mile2® Store

C)DFE Digital


Course Overview

5 Days $3,000 40 CPE Credits

Digital Forensics is the investigation and recovery of data contained in digital devices. This data is often the subject of investigations in litigation, proof of guilt, and corrective action in an organization. When the time comes that you need to investigate your organization, will you have the skill set necessary to gather the digital data that you need? The Certified Digital Forensics Examiner course will benefit organizations, individuals, government offices, and law enforcement agencies in performing these investigations and reporting their findings.

To illustrate, let’s say an employee needs to be terminated for a violation of computer usage rules. To do so the organization must furnish an irrefutable burden of proof based on digital evidence. If not irrefutable, an attorney knowledgeable about Digital Forensics could have the case thrown out of court. Government and investigative agencies need proper training to succeed in cases like the above as well as those including acts of fraud, computer misuse, illegal pornography, counterfeiting, and so forth. A C)DFE is aptly prepared to handle these types of situations.


Upon Completion

Students will:

    • Have knowledge to perform digital forensic examinations.
    • Have knowledge to accurately report on their findings from examinations
    • Be ready to sit for the C)DFE Exam


Course Content

With 17 modules and 2 appendices, the C)DFE will bring you up to speed on digital forensics in a fast, effective way.

Click a module or appendix to view its agenda.

1: Introduction

Lesson Objectives
Introductions (Instructor)
Introductions (Students)
Course Schedule
Student Guide (Layout)
Introduction to Computer Forensics
Course Objectives
Lesson Objectives
The Legal System
Criminal Incidents
Civil Incidents
Computer Fraud
Internal Threats
Investigative Challenges
Common Frame of Reference
Media Volume

2: Computer Forensic Incidents

Lesson Objectives
The Legal System
Criminal Incidents
Civil Incidents
Computer Fraud
Internal Threats
Investigative Challenges
Common Frame of Reference
Media Volume

3: Investigation Process

Lesson Objectives
Investigating Computer Crimes
Prior to the Investigation
Forensics Workstation
Building Your Team of Investigators
Who is involved in
Computer Forensics?
Decision Makers and Authorization
Risk Assessment
Forensic Investigation Toolkit
Investigation Methodology
Preparing for an Investigation
Search Warrant
Forensic Photography
Preliminary Information
First Responder
Collecting Physical Evidence
Collecting Electronic Evidence
Guideline for Acquiring Electronic Evidence
Securing the Evidence
Managing the Evidence
Chain of Custody
Duplicate the Data
Verify the Integrity of the Image
Recover Last Data
Data Analysis
Data Analysis Tools
Assessing the Evidence
Assessing the Case
Location Assessment
Best Practices
Gathering and Organizing Information
Writing the Report
Expert Witness
Closing the Case

4: OS Disk Storage Concepts

Lesson Objectives
Disk Based Operating Systems
OS / File Storage Concepts
Disk Storage Concepts
Lesson Objectives
Digital Acquisition
Digital Acquisition Procedures
Digital Forensic Analysis Tools

5: Digital Acquisition and Analysis

Lesson Objectives
Digital Acquisition
Digital Acquisition Procedures
Digital Forensic Analysis Tools

6: Forensic Examination Protocols

Lesson Objectives
Forensic Examination Protocols
Forensic Examination

7: Digital Evidence Protocols

Lesson Objectives
Digital Evidence Concepts
Digital Evidence Categories
Digital Evidence: Admissibility
Lesson Objectives
Computer Forensic Investigative Theory
Lesson Objectives
Digital Evidence Presentation
Digital Evidence
Digital Evidence: Hearsay
Digital Evidence: Summary

8: CFI Theory

Lesson Objectives
Computer Forensic Investigative Theory

9: Digital Evidence Presentation

Lesson Objectives
Digital Evidence Presentation
Digital Evidence
Digital Evidence: Hearsay
Digital Evidence: Summary

10: Computer Forensics Lab Protocols

Lesson Objectives
Quality Assurance
Standard Operating Procedures
Peer Review
Who should review?
Peer Review
Peer Review
Annual Review
Lab Intake

11: CF Processing Techniques

Lesson Objectives
Computer Forensic Processing Techniques

12: Digital Forensics Reporting

Lesson Objectives
Analysis Report
Computer Sciences
Ten Laws of Good Report Writing
Cover Page
Table of Contents
Examination Report
Summary of Findings
Forensic Examination
Items of Evidence

13: Specialized Artifact Recovery

Lesson Objectives
Prep System Stage
Lesson Objectives
Prep System Stage
Windows File Date/Time Stamps
File Signatures
Image File Databases
The Windows OS
Windows Registry
Alternate Data Streams
Windows Unique ID Numbers
Decode GUID's
Historical Files
Windows Recycle Bin
Copy out INFO2 for Analysis
Web E-mail

14: eDiscovery and ESI

Lesson Objectives
Discoverable ESI Material
eDiscovery Notification
Required Disclosure
eDiscovery Conference
Preserving Information
eDiscovery Liaison
eDiscovery Products
What is Metadata?
Data Retention Architecture
“Safe Harbor” Rule 37(f)
eDiscovery Spoliation
Tools for eDiscovery

