Computer Forensics Training


Real-world experience for one of the fastest-growing careers in technology. Learn how to find evidence on computers, phones, and even cameras. See the dark side of computer crime, get a free forensics kit and leave certified


Computer Forensics Course Overview


CCFE included
CCFP included


Course updated in 2016!

InfoSec Institute is proud to offer the Computer Forensics Boot Camp. Accelerated and taught in six (6) days, this in-depth course teaches students critical techniques and information of computer crime through use of the most popular computer forensic software.   

Our Computer Forensics Boot Camp prepares students for the two industry recognized computer forensic certifications, the IACRB Certified Computer Forensics Examiner (CCFE) and (ISC)2 Certified Cyber Forensics Professional (CCFP). You are prepared for the certification examinations by teaching the necessary skills to recognize the overwhelming number of computer threats and crime. In addition, we teach how to investigate computer crime.

The CCFE certification is not only offered to individuals involved in cyber crime and law enforcement but to those who meet certain requirements and experience. To give students the opportunity to gain the most out of our Computer Forensics Boot Camp, we offer the ability to take the initial part of the CCFE exam on-site.

The CCFP credential indicates expertise in forensics techniques and procedures, standards of practice, and legal and ethical principles to assure accurate, complete, and reliable digital evidence admissible in a court of law. It also indicates the ability to apply forensics to other information security disciplines, such as e-discovery, malware analysis, or incident response. Our Computer Forensics Boot Camp, created and led by experienced CCFP-certified professionals, provides a comprehensive coverage of the six domains of the (ISC)2 CCFP CBK:

  • Legal and Ethical Principles
  • Investigations
  • Forensic Science
  • Digital Forensics
  • Application Forensics
  • Hybrid and Emerging Technologies


Course Objectives

Upon the completion of our Computer Forensics Boot Camp, students will know how to:

  • Firmly understand the provisions of IT law
  • Learn complex technical concepts
  • Successfully define evidence-handling procedures
  • Functionally design and outline procedures related to incident response strategies
  • Comprehend the general rules of evidence




  • 93%+ Pass Rate
  • 2 certifications! (nobody else offers both)
  • On-site CCFE exam proctoring
  • Over $1500 in tools & software(details)
"Jeremy is a genius. I'm glad he is on our side. I would take another course with InfoSec in a heartbeat."

Jason P.


Course Benefits and Goals

InfoSec Institute’s Computer Forensics Boot Camp is quite unique in offering an immersion into computer crime and investigations, while preparing for a very practical, hands-on certification exam.


Only InfoSec Institute’s Computer Forensics Boot Camp offers you the following benefits:

  • 5 full days of intense expert instruction and review with a master of forensics
  • Expert instruction from a CCFP-certified instructor
  • Hands-on exposure to the full range of computer forensics tools
  • State of the art facilities
  • Individual examiner workstations
  • Possibility to include a fully licensed version of Paraben’s P2 Commander in specific student registration packages (P2 commander is not available on all registration packages).
  • Vouchers for the rigorous CCFE and CCFP exams are included
  • Lunch and snacks provided on each day of class









  • Discover proven investigative strategies and define proper evidence-handling procedures
  • Develop the skills to track an offender on the Internet
  • Learn how to work with law enforcement and how to design an incident response strategy
  • The IACRB community provides you with:
          --- Access to knowledge sharing
           -- New technology reviews
          --- Educational updates
          --- Networking with Forensics Experts with up to 20 Years Experience





The TOTAL Immersion Experience

The classroom training is typically highly structured and rigid; an intense week of instructor led, practical, hands-on training. Typically long days provide an intense week of submersion into computer forensic examination. Classroom training is led by experienced, practicing computer examiners who are CCFE certified. Instructor support begins at the classroom training and extends beyond the classroom session via email to assist students in fine tuning report writing skills. 

The training is sectioned into eight modules. The material is constantly being revised and is subject to change. The current modules consist of:


    MODULE 1
  • Module 1A - Course Introduction
  • Module 1B - Computer Forensics and Investigation as a Profession

  • • Define computer forensics
    • Describe how to prepare for computer investigations and explain the difference between law enforcement agency and corporate investigations
    • Explain the importance of maintaining professional conduct

  • Module 1C - Digital Evidence - Legal Issues

  • • Identifying Digital Evidence

    • Evidence Admissibility

    • Federal Rules of Evidence

    • Daubert Standard

    • Discovery

    • Warrants

    • What is Seizure?

