senior Technology Architect Pileum Corporation

InfoSec Academy Pen Testing & Hacking Track

Computer Forensics Today

ELECTRONIC DISCOVERY. Dawn M. Curry

Case Study: Mobile Device Forensics in Texting and Driving Cases

Transcription:

Cyber Security Training & Consulting Certified Digital COURSE OVERVIEW 5 Days 40 CPE Credits $3,000 Digital is the investigation and recovery of data contained in digital devices. This data is often the subject of investigations in litigation, proof of guilt, and corrective action in an organization. When the time comes that you need to investigate your organization, will you have the skill set necessary to gather the digital data that you need? The Certified Digital course will benefit organizations, individuals, government offices, and law enforcement agencies in performing these investigations and reporting their findings. To illustrate, let s say an employee needs to be terminated for a violation of computer usage rules. To do so the organization must furnish an irrefutable burden of proof based on digital evidence. If not irrefutable, an attorney knowledgeable about Digital could have the case thrown out of court. Government and investigative agencies need proper training to succeed in cases like the above as well as those including acts of fraud, computer misuse, illegal pornography, counterfeiting, and so forth. A C)DFE is aptly prepared to handle these types of situations. UPON COMPLETION Students will: Have knowledge to perform digital forensic examinations Have knowledge to accurately report on their findings from examinations Be ready to sit for the C)DFE Exam COURSE CONTENT C)DFE TRACK Professional Roles: Forensic Auditor IT Auditor Law Enforcement Internal Auditor Prerequisites: C)SS: Security Sentinel C)ISSO: Information Systems Security Officer Or equivalent experience C)DFE Exam: 2 Hours 100 Questions $300 USD Purchase on mile2.com Advanced Course: C)NFE: Network Module 1: Introduction Module 2: Computer Forensic Incidents Module 3: Investigation Process Module 4: Disk Storage Concepts Module 5: Digital Acquisition & Analysis Module 6: Forensic Examination Protocols Module 7: Digital Evidence Protocols Module 8: CFI Theory Module 9: Digital Evidence Presentation Module 10: Computer Forensic Laboratory Protocols Module 11: Computer Forensic Processing Module 12: Digital Reporting Module 13: Specialized Artifact Recovery Module 14: e-discovery and ESI Module 15: Cell Phone Module 16: USB Module 17: Incident Handling Appendix 1: PDA Appendix 2: Investigating Harassment Lab 1: Preparing Forensic Workstation Lab 2: Chain of Custody Lab 3: Imaging Case Evidence / FTK Manager Lab 4: Reviewing Evidence / Access Data Tools Review and Exam

Page No. 2 COURSE HISTORY Computer as a field was born and developed by U.S. federal law enforcement agents during the mid to late 1980s. New techniques were needed to meet the challenges of white-collar crimes being committed with the assistance of a PC. By 1985 enforcement agents were being trained in the automated environment and by 1989 software and protocols were beginning to emerge in the discipline. Mile2 originally had two forensics courses: CFED (Computer and Electronic Discovery) and AFCT (Advanced Computer Techniques). These courses and related materials were created by practitioners in the forensics field. In 2008 CFED and AFCT were combined into the CDFE course. Course content and materials are updated regularly to keep up with technology and concepts in the digital forensics field. ABOUT THE AUTHOR Johnny Justice has been working with computers since 2005. He has been in the U.S. Army for over 13 years working as a Counterintelligence Agent (Computer, 8 years). He has taught Introduction to UNIX/LINUX, Network Essentials, and Theories and Application / Digital Technology. Johnny has developed courseware and training materials as well as presented these materials in the classroom. Johnny is working with an IT Security company to create an Online Learning Management System that provides training for IT Certifications (i.e. CompTIA, Cisco, Microsoft, ISC2 and Mile2). Johnny holds a variety of certifications: C)DFE, CEI, CSSA, ECSA, CHFI, Linux+, and CEH. He co-authored the 2012 update to the Certified Digital course and the 2013 Certified Network at Mile2. He graduated from American Military University in May 2008 with a Bachelor's of Science degree in Information Technology Management. Also, he graduated Magna Cum-Laude in 2012 from Nova Southeastern University with a Master s of Science degree in Computer Science Education. EXAM INFORMATION The Certified Digital exam is taken online through Mile2 s Assessment and Certification System ( MACS ), which is accessible on your mile2.com account. The exam will take 2 hours and consist of 100 multiple choice questions. The cost is $300 USD and must be purchased from

Page No. 3 DETAILED LAB DESCRIPTION Labs 1-4 Objective Summary Recovering electronically stored data for civil litigation Recovering, categorizing and analyzing data Hiding and discovering potential evidence Investigating a misappropriations of proprietary information complaints Bit-by-bit imaging digital media and preserving the integrity of the image Identifying and reconstructing information within various file systems Conducting an investigation into a complaint of sexual harassment Understanding anti-forensics and steganography Discover how a computer has been used and learn: What websites have been visited? What data has been deleted, and why? What data is stored on the hard drive? What e-mails have been sent and received? Has data been copied off of the computer? Lab 1 - Preparing Forensic Workstations AccessData FTK Imager Installation AccessData FTK Installation KFF Library Database Installation AccessData Registry Viewer Installation AccessData Password Recovery Toolkit Installation Lab 2 - Chain of Custody Chain of Custody Search and Seizure Chain of Custody Forensic Imaging Lab 3 - Imaging Case Evidence / FTK Imager Lab 4 - Reviewing Evidence / AccessData Tools Creating a Case in AccessData Forensic Toolkit Review Evidence in AccessData FTK Imager Review Software File in AccessData Registry View Review System File in AccessData Registry Viewer Review SAM File in AccessData Registry Viewer DETAILED MODULE DESCRIPTION Module 1 - Introduction Introductions (Instructor) Introductions (Students) Disclaimers Notice Course Schedule Student Guide (Layout) Introduction to Computer Course Objectives Module 2 Computer Forensic Incidents The Legal System Criminal Incidents Civil Incidents Computer Fraud Internal Threats Investigative Challenges Common Frame of Reference Media Volume Module 3 - Investigation Process Investigating Computer Crimes Prior to the Investigation Workstation Building Your Team of Investigators Preparing for an Investigation Search Warrant Forensic Photography Preliminary Information First Responder Collecting Physical Evidence Collecting Electronic Evidence Guideline for Acquiring Electronic Evidence Securing the Evidence Managing the Evidence Chain of Custody Duplicate the Data Verify the Integrity of the Image Who is involved in Computer? Decision Makers and Authorization