15: Cell Phone Forensics

Lesson Objectives
Cell Phones
Types of Cell Networks
What can a criminal do with Cell Phones?
Cell Phone Forensics
Forensics Information in Cell Phones
Subscriber Identity< Moduel (SIM)
Integrated Circuit Card Identification (ICCID)
International Mobile Equipment Identifier (IMEI)
Electronic Seal Number (ESN)
Helpful Hints for the Investigation
Things to Remember when Collecting Evidence
Acquire Data from SIM Cards
SIM Cards
Cell Phone Memory
Analyze Information
Cell Phone Forensic Tools
Device and SIM Card Seizure
Cell Phone Analyzer
Forensic Card Reader
ForensicSIM Tool
Forensic Challenges
Paraben Forensics Hardware
Paraben Forensics Hardware
Paraben: Remote Charger
Paraben: Device Seizure Toolbox
Paraben: Wireless Stronghold Tent
Paraben: Passport Stronghold Bag
Paraben: Project-a-phone
Paraben: Project-a-phone
Paraben: SATA Adapter
Paraben: Lockdown
Paraben: SIM Card Reader
Paraben: Sony Clie
Paraben: CSI Stick
Paraben: USB Serial DB9 Adapter
Paraben: P2 Commander

16: USB Forensics

Lesson Objectives
USB Components
USB Forensics
USB Forensics Investigation
Determine USB Device Connected
Tools for USB Imaging

17: Incident Handling

Lesson Objectives
Incident Handling Defined
What is a security event?
Common Security Events of Interest
What is a security incident?
What is an incident response plan?
When does the plan get initiated?
Common Goals of Incident Response Management
Incident Handling Steps
Be Prepared
The Incident Response Plan
Incident Handling
Incident Response Plan
Roles of the Incident Response Team
Incident Response Team Makeup
Challenges of building an IRT
Incident Response Training and Awareness
Jump Kit
Prepare Your Sites and Systems
Identification of an Incident
Basic Incident Response Steps
Proper Evidence Handling
Onsite Response
Secure the Area
Conduct Research
Make Recommendations
Establish Intervals
Capture Digital Evidence
Change Passwords
Determine Cause
Defend Against Follow-on Attacks
More Defenses
Analyze Threat and Vulnerability
Restore System(s) to Operation
Report Findings
Restore System
Monitor Systems
Follow-up Report

A1: PDA Forensics

Lesson Objectives
Personal Digital Assistants
Palm OS
Palm OS Architecture
Pocket PC
Windows Mobile Architecture
Linux-based PDAs
Linux OS for PDAs-Architecture
Typical PDA State
Security Issues
ActiveSync and HotSync
PDA Forensic Steps
Tips for Conducting the Investigation
PDA Forensic Tools

A2: Investigating Harassment

Lesson Objectives
Sexual Harassment Overview
Examples of Sexual Harassment
What it is not?
Approach of General Investigation
Conduct Your Investigation
Preventative Action


Course History

Computer Forensics as a field was born and developed by U.S. federal law enforcement agents during the mid to late 1980s. New techniques were needed to meet the challenges of white-collar crimes being committed with the assistance of a PC. By 1985 enforcement agents were being trained in the automated environment and by 1989 software and protocols were beginning to emerge in the discipline. Mile2 originally had two forensics courses: CFED (Computer Forensics and Electronic Discovery) and AFCT (Advanced Forensics Computer Techniques). These courses and related materials were created by practitioners in the forensics field. In 2008 CFED and AFCT were combined into the CDFE course. Course content and materials are updated regularly to keep up with technology and concepts in the digital forensics field.


About The Author

Johnny Justice has been working with computers since 2005. He has been in the U.S. Army for over 13 years working as a Counterintelligence Agent (Computer Forensics, 8 years). He has taught Introduction to UNIX/LINUX, Network Essentials, and Theories and Application / Digital Technology. Johnny has developed courseware and training materials as well as presented these materials in the classroom. Johnny is working with an IT Security company to create an Online Learning Management System that provides training for IT Certifications (i.e. CompTIA, Cisco, Microsoft, ISC2 and Mile2). Johnny holds a variety of certifications: C)DFE, CEI, CSSA, ECSA, CHFI, Linux+, and CEH. He co-authored the 2012 update to the Certified Digital Forensics Examiner course and the 2013 Certified Network Forensics Examiner at Mile2. He graduated from American Military University in May 2008 with a Bachelor's of Science degree in Information Technology Management. Also, he graduated Magna Cum-Laude in 2012 from Nova Southeastern University with a Master’s of Science degree in Computer Science Education.


Class Format Options

Mile2 offers courses around the year and around the globe. You can attend a course in 3 ways:

    1. Instructor-led Classroom: Attend in person.
    2. Live-virtual Training: Attend the Instructor-led class remotely.
    3. Computer-based Training: Access the course through pre-recorded videos 24/7 at your convenience.


Who Should Attend

The C)DFE course is a digital forensics course teaches people how to perform digital investigations. In order to do this effectively we require students to have a basic proficiency with using computers and an interest in digital forensics. If a student is unsure about whether or not they are ready to take this course, we recommend our C)SS: Certified Secruity Sentinel course as a prerequisite and confidence booster to those just getting into digital forensics and cyber security.

After you complete the C)DFE we encourage you to further develop your digital forensics skill set by taking the C)NFE: Network Forensics Examineer course and certification exam.


Exam Information

The Certified Digital Forensics Examiner exam is taken online through Mile2’s Assessment and Certification System (MACS), which is accessible on your account. The exam will take 2 hours and consist of 100 multiple choice questions. The cost is $400 USD and must be purchased from the store on

Purchase the exam
GTR Classes - C)ISSO 03/14/2016 REGISTER HERE C)PTE 04/04/2016 REGISTER HERE C)DRE 05/02/2016 REGISTER HERE
Toggle Bar