Price: $3395
Duration: 5 Days
Audience:
Level:
Technology: CyberSecurity
Delivery Method:
Software Assurance Value:
Microsoft CPE:
Digital Forensics is the investigation and recovery of data contained in digital devices. This data is often the subject of investigations in litigation, proof of guilt, and corrective action in an organization. When the time comes that you need to investigate your organization, will you have the skill set necessary to gather the digital data that you need? The Certified Digital Forensics Examiner course will benefit organizations, individuals, government offices, and law enforcement agencies in performing these investigations and reporting their findings.
To illustrate, let’s say an employee needs to be terminated for a violation of computer usage rules. To do so the organization must furnish an irrefutable burden of proof based on digital evidence. If not irrefutable, an attorney knowledgeable about Digital Forensics could have the case thrown out of court. Government and investigative agencies need proper training to succeed in cases like the above as well as those including acts of fraud, computer misuse, illegal pornography, counterfeiting, and so forth. A C)DFE is aptly prepared to handle these types of situations.
Upon CompletionStudents will:
Have knowledge to perform digital forensic examinations.
Have knowledge to accurately report on their findings from examinations
Be ready to sit for the C)DFE Exam
Course Content
With 17 modules and 2 appendices, the C)DFE will bring you up to speed on digital forensics in a fast, effective way.
Follow-on Courses:
C)NFE: Network Forensics Examiner
Forensic Auditors
IT Auditors
Law Enforcement
Internal Auditors
Introduction
Lesson Objectives
Introductions (Instructor)
Introductions (Students)
Disclaimers
Notice
Course Schedule
Student Guide (Layout)
Introduction to Computer Forensics
Course Objectives
The Legal System
Criminal Incidents
Civil Incidents
Computer Fraud
Internal Threats
Investigative Challenges
Common Frame of Reference
Media Volume
Computer Forensic Incidents
Investigation Process
Investigating Computer Crimes
Prior to the Investigation
Forensics Workstation
Building Your Team of Investigators
Who is involved in
Computer Forensics?
Decision Makers and Authorization
Risk Assessment
Forensic Investigation Toolkit
Investigation Methodology
Preparing for an Investigation
Search Warrant
Forensic Photography
Preliminary Information
First Responder
Collecting Physical Evidence
Collecting Electronic Evidence
Guideline for Acquiring Electronic Evidence
Securing the Evidence
Managing the Evidence
Chain of Custody
Duplicate the Data
Verify the Integrity of the Image
Recover Last Data
Data Analysis
Data Analysis Tools
Assessing the Evidence
Assessing the Case
Location Assessment
Best Practices
Documentation
Gathering and Organizing Information
Writing the Report
Expert Witness
Closing the Case
OS Disk Storage Concepts
Disk Based Operating Systems
OS / File Storage Concepts
Disk Storage Concepts
Digital Acquisition
Digital Acquisition Procedures
Digital Forensic Analysis Tools
Digital Acquisition and Analysis
Forensic Examination Protocols
Forensic Examination
Digital Evidence Protocols
Digital Evidence Concepts
Digital Evidence Categories
Digital Evidence: Admissibility
Computer Forensic Investigative Theory
Digital Evidence Presentation
Digital Evidence
Digital Evidence: Hearsay
Digital Evidence: Summary
CFI Theory
Computer Forensics Lab Protocols
Overview
Quality Assurance
Standard Operating Procedures
Reports
Peer Review
Who should review?
Consistency
Accuracy
Research
Validation
Relevance
Annual Review
Deviation
Lab Intake
Tracking
Storage
Discovery
CF Processing Techniques
Computer Forensic Processing Techniques
Digital Forensics Reporting
Analysis Report
Definition
Computer Sciences
Ten Laws of Good Report Writing
Cover Page
Table of Contents
Examination Report
Background
Request
Summary of Findings
Tools
Evidence
Items of Evidence
Analysis
Findings
Conclusion
Exhibits
Signatures
Specialized Artifact Recovery
Prep System Stage
Windows File Date/Time Stamps
File Signatures
Image File Databases
The Windows OS
Windows Registry
Alternate Data Streams
Windows Unique ID Numbers
Decode GUID's
Historical Files
Windows Recycle Bin
Copy out INFO2 for Analysis
Web E-mail
eDiscovery and ESI
eDiscovery
Discoverable ESI Material
eDiscovery Notification
Required Disclosure
eDiscovery Conference
Preserving Information
eDiscovery Liaison
eDiscovery Products
Metadata
What is Metadata?
Data Retention Architecture
“Safe Harbor” Rule 37(f)
eDiscovery Spoliation
Tools for eDiscovery
Cell Phone Forensics
Cell Phones
Types of Cell Networks
What can a criminal do with Cell Phones?
Forensics Information in Cell Phones
Subscriber Identity< Moduel (SIM)
Integrated Circuit Card Identification (ICCID)
International Mobile Equipment Identifier (IMEI)
Electronic Seal Number (ESN)
Helpful Hints for the Investigation
Things to Remember when Collecting Evidence
Acquire Data from SIM Cards
SIM Cards
Cell Phone Memory
Analyze Information
Analyze
Cell Phone Forensic Tools
Device and SIM Card Seizure
Cell Phone Analyzer
Forensic Card Reader
ForensicSIM Tool
Forensic Challenges
Paraben Forensics Hardware
Paraben: Remote Charger
Paraben: Device Seizure Toolbox
Paraben: Wireless Stronghold Tent
Paraben: Passport Stronghold Bag
Paraben: Project-a-phone
Paraben: SATA Adapter
Paraben: Lockdown
Paraben: SIM Card Reader
Paraben: Sony Clie
Paraben: CSI Stick
Paraben: USB Serial DB9 Adapter
Paraben: P2 Commander
USB Forensics
USB Components
USB Forensics Investigation
Determine USB Device Connected
Tools for USB Imaging
Incident Handling
Incident Handling Defined
What is a security event?
Common Security Events of Interest
What is a security incident?
What is an incident response plan?
When does the plan get initiated?
Common Goals of Incident Response Management
Incident Handling Steps
Goal
Be Prepared
The Incident Response Plan
Incident Response Plan
Roles of the Incident Response Team
Incident Response Team Makeup
Challenges of building an IRT
Incident Response Training and Awareness
Jump Kit
Prepare Your Sites and Systems
Identification of an Incident
Basic Incident Response Steps
Proper Evidence Handling
Containment
Onsite Response
Secure the Area
Conduct Research
Make Recommendations
Establish Intervals
Capture Digital Evidence
Change Passwords
Determine Cause
Defend Against Follow-on Attacks
More Defenses
Analyze Threat and Vulnerability
Restore System(s) to Operation
Report Findings
Restore System
Verify
Decide
Monitor Systems
Follow-up Report
A1: PDA Forensics
Personal Digital Assistants
Characteristics
Palm OS
Palm OS Architecture
Pocket PC
Windows Mobile Architecture
Linux-based PDAs
Linux OS for PDAs-Architecture
Typical PDA State
Security Issues
ActiveSync and HotSync
PDA Forensic Steps
Tips for Conducting the Investigation
PDA Forensic Tools
Countermeasures
A2: Investigating Harassment
Sexual Harassment Overview
Examples of Sexual Harassment
What it is not?
Approach of General Investigation
Conduct Your Investigation
Preventative Action
C)SS: Security Sentinel
C)ISSO: Information Systems Security Officer
OR Equivalent Experience