Computer and Mobile Forensics Training Boot Camp

Learn how to investigate cybercrime! This popular boot camp goes in-depth into the tools, techniques and processes used by forensics examiners to find and extract evidence from computers and mobile devices.

★★★★☆

4.2

(443 ratings)

Earn your CCFE and CMFE, guaranteed!

Seven days of expert, live forensics training
Exam Pass Guarantee
Exam voucher
Unlimited practice exam attempts
100% Satisfaction Guarantee
Free annual Infosec Skills subscription ($299 value!)
1-year access to all boot camp video replays and materials
Onsite proctoring of exam
Pre-study learning path
Knowledge Transfer Guarantee

Hands-on labs

Play the part of a forensic examiner in our custom lab environment. More than 30 labs containing over a hundred exercises follow a cohesive scenario, providing you with a complete experience of a forensic investigation, from identifying evidence in a crime scene to extracting and examining artifacts from the suspect’s and victim’s computers. You will use popular commercial and open-source tools to practice and learn new skills in forensics image creation and analysis, examining file signatures and metadata, memory forensics, browser and email forensics, examining social media and cloud artifacts, and many other areas of forensic analysis.

Dual certification details

After completing this boot camp, you will be certified with the following certifications:

Certified Computer Forensics Examiner (CCFE):
The CCFE certification validates your knowledge of nine domains related to the computer forensics evidence recovery and analysis process.
Certified Mobile Forensics Examiner (CMFE):
The CMFE certification validates your knowledge of five domains related to performing the mobile forensics process on different types of mobile devices.

View full course schedule

Training overview

Infosec’s Computer and Mobile Forensics Boot Camp teaches you how to identify, preserve, extract, analyze and report forensic evidence on computers and mobile devices. You will learn about the challenges of computer and mobile forensics, walk through the process of analysis and examination of operating systems and mobile devices, and gain a deep understanding of differences in evidence locations and examination techniques on Windows and Linux computers and Android, iOS and Windows phones.

More than 30 hands-on labs simulating a real cybercrime investigation provide you with practical experience using commercial and open-source forensic tools. The boot camp also prepares you to earn two popular certifications: the Certified Computer Forensics Examiner (CCFE) and the Certified Mobile Forensics Examiner (CMFE).

What you'll learn

Provisions of IT law
Complex technical forensics concepts
How to apply forensics concepts to forensic investigations
Evidence-handling procedures and the general rules of evidence
Key technologies used in computers and mobile devices
Full range of computer forensics tools
Acquiring forensic evidence
Locating forensic artifacts in various operating systems
Analyzing extracted evidence
Properly reporting findings
Skills needed to track an offender on the internet
How to work with law enforcement
How to design an incident response strategy

Who should attend

Law enforcement professionals looking to expand into computer crime investigations
Legal professionals
IT and information security professionals being tasked with corporate forensics and incident handling
Anyone with a desire to learn about computer forensics and develop their skills

Prerequisites

Students must have no criminal record. Basic computer skills, including the ability or desire to work outside the Windows GUI interface, are necessary. A+ certification and/or similar training and experience is not required, but recommended.

This is a very in-depth training course and is not intended for individuals who have limited or no computer skills.

Everything you need to earn your CCFE and CMFE

Seven days of expert, live forensics training
Exam Pass Guarantee
Exam voucher
Unlimited practice exam attempts
100% Satisfaction Guarantee
Free annual Infosec Skills subscription ($299 value!)
1-year access to all boot camp video replays and materials
Onsite proctoring of exam
Pre-study learning path
Knowledge Transfer Guarantee

View Pricing

Exam Pass Guarantee

We guarantee you’ll pass your exam on the first attempt. Learn more.

CCFE and CMFE training schedule

Infosec’s computer and mobile forensics training is more than just a boot camp. We support you before, during and after your live training to ensure you’re fully prepared for your exam — and get certified on your first attempt.

Before your boot camp
- Start learning now. You’ll get immediate access to all the content in Infosec Skills the moment you enroll. Prepare for your live boot camp, uncover your knowledge gaps and maximize your training experience.
During your boot camp
- Day 1
  Course introduction
  
  Computer forensics and investigation as a profession
  
  Define computer forensics
  
  Describe how to prepare for computer investigations and explain the difference between law enforcement agency and corporate investigations
  
  Explain the importance of maintaining professional conduct
  
  Digital evidence — legal issues
  
  Identifying digital evidence
  
  Evidence admissibility
  
  Federal rules of evidence
  
  Daubert standard
  
  Discovery
  
  Warrants
  
  What is seizure?
  
  Consent issues
  
  Expert witness
  
  Roles and responsibilities
  
  Ethics
  
  (ISC)²
  
  AAFS
  
  ISO
  
  Investigations
  
  Investigative process
  
  Chain of custody
  
  Incident response
  
  E-discovery
  
  Criminal vs. civil vs. administrative investigations
  
  Intellectual property
  
  Markman hearing
  
  Reporting
  
  Quality control
  
  Lab and tool
  
  Investigator
  
  Examination
  
  Standards
  
  Evidence management
  
  SOPS
  
  Collection
  
  Documentation
  
  Preservation
  
  Transport/tracking
  
  Storage/access control
  
  Disposition
  
  Current computer forensics tools and hardware
  
  Commercial
  
  Free/open source
  
  Day 2
  Forensic science fundamentals
  
  Principles and methods
  
  Locard’s Principle
  
  Inman-Rudin Paradigm
  
  Scientific method
  
  Peer review
  
  Forensic analysis process
  
  Hardware
  
  Storage media
  
  Hard disk geometry
  
  Solid state drives
  
  RAIDS
  
  Operating system
  
  Boot process
  
  BIOS/CMOS
  
  The Swap File
  
  File systems
  
  File systems
  
  NTFS file system
  
  FAT file system
  
  HFS+
  
  Ext2/3/4
  
  Embedded
  
  Erased vs. deleted
  
  Live forensics
  
  Day 3
  File and operating system forensics
  
  Keyword searching
  
  Metadata
  
  Timeline analysis
  
  Hash analysis
  
  File signatures
  
  File filtering (KFF)
  
  Volume Shadow Copies
  
  Time zone issues
  
  Link files
  
  Print spool
  
  Deleted files
  
  Recycle bin forensics
  
  File slack
  
  Damaged media
  
  Physical damage
  
  Logical damage
  
  File carving
  
  Registry forensics
  
  USB devices
  
  HKLM
  
  Multimedia