Certified Digital Forensics Examiner

  • Print
Key Data
Certified Digital Forensics Examiner Course Description

Course Name:   C)DFE 

Duration:           5 days

Language:         English

Format:  Instructor-led (Lecture and Lab)

Prerequisite:

Experience in using a computer

Student Materials:

  • Student workbook
  • Student reference manual
  • Student Lab Guide
  • Software/ tools DVD

Certification Exam:

  • C)DFE – Certified Digital Forensics Examiner

Certification Track:

  • C)DFE – Certified Digital Forensics Examiner
  • C)PTE – Certified Pen Testing Engineer
  • C)PTC -- Certified Pen Testing Consultant

The Certified Digital Forensics Examiner program is designed to train Cyber Crime and Fraud Investigators whereby students are taught electronic discovery and advanced investigation techniques. This course is essential to anyone encountering digital evidence while conducting an investigation.

 

Benefits Of This Course:

The C)DFE course will benefit organizations, individuals, government offices, and law enforcement agencies interested in pursuing litigation, proof of guilt, or corrective action based on digital evidence.


The C)DFE course will benefit organizations, individuals, government offices, and law enforcement agencies interested in pursuing litigation, proof of guilt, or corrective action based on digital evidence. An example of “corrective action” would be the termination of an employee for a violation of computer usage where digital evidence was needed to support the allegation. The investigator must furnish an irrefutable burden of proof based on that digital evidence. If not irrefutable, an attorney knowledgeable about Computer Forensics could have the case thrown out of court. Government or investigative agencies need proper training to succeed in cases like the above as well as those including acts of fraud, computer misuse, illegal pornography, counterfeiting, and so forth. Mile2’s Certified Digital Forensics Examiner training teaches the methodology for conducting a computer forensic examination. Students will learn to use forensically sound investigative techniques in order to evaluate the scene, collect and document all relevant information, interview appropriate personnel, maintain chain-of-custody, and write a findings report.

 

WHAT DO STUDENTS LEARN?

   The C)DFE training covers a wide range of topics including:

  • Forensic Examination
  • Tools of the trade
  • Seizure Concepts
  • Incident Investigation
  • Fundamentals of conducting an effective computer forensic examination
  • Electronic Discovery and Digital Evidence

 

WHO IS THIS COURSE FOR

Anyone who is or may be to be involved in examining electronic devices for digital artifacts (i.e. evidence) needed for company, legal, or law enforcement investigations.

 

OBJECTIVES COVERED IN LABORATORY SCENARIOS

Recovering electronically stored data for civil litigation

Recovering, categorizing and analyzing data

Hiding and discovering potential evidence

Investigating a misappropriations of proprietary information complaints

Bit-by-bit imaging digital media and preserving the integrity of the image

Identifying and reconstructing information within various file systems

Conducting an investigation into a complaint of sexual harassment

Understanding anti-forensics and steganography
          Discover how a computer has been used and learn:
          What websites have been visited?
          What data has been deleted, and why?
          What data is stored on the hard drive?
          What e-mails have been sent and received?

          Has data been copied off of the computer?


COURSE HISTORY

Computer Forensics as a field was born and developed by U.S. federal law enforcement agents during the mid to late 1980s. New techniques were needed to meet the challenges of white-collar crimes being committed with the assistance of a PC. By 1985 enforcement agents were being trained in the automated environment and by 1989 software and protocols were beginning to emerge in the discipline. mile2’s originally had two forensics related courses: CFED (Computer Forensics and Electronic Discovery) and AFCT (Advanced Forensics Computer Techniques). These courses and related materials were created by practitioners in the forensics field. In 2008 CFED and AFCT were combined into the C)DFE course. Course content and materials are updated periodically to keep up with technology and concepts in the digital forensics field.

UPON COMPLETION

Certified Digital Forensics Examiner graduates obtain real world computer forensic knowledge that will help them recognize, seize, preserve and present digital evidence. Mile2’s computer forensic graduates gain the skills and knowledge to perform forensically sound computer examinations and to clearly and accurately report on their findings. Students will also be able to confidently attempt mile2’s Certified Digital Forensics Examiner certification exam.


Certified Digital Forensics Examiner Module Topics:


Module 1: Introduction
Module 2: Computer Forensic Incidents
Module 3: Investigation Process
Module 4: Disk Storage Concepts
Module 5: Digital Acquisition & Analysis
Module 6: Forensic Examination Protocols
Module 7: Digital Evidence Protocols
Module 8: CFI Theory
Module 9: Digital Evidence Presentation
Module 10: Computer Forensic Laboratory Protocols
Module 11: Computer Forensic Processing Techniques
Module 12: Digital Forensics Reporting
Module 13: Specialized Artifact Recovery
Module 14: e-Discovery and ESI
Module 15: Cell Phone Forensics
Module 16: USB Forensics
Module 17: Incident Handling
Appendix 1: PDA Forensics
Appendix 2: Investigating Harassment