    • Consent Issues

    • Expert Witness

    • Roles and responsibilities

    • Ethics: (ISC)2, AAFS, ISO

    MODULE 2
  • Module 2A - Investigations

  • • Investigative Process

    • Chain of Custody

    • Incident Response

    • E-Discovery

    • Criminal v. Civil v. Administrative Investigations

    • Intellectual Property
    • Reporting
    • Quality Control
       -- Lab and Tool
       -- Investigator
       -- Examination
       -- Standards
    • Evidence Management
       -- SOPs
       -- Collection
       -- Documentation
       -- Preservation
       -- Transport / Tracking
       -- Storage / Access Control
       -- Disposition

  • Module 2B - Current Computer Forensics Tools and Hardware

  • • Commercial

    • Free / Open Source



  • Module 3A - Forensic Science Fundamentals
  • • Principles and Methods

    ---Locard's Principle, Inman-Rudin Paradigm, Scientific Method, Peer Review

    • Forensic Analysis Process


  • Module 3B - Hardware

  • • Storage Media
    ---Hard Disk Geometry, Solid State Drives, RAIDS

    • Operating System
    ---Boot Process, BIOS/CMOS, The Swap File

  • Module 3C - File Systems

  • • File Systems
    ---NTFS File System, FAT File System, HFS+, Ext2/3/4, Embedded

    • Erased vs. Deleted

    • Live Forensics

  • Module 4A - Hardware Forensics

  • • Keyword Searching

    • Metadata

    • Time Line Analysis

    • Hash Analysis

    • File Signatures
       -- File Filtering (KFF)

    • Volume Shadow Copies

    • Time Zone Issues

    • Link Files

    • Print Spool

    • Deleted Files

       -- Recycle Bin Forensics

    • File Slack

    • Damaged Media

       -- Physical Damage

       -- Logical Damage

       -- File Carving

    • Registry Forensics

       -- USB Devices

       -- HKLM

    • Multimedia Files

       -- EXIF Data

    • Compound Files

       -- Compression

       -- Ole

       -- ADS

    • Passwords













  • Module 4B - Web Application Forensics

  • • Common Web Attack Vectors

        -- SQL Injection
        --Cross-Site Scripting  

    • Browser Artifacts
    • Email Investigators
       -- Email Headers
       --Email Files
    • Messaging Forensics
    • Database Forensics
    • Software Forensics
      -- Traces and Application Debris
      -- Software Analysis (Hashes, Code Comparison Techniques, etc.)

    • Malware Analysis
      -- Malware Types and Behavior
      -- Static vs. Dynamic Analysis


  • • TCP/IP

        -- IP Addressing -- Proxies -- Ports and services

    • Types of Attacks
    • Wired vs. Wireless
    • Network Devices Forensics
       -- Routers, --Firewalls, --Examining Logs
    • Packet Analysis
    • OS Utilities
      -- Netstat
      -- Net sessions
      -- Openfiles

    • Networking Monitoring Tools
      -- SNORT
      -- Wire shark
      -- NetworkMiner


  • MODULE 6 - Anti-Forensics

  • • Hiding

         -- Encryption (Symmetric, Asymmetric, TrueCrypt Hidden Partitions)
         -- Steganography
         -- Packing
         -- Hidden Devices (NAS)
         -- Tunneling / Onion Routing

    • Destruction
         -- Wiping/Overwriting
         -- Corruption / Degaussing
    • Spoofing
         -- Address Spoofing
         -- Data Spoofing (Timestamping)
    • Log Tampering
    • Live Operating Systems


  • MODULE 7 - Mobile Devices

  • • Types of Devices

         -- GPS
         -- Cell Phones
         -- Tablets

    • Vendor and Carrier Identification
         -- Obtaining Information from Cellular Provider
    • GSM vs. CDMA
    • SIM Cards
    • Common Tools
    • Methodology
    • Advanced Mobile Forensics (JTAG, chip-off)


  • MODULE 8 - New and Emerging Technology

  • • Legal Issues (Privacy, Obtaining Warrants)

    • Social Networks Forensics
         -- Types of Social Networks
         -- Types of Evidence
         -- Collecting Data
    • Virtualization
         -- Virtualization Forensics
         -- Use of Virtualization in Forensics
    • Cloud Forensics
         -- Types of Cloud Services
         -- Challenges of Cloud Forensics
    • Big Data
    • Control Systems and IoT



  • • Morning Session is spent finishing up any loose ends, dealing with exam prep issues and review

    • Late morning to early afternoon, we start the certification by providing time take the written component of the CCFE Certification exam.

