Advanced Computer Forensics Boot Camp

InfoSec Institute’s Authorized Computer Forensics Boot Camp prepares you for advanced computer forensics skills, involving a deep dive into volatile memory, registry artifact, file structure and rootkit analysis. 60% of this boot camp is hands-on training!

Award Winning Training

For 17 years InfoSec has been one of the most awarded and trusted IT training vendors - 42 industry awards!

Exam Pass Guarantee

We offer peace of mind with our Exam Pass Guarantee for Live Online students.

Analysts Recommended

IDC lists InfoSec Institute as Major Player in their Security Training Vendor Assessment.

Advanced Computer Forensics Course Overview

InfoSec Institute is proud to offer the Computer Forensics Boot Camp. Accelerated and taught in five (5) days, this in-depth course teaches you advanced computer forensics concepts. This course is intended for those that have either taken the InfoSec Institute Computer Forensics Boot Camp, or have experience in the computer forensic profession.

The most current, up-to-date hands-on forensics training available anywhere!

What You’ll LEARN

Already know how to acquire forensically sound images? Perform file carving? Take your existing forensic knowledge further and sharpen your skills with this Advanced Computer Forensics Boot Camp from InfoSec Institute. Upon the completion of our Advanced Computer Forensics Boot Camp, students will know how to: Students must have no criminal record. Computer forensic skills, including the ability or desire to work outside the Windows GUI interface, are necessary.


This is a very in depth training course and is not intended for individuals who have limited or no computer forensics skills.

Award Winning Training

InfoSecurity Products Guide 2016 SCAwards2014 2016 Top Training Company ATC of the Year Redmond Reader’s Choice Winner Virtualization

View Pricing

We will never share any of your information, spam you or annoy you with pushy sales pitches.

Daily Course Outline


Module 1: Advanced Analysis Concepts

  • Avoiding Speculation
  • Direct and Indirect Artifacts
  • Least Frequency of Occurrence
  • Documentation
  • Convergence
  • Virtualization

Module 2: Immediate Response

  • Prepared to Respond
  • Questions
  • The Importance of Preparation
  • Logs
  • Data Collection


Module 3: VSC Analysis

  • Registry Keys
  • Live Systems
  • Pro Discover
  • F-Response
  • Acquired lmages
  • VHD Method
  • VMware Method
  • Automating VSC Access
  • Pro Discover

Module 4: File Analysis

  • File System Tunneling
  • Event Logs
  • Windows Event Log
  • Recycle Bin
  • Prefetch Files
  • Scheduled Tasks
  • Skype
  • Apple Products
  • Image Files
  • ...more


Module 5: Registry Analysis

  • USB Device Analysis
  • System Hive
  • Software Hive
  • Application Analysis
  • NetworkLst
  • NetworkCards
  • Shell bags
  • MUICache
  • UserAssst
  • ...more

Module 6: Malware

  • Introduction and Overview
  • Malware Characteristics
  • Initial Infection Vector
  • Propagation Mechanism
  • Persistence Mechanism
  • Artifacts
  • Detecting Malware
  • Log Analysis
  • ...more


Module 7: Timeline Analysis

  • Data Sources
  • Time
  • User
  • TLN Format
  • File System Meta data
  • Event Logs
  • Windows
  • ...more

Module 8: Application Analysis

  • Log Files
  • Dynamic Analysis
  • Network Captures
  • Application Memory Analysis


Module 9: Mobile Forensics

  • Keyboard caches containing usernames, passwords, search terms, and historical fragments of typed communication.
  • Screenshots preserved from the last state of an application
  • Deleted images from the suspect’s photo library, camera roll, and browsing cache.
  • Deleted address book entries, contacts, calendar events, and other personal data.
  • Exhaustive call history
  • Map tile images from the iPhone’s Google Maps application,
  • Lookups and longitude/latitude coordinates of previous map searches, and coordinates of the last GPS fix.
  • Browser cache and deleted browser objects
  • Cached and deleted email messages
  • SMS messages
  • Deleted voicemail recordings
  • ...more

Our Major Clients

FedEx Microsoft Bank of America DISA Symantec

Interested in training?

You can register your interest and we’ll keep you up to date when public courses become available. You can also register your interest in on-site training.

Thanks! We’ll keep you updated
As soon as we have news of the status of this course, we’ll be in touch.
  • or call us on (866)-471-0059

We’ve trained over 50,000 happy people

Career Tracks

View instant course pricing

New Exam Pass Guarantee!

Our new Live Online format has produced excellent results. We trust the course quality will help you pass on your first exam attempt and this exam-pass guarantee backs up that trust.