Real-world experience for one of the fastest-growing careers in technology. Learn how to find evidence on computers, phones, and even cameras. See the dark side of computer crime, get a free forensics kit and leave certified
Course updated in 2016!
InfoSec Institute is proud to offer the Computer Forensics Boot Camp. Accelerated and taught in six (6) days, this in-depth course teaches students critical techniques and information of computer crime through use of the most popular computer forensic software.
Our Computer Forensics Boot Camp prepares students for the two industry recognized computer forensic certifications, the IACRB Certified Computer Forensics Examiner (CCFE) and (ISC)2 Certified Cyber Forensics Professional (CCFP). You are prepared for the certification examinations by teaching the necessary skills to recognize the overwhelming number of computer threats and crime. In addition, we teach how to investigate computer crime.
The CCFE certification is not only offered to individuals involved in cyber crime and law enforcement but to those who meet certain requirements and experience. To give students the opportunity to gain the most out of our Computer Forensics Boot Camp, we offer the ability to take the initial part of the CCFE exam on-site.
The CCFP credential indicates expertise in forensics techniques and procedures, standards of practice, and legal and ethical principles to assure accurate, complete, and reliable digital evidence admissible in a court of law. It also indicates the ability to apply forensics to other information security disciplines, such as e-discovery, malware analysis, or incident response. Our Computer Forensics Boot Camp, created and led by experienced CCFP-certified professionals, provides a comprehensive coverage of the six domains of the (ISC)2 CCFP CBK:
Upon the completion of our Computer Forensics Boot Camp, students will know how to:
The classroom training is typically highly structured and rigid; an intense week of instructor led, practical, hands-on training. Typically long days provide an intense week of submersion into computer forensic examination. Classroom training is led by experienced, practicing computer examiners who are CCFE certified. Instructor support begins at the classroom training and extends beyond the classroom session via email to assist students in fine tuning report writing skills.
The training is sectioned into eight modules. The material is constantly being revised and is subject to change. The current modules consist of:
• Define computer forensics
• Describe how to prepare for computer investigations and explain the difference between law enforcement agency and corporate investigations
• Explain the importance of maintaining professional conduct
• Identifying Digital Evidence
• Evidence Admissibility
• Federal Rules of Evidence
• Daubert Standard
• What is Seizure?
• Consent Issues
• Expert Witness
• Roles and responsibilities
• Ethics: (ISC)2, AAFS, ISO
• Investigative Process
• Chain of Custody
• Incident Response
• Criminal v. Civil v. Administrative Investigations
• Intellectual Property
• Quality Control
-- Lab and Tool
• Evidence Management
-- Transport / Tracking
-- Storage / Access Control
• Free / Open Source
MODULE 3: DIGITAL FORENSICS
• Principles and Methods
---Locard's Principle, Inman-Rudin Paradigm, Scientific Method, Peer Review
• Forensic Analysis Process
• Storage Media
---Hard Disk Geometry, Solid State Drives, RAIDS
• Operating System
---Boot Process, BIOS/CMOS, The Swap File
• File Systems
---NTFS File System, FAT File System, HFS+, Ext2/3/4, Embedded
• Erased vs. Deleted
• Live Forensics
MODULE 4 - ANALYZING DATA
• Keyword Searching
• Time Line Analysis
• Hash Analysis
• File Signatures
-- File Filtering (KFF)
• Volume Shadow Copies
• Time Zone Issues
• Link Files
• Print Spool
• Deleted Files
-- Recycle Bin Forensics
• File Slack
• Damaged Media
-- Physical Damage
-- Logical Damage
-- File Carving
• Registry Forensics
-- USB Devices
• Multimedia Files
-- EXIF Data
• Compound Files
• Common Web Attack Vectors
-- SQL Injection
• Browser Artifacts
• Email Investigators
-- Email Headers
• Messaging Forensics
• Database Forensics
• Software Forensics
-- Traces and Application Debris
-- Software Analysis (Hashes, Code Comparison Techniques, etc.)