    • Upon successful completion, students receive the remaining components to the CCFE exam to complete at home.



Dates & Locations

The best in the world come train with us

See what our students are saying

  • David S.

    Senior Consultant

    "knowledgable and passionate instructor"

    "I was impressed. The instructor was very knowledgeable about all the material and the industry. He is obviously passionate about forensics and security which helps students to get excited about the material as well."

    Find out more
  • Mari  T.

    Loehrs and Associates

    "real-world knowledge was just as valuable"

    "The forensics training was excellent. The material was excellent and the instructor's real-world knowledge was just as valuable as the course material. He was very personable and engaged the students."

    Find out more
  • Sam C.


    "Over and above what was expected"

    "Over and above what was expected. I am sure his goal was that everyone in the class passed the written portion of the test, and he gave everyone the best advice to pass the exam. And I passed!"

    Find out more
  • Jason P.



    "Jeremy is a genius. I'm glad he is on our side. I would take another course with InfoSec in a heartbeat."

    Find out more

Computer Forensics Boot Camp Review By Anthony Pullano, Chief Examiner of Cyber Stalking at Legal Aid Society of Palm Beach County
Rating: 5 out of 5.
The instructor demonstrated a wealth of knowledge, and a willingness to provide each student with personal guidance, providing us with the tools for success.

Certifications & Compliance

CCFE (Certified Computer Forensics Examiner) CCFP (Certified Computer Forensics Professional)

This Computer Forensics training course prepares you for 2 industry recognized computer forensics certifications. As a vendor neutral training provider, InfoSec Institute has recognized that many students require more than one computer forensics certification. The training class will prepare you to take:

  • IACRB's Certified Computer Forensics Examiner (CCFE) Certification
    ISC(2)'s Certified Computer Forensics Professional (CCFP) Certification

    The CCFE will be taken in class on the last day of the training course. All CCFE & CCFP exam fees are included.

Pricing for Computer Forensics - including these certs


Call (866)-471-0059 or fill out this short form for current pricing


  • $1500 worth of tools
    and software!

    InfoSec's Computer Forensics Enterprise Suite, includes every program covered in the course .We have this Tool Suite available for individual purchase for $1,499!

    Many course package options include a full license to Paraben P2 Commander - ask your account representative as other packages may be available.

  • Course Materials, Test Fees and Class Guarantees!

    Guaranteed small class size, you get an intimate learning setting not offered at any of our computer forensics competitors.

    6 Full Days of Boot camp style training --- our instructors teach from 8am to 10:30pm every day. Course runs from 8am to 5pm daily with optional ethical capture the flag hacking exercises to 10:30pm.

    All meals, snacks and refreshments included. Snacks not included in Las Vegas courses.

    CCFE & CCFP computer forensics certification fees included

  • Continued Access to
    the Course ONLINE

    Total Access to our Computer Forensics Training Course Online:

    The class is structured for maximum retention of knowledge learned in class. Because we believe in a commitment to your ongoing education after you attend a hands-on Forensics boot camp, we will make the online version of this class available to you for 30-days for continued self-paced learning, refresh, clarification. Ask your account rep for access after you have completed the course.

Other Related Tools & Resources For Our Students

Be sure to check out our R&D site. We post tutorials, labs, white papers and articles to help you in your continued education. There are frequently forensics videos available. If you haven't taken a course with us yet, check out some of the types of thigns you'll be doing and learning about in class.

  • Computer Forensics: Snort Logs Analysis
  • 04/07/2011

    Sometimes the best evidence of a network intrusion resides in network or traffic logs. Snort is a well known open-source traffic analysis and network intrusion detection tool. However, using the logs from Snort we can also see how the intrusion happened, rather than just that an intrusion happened. We’ll use Snort to show how we can […]

    The post Computer Forensics: Snort Logs Analysis appeared first on InfoSec Resources.

InfoSec Institute has an excellent instructor and this is the best IT security class I have ever taken. His knowledge and method of teaching are unsurpassed.