Module 1 – Introduction

  • Lesson Objectives
  • Introductions (Instructor)
  • Introductions (Students)
  • Disclaimers
  • Notice
  • Course Schedule
  • Student Guide (Layout)
  • Introduction to Computer Forensics
  • Course Objectives
  • Lesson Objectives
  • The Legal System
  • Criminal Incidents
  • Civil Incidents
  • Computer Fraud
  • Internal Threats
  • Investigative Challenges
  • Common Frame of Reference
  • Media Volume

Module 2 - Computer Forensic Incidents

  • Lesson Objectives
  • The Legal System
  • Criminal Incidents
  • Civil Incidents
  • Computer Fraud
  • Internal Threats
  • Investigative Challenges
  • Common Frame of Reference
  • Media Volume

Module 3 – Investigation Process

  • Lesson Objectives
  • Investigating Computer Crimes
  • Prior to the Investigation
  • Forensics Workstation
  • Building Your Team of Investigators
  • Who is involved in
    Computer Forensics?
  • Decision Makers and Authorization
  • Risk Assessment
  • Forensic Investigation Toolkit
  • Investigation Methodology
  • Preparing for an Investigation
  • Search Warrant
  • Forensic Photography
  • Preliminary Information
  • First Responder
  • Collecting Physical Evidence
  • Collecting Electronic Evidence
  • Guideline for Acquiring Electronic Evidence
  • Securing the Evidence
  • Managing the Evidence
  • Chain of Custody
  • Duplicate the Data
  • Verify the Integrity of the Image
  • Recover Last Data
  • Data Analysis
  • Data Analysis Tools
  • Assessing the Evidence
  • Assessing the Case
  • Location Assessment
  • Best Practices
  • Documentation
  • Gathering and Organizing Information
  • Writing the Report
  • Expert Witness
  • Closing the Case

 

Module 4 - OS Disk Storage Concepts

  • Lesson Objectives
  • Disk Based Operating Systems
  • OS / File Storage Concepts
  • Disk Storage Concepts
  • Lesson Objectives
  • Digital Acquisition
  • Digital Acquisition Procedures
  • Digital Forensic Analysis Tools

Module 5- Digital Acquisition and Analysis

  • Lesson Objectives
  • Digital Acquisition
  • Digital Acquisition Procedures
  • Digital Forensic Analysis Tools

Module 6 - Forensic Examination Protocols

  • Lesson Objectives
  • Forensic Examination Protocols
  • Forensic Examination

Module 7 - Digital Evidence Protocols

  • Lesson Objectives
  • Digital Evidence Concepts
  • Digital Evidence Categories
  • Digital Evidence: Admissibility
  • Lesson Objectives
  • Computer Forensic Investigative Theory
  • Lesson Objectives
  • Digital Evidence Presentation
  • Digital Evidence
  • Digital Evidence: Hearsay
  • Digital Evidence: Summary

Module 8 - CFI Theory

  • Lesson Objectives
  • Computer Forensic Investigative Theory

Module 9 - Digital Evidence Presentation

  • Lesson Objectives
  • Digital Evidence Presentation
  • Digital Evidence
  • Digital Evidence: Hearsay
  • Digital Evidence: Summary

Module 10 Computer Forensics Lab Protocols

  • Lesson Objectives
  • Overview
  • Quality Assurance
  • Standard Operating Procedures
  • Reports
  • Peer Review
  • Who should review?
  • Peer Review
  • Consistency
  • Accuracy
  • Research
  • Validation
  • Relevance
  • Peer Review
  • Annual Review
  • Deviation
  • Lab Intake
  • Tracking
  • Storage
  • Discovery

Module 11 CF Processing Techniques

  • Lesson Objectives
  • Computer Forensic Processing Techniques

Module 12 - Digital Forensics Reporting

  • Lesson Objectives
  • Analysis Report
  • Definition
  • Computer Sciences
  • Ten Laws of Good Report Writing
  • Cover Page
  • Table of Contents
  • Examination Report
  • Background
  • Request
  • Summary of Findings
  • Forensic Examination
  • Tools
  • Evidence
  • Items of Evidence
  • Analysis
  • Findings
  • Conclusion
  • Exhibits
  • Signatures

Module 13 - Specialized Artifact Recovery

  • Lesson Objectives
  • Prep System Stage
  • Lesson Objectives
  • Background
  • Overview
  • Prep System Stage
  • Windows File Date/Time Stamps
  • File Signatures
  • Image File Databases
  • The Windows OS
  • Windows Registry
  • Alternate Data Streams
  • Windows Unique ID Numbers
  • Decode GUID's
  • Historical Files
  • Windows Recycle Bin
  • Copy out INFO2 for Analysis
  • Web E-mail