• Malware Analysis
-- Malware Types and Behavior
-- Static vs. Dynamic Analysis
-- IP Addressing -- Proxies -- Ports and services
• Types of Attacks
• Wired vs. Wireless
• Network Devices Forensics
-- Routers, --Firewalls, --Examining Logs
• Packet Analysis
• OS Utilities
-- Net sessions
• Networking Monitoring Tools
-- Wire shark
-- Encryption (Symmetric, Asymmetric, TrueCrypt Hidden Partitions)
-- Hidden Devices (NAS)
-- Tunneling / Onion Routing
-- Corruption / Degaussing
-- Address Spoofing
-- Data Spoofing (Timestamping)
• Log Tampering
• Live Operating Systems
• Types of Devices
-- Cell Phones
• Vendor and Carrier Identification
-- Obtaining Information from Cellular Provider
• GSM vs. CDMA
• SIM Cards
• Common Tools
• Advanced Mobile Forensics (JTAG, chip-off)
• Legal Issues (Privacy, Obtaining Warrants)
• Social Networks Forensics
-- Types of Social Networks
-- Types of Evidence
-- Collecting Data
-- Virtualization Forensics
-- Use of Virtualization in Forensics
• Cloud Forensics
-- Types of Cloud Services
-- Challenges of Cloud Forensics
• Big Data
• Control Systems and IoT
• Morning Session is spent finishing up any loose ends, dealing with exam prep issues and review
• Late morning to early afternoon, we start the certification by providing time take the written component of the CCFE Certification exam.
• Upon successful completion, students receive the remaining components to the CCFE exam to complete at home.
This Computer Forensics training course prepares you for 2 industry recognized computer forensics certifications. As a vendor neutral training provider, InfoSec Institute has recognized that many students require more than one computer forensics certification. The training class will prepare you to take:
InfoSec's Computer Forensics Enterprise Suite, includes every program covered in the course .We have this Tool Suite available for individual purchase for $1,499!
Many course package options include a full license to Paraben P2 Commander - ask your account representative as other packages may be available.
Guaranteed small class size, you get an intimate learning setting not offered at any of our computer forensics competitors.
6 Full Days of Boot camp style training --- our instructors teach from 8am to 10:30pm every day. Course runs from 8am to 5pm daily with optional ethical capture the flag hacking exercises to 10:30pm.
All meals, snacks and refreshments included. Snacks not included in Las Vegas courses.
CCFE & CCFP computer forensics certification fees included
Total Access to our Computer Forensics Training Course Online:
The class is structured for maximum retention of knowledge learned in class. Because we believe in a commitment to your ongoing education after you attend a hands-on Forensics boot camp, we will make the online version of this class available to you for 30-days for continued self-paced learning, refresh, clarification. Ask your account rep for access after you have completed the course.
Be sure to check out our R&D site. We post tutorials, labs, white papers and articles to help you in your continued education. There are frequently forensics videos available. If you haven't taken a course with us yet, check out some of the types of thigns you'll be doing and learning about in class.
Lets pick up where we left off with the rootkit and post-exploitation video (http://www.youtube.com/watch?v=izv1b-BTQFw). Except, we are now doing incident response. First you’ll see some normal live forensics on the victim and come up with nothing. Then we show how using network forensics techniques (looking at the victim from the outside) we start to see […]
The post Incident Response and Computer Forensics on Rootkits appeared first on InfoSec Resources.
This analysis comes in handy in computer forensics cases such as porn or child pornography investigations. This video shows how to search through hundreds of thousands of images on a hard drive and find only those with human flesh tones in them. We also look at Slack/Free Space and OLE Objects This is just one […]
The post Flesh Tone Analysis – Intermediate Computer Forensics appeared first on InfoSec Resources.
Alternate Data Streams are a way to store data on a machine that is not readily accessible to users. Using ADS, files are not easily accessible by Windows operating system and they do not show up in any file directory. Windows generates it’s own ADS files and most P2P software typically utilize ADS. In this […]
Sometimes the best evidence of a network intrusion resides in network or traffic logs. Snort is a well known open-source traffic analysis and network intrusion detection tool. However, using the logs from Snort we can also see how the intrusion happened, rather than just that an intrusion happened. We’ll use Snort to show how we can […]