Page No. 4 Risk Assessment Forensic Investigation Toolkit Investigation Methodology Recover Last Data Data Analysis Data Analysis Tools Assessing the Evidence Assessing the Case Location Assessment Best Practices Documentation Gathering and Organizing Information Writing the Report Expert Witness Closing the Case Module 4 - OS Disk Storage Concepts Disk Based Operating Systems OS / File Storage Concepts Disk Storage Concepts Module 5 Digital Acquisition and Analysis Digital Acquisition Digital Acquisition Procedures Digital Forensic Analysis Tools Module 6 - Forensic Examination Protocols Forensic Examination Protocols Forensic Examination Module 7 - Digital Evidence Protocols Digital Evidence Concepts Digital Evidence Categories Digital Evidence: Admissibility Module 8 Computer Forensic Investigative Theory Computer Forensic Investigative Theory Module 9 - Digital Evidence Presentation Digital Evidence Presentation Digital Evidence Digital Evidence: Hearsay Digital Evidence: Summary Module 10 - Computer Lab Protocols Overview Reports Peer Review Who should review? Peer Review Consistency Accuracy Research Validation Quality Assurance Standard Operating Procedures Relevance Peer Review Annual Review Deviation Lab Intake Tracking Storage Discovery Module 11 - Computer Processing Techniques Computer Forensic Processing Techniques Module 12 - Digital Reporting Analysis Report Definition Computer Sciences Ten Laws of Good Report Writing Request Summary of Findings Forensic Examination Tools Evidence Cover Page Table of Contents Examination Report

Page No. 5 Background Items of Evidence Analysis Findings Conclusion Exhibits Signatures Module 13 - Specialized Artifact Recovery Prep System Stage Background Overview Prep System Stage Windows File Date/Time Stamps File Signatures Image File Databases The Windows OS Windows Registry Alternate Data Streams Windows Unique ID Numbers Decode GUID's Historical Files Windows Recycle Bin Copy out INFO2 for Analysis Web E-mail Module 14 - ediscovery and ESI ediscovery Discoverable ESI Material ediscovery Notification Required Disclosure ediscovery Conference Preserving Information ediscovery Liaison ediscovery Products Metadata What is Metadata? Data Retention Architecture Safe Harbor Rule 37(f) ediscovery Spoliation Tools for ediscovery Module 15 - Cell Phone Cell Phones Types of Cell Networks What can a criminal do with Cell Phones? Cell Phone Information in Cell Phones Subscriber Identity Module (SIM) Integrated Circuit Card Identification (ICCID) International Mobile Equipment Identifier (IMEI) Electronic Seal Number (ESN) Helpful Hints for the Investigation Things to Remember when Collecting Evidence Acquire Data from SIM Cards SIM Cards Cell Phone Memory Analyze Information Analyze Cell Phone Forensic Tools Device and SIM Card Seizure Cell Phone Analyzer Tools Forensic Card Reader ForensicSIM Tool Forensic Challenges Paraben Hardware Paraben: Remote Charger Paraben: Device Seizure Toolbox Paraben: Wireless Stronghold Tent Paraben: Passport Stronghold Bag Paraben: Project-a-phone Paraben: SATA Adapter Paraben: Lockdown Paraben: SIM Card Reader Paraben: Sony Clie Paraben: CSI Stick Paraben: USB Serial DB9 Adapter Paraben: P2 Commander Module 16 - USB USB Components USB USB Investigation Determine USB Device Connected Tools for USB Imaging Module 17 - Incident Handling Incident Handling Defined What is a security event? Common Security Events of Interest What is a security incident?

Page No. 6 What is an incident response plan? When does the plan get initiated? Common Goals of Incident Response Management Incident Handling Steps Goal Be Prepared The Incident Response Plan Incident Handling Incident Response Plan Roles of the Incident Response Team Incident Response Team Makeup Challenges of building an IRT Incident Response Training and Awareness Jump Kit Restore System(s) to Operation Goal Report Findings Restore System Verify Appendix 1 - PDA Personal Digital Assistants Characteristics Palm OS Palm OS Architecture Pocket PC Windows Mobile Architecture Linux-based PDAs Linux OS for PDAs-Architecture Typical PDA State Security Issues ActiveSync and HotSync PDA Forensic Steps Tips for Conducting the Investigation PDA Forensic Tools Countermeasures Appendix 2 - Investigating Harassment Sexual Harassment Overview Examples of Sexual Harassment What it is not? Approach of General Investigation Conduct Your Investigation Preventative Action

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information