Module 14 - eDiscovery and  ESI

  • Lesson Objectives
  • eDiscovery
  • Discoverable ESI Material
  • eDiscovery Notification
  • Required Disclosure
  • eDiscovery Conference
  • Preserving Information
  • eDiscovery Liaison
  • eDiscovery Products
  • Metadata
  • What is Metadata?
  • Data Retention Architecture
  • “Safe Harbor” Rule 37(f)
  • eDiscovery Spoliation
  • Tools for eDiscovery

Module 15 - Cell Phone Forensics

  • Lesson Objectives
  • Cell Phones
  • Types of Cell Networks
  • What can a criminal do with Cell Phones?
  • Cell Phone Forensics
  • Forensics Information in Cell Phones
  • Subscriber Identity Module (SIM)
  • Integrated Circuit Card Identification (ICCID)
  • International Mobile Equipment Identifier (IMEI)
  • Electronic Seal Number (ESN)
  • Helpful Hints for the Investigation
  • Things to Remember when Collecting Evidence
  • Acquire Data from SIM Cards
  • SIM Cards
  • Cell Phone Memory
  • Analyze Information
  • Analyze
  • Cell Phone Forensic Tools
  • Device and SIM Card Seizure
  • Cell Phone Analyzer
  • Tools
  • Forensic Card Reader
  • ForensicSIM Tool
  • Forensic Challenges
  • Paraben Forensics Hardware
  • Paraben Forensics Hardware
  • Paraben: Remote Charger
  • Paraben: Device Seizure Toolbox
  • Paraben: Wireless Stronghold Tent
  • Paraben: Passport Stronghold Bag
  • Paraben: Project-a-phone
  • Paraben: Project-a-phone
  • Paraben: SATA Adapter
  • Paraben: Lockdown
  • Paraben: SIM Card Reader
  • Paraben: Sony Clie
  • Paraben: CSI Stick
  • Paraben: USB Serial DB9 Adapter
  • Paraben: P2 Commander

Module 16 - USB Forensics

  • Lesson Objectives
  • USB Components
  • USB Forensics
  • USB Forensics Investigation
  • Determine USB Device Connected
  • Tools for USB Imaging

Module 17 - Incident Handling      

  • Lesson Objectives
  • Incident Handling Defined
  • What is a security event?
  • Common Security Events of Interest
  • What is a security incident?
  • What is an incident response plan?
  • When does the plan get initiated?
  • Common Goals of Incident Response Management
  • Incident Handling Steps
  • Goal
  • Be Prepared
  • The Incident Response Plan
  • Incident Handling
  • Incident Response Plan
  • Roles of the Incident Response Team
  • Incident Response Team Makeup
  • Challenges of building an IRT
  • Incident Response Training and Awareness
  • Jump Kit
  • Prepare Your Sites and Systems
  • Goal
  • Identification of an Incident
  • Basic Incident Response Steps
  • Proper Evidence Handling
  • Goal
  • Containment
  • Onsite Response
  • Secure the Area
  • Conduct Research
  • Make Recommendations
  • Establish Intervals
  • Capture Digital Evidence
  • Change Passwords
  • Goal
  • Determine Cause
  • Defend Against Follow-on Attacks
  • More Defenses
  • Analyze Threat and Vulnerability
  • Restore System(s) to Operation
  • Goal
  • Report Findings
  • Restore System
  • Verify
  • Decide
  • Monitor Systems
  • Goal
  • Follow-up Report

Appendix 1 - PDA Forensics

  • Lesson Objectives
  • Personal Digital Assistants
  • Characteristics
  • Palm OS
  • Palm OS Architecture
  • Pocket PC
  • Windows Mobile Architecture
  • Linux-based PDAs
  • Linux OS for PDAs-Architecture
  • Typical PDA State
  • Security Issues
  • ActiveSync and HotSync
  • PDA Forensic Steps
  • Tips for Conducting the Investigation
  • PDA Forensic Tools
  • Countermeasures

Appendix 2 - Investigating Harassment

  • Lesson Objectives
  • Sexual Harassment Overview
  • Examples of Sexual Harassment
  • What it is not?
  • Approach of General Investigation
  • Conduct Your Investigation
  • Preventative Action

 

 

Register For This Class
Order a Video
buy-now-icons-question

        

 

 

Also available as:

LIVE REMOTE TRAINING

Attend live class from anywhere in the world!

  • Live Presentations with Powerful functionality that delivers easy viewing of slides and other documents, shared Internet access, virtual whiteboard, and a media center all through an easy-to-use toolbar.
  • Application, file, and desktop sharing enable you to view live demonstrations.
  • Dedicated high spec remote PC per student with full access as if you are sitting in-front of the PC in the classroom.
  • Instructor views each students session when you perform your hands on labs, the instructor can access your remote system to demonstrate and assist while you sit back to absorb the classroom style mentoring you expect.
  • Public and private text chat allows for increased interactivity between students and instructor