This Outline has been updated. Please follow this link.
Overview
It is estimated that over 85% of all crimes committed today leave a trail of digital evidence. The Computer Forensics and Electronic Discovery (DFED) training Course is designed to train “Cybercrime Investigators” in electronic discovery and the fundamentals of conducting an effective computer forensic examination. This Course is essential to law enforcement and corporate personnel who encounter digital evidence while conducting an investigation. The training environment is interactive and the students work on case files in a hands-on environment. Upon completion of the Course, students will have obtained the knowledge to immediately begin using their new skills to conduct a computer forensic examination.
The benefits to law enforcement and the military are obvious. On the other hand, corporate IT personnel will use the skills gained to identify and remedy vulnerabilities that have been exploited so as to eliminate the problem. Additionally in many cases the techniques used may help identify the perpetrator for referral to law enforcement for prosecution. There are many job descriptions that will benefit from this training depending on industry segment – general network administration, law enforcement, insurance investigations, litigation support and criminal defense to name a few.
Our curriculum was developed by John A. Sgromolo, former Course Director for the Computer Crime curriculum at the Institute of Police Technology and Management at the University of North Florida, located in Jacksonville. Mr. Sgromolo, a pioneer in computer forensics, is a former Special Agent with the Naval Criminal Investigative Service. He was responsible for coordinating all computer crime general investigations at the Norfolk Field Office. In his capacity as Course Director for IPTM, Mr. Sgromolo was responsible for teaching hundreds of law enforcement officers nationwide the intricacies of computer crime investigations. |
A 5-day DFED & ADFT bootcamp is also available.
Prerequisites
The “Computer Forensics and Electronic Discovery” Course is specifically designed for corporate and government personnel who, in the performance of their duties, may be asked to conduct a basic digital forensic examination of digital media. Students desiring to attend the “Computer Forensics and Electronic Discovery” course should possess an average knowledge of how to operate a modern personal computer running the MS Windows® operating system. Additionally, though not a requirement, the student should possess an average knowledge of how to use e-mail, word-processing, spreadsheet and MS PowerPoint® software programs. Upon completion of this Course, the student will receive the knowledge necessary to properly place a computer or digital device into evidence custody and conduct a basic digital forensic examination of digital media. |
Certification
Upon completion of the Advanced Digital Forensic Techniques class or the CFED/ACFT bootcamp, students will be able to attempt the following examinations:
General Public or Law Enforcement
Certified Computer Examiner (CCE)® through ISFCE - (This Examination can be taken after the Course as an option.)
Law Enforcement Only
External Certified Forensic Computer Examiner process (CFCE) through the International Association of Computer Investigative Specialists. |
Student Materials
Students will receive the following items during the training program: |
- A 300-page comprehensive computer forensic student guide and
investigative resource materials.
- A CD-ROM containing GUI-based Windows data examination
software with a " live" casefile.
- Upon passing practical and written examinations, a
Certification parchment.
|
Outline
The following lessons will be covered during this Course:
Introduction to Computer Crime
This is an introduction to the field of computer forensics and the basis for gathering electronic digital artifacts. Students are introduced to the concepts, situations and personalities they may encounter while investigating a computer incident. The origins of computer crimes and how they are investigated set the stage for the following lessons.
Disk Storage Concepts
Having a clear understanding of how data is stored is having the upper hand during any investigation. Microsoft operating systems have a systematic way of storing data that is unknown to most end users; here you will learn hard drive storage dynamics. Although information may not physically be visible, there are many different approaches to recovering or viewing the data that appears to be lost. DOS, Windows 3.x, 95/98/NT/2000/XP operating systems and file management are covered in this lesson.
Forensic Examination
Techniques and protocols utilized by U.S. computer forensic examiners and laboratories are covered. This is a detailed review of standard and advanced procedures and how you can effectively implement these procedures into your organization. These proven techniques have been the most effective since the inception of computer crimes.
Electronic Discovery and Digital Evidence
Students learn recovery methods of digital artifacts from various file structures. The footprints that are left behind with every keystroke are covered. Exercises detail what to look for, as well as the various techniques for retrieving the information in a forensically sound manner.
Tools of the Trade
Multiple software and hardware solutions are covered during this session. Students learn about the numerous tools available to them in a vendor neutral environment. A clear understanding of what the tools do and how they work is presented in layman’s terms. Gaining a clear understanding of what forensic tools do and how they work is a crucial part of any investigation, especially if it goes to trial.
Seizure Concepts
Proper seizure of digital media is the start of every computer investigation. Students learn the correct protocol (as set by the U.S. Department of Justice) to assure proper “Chain of Custody” is followed from the beginning of the investigation. This crucial information can make or break a case; first responders must properly handle the evidence and start the correct chain of custody.
Cyber-terrorism and Internet Investigations
Students are exposed to possible threats to their infrastructure and learn to effectively combat cyber-terrorism. National and corporate infrastructures are a target for terrorism because of the impact they have on the economy. These are hands-on exercises whereby students learn to identify digital Internet artifacts left by potential cyber-terrorists. Students also learn pro-active measures to counter the threat of cyber-terrorism and conduct Internet-based inquiries.
Electronic Discovery, Acquisition and Analysis Laboratory
Students acquire and analyze digital evidence using specialized forensic tools. Proper authentication and analysis skills are taught using advanced forensic utilities and software tools. This is a hands-on laboratory requiring students to utilize the proper tools and procedures to conduct a forensically sound examination of digital media. Students are required to properly authenticate and analyze digital evidence during this exercise.
Presentation of Digital Evidence
Students are introduced to aspects of presenting digital evidence in a courtroom environment. They are exposed to the specialized tools necessary to effectively create and present the results of a cybercrime investigation to an administrative body or court of law. Both civil and criminal incidents are covered during this lesson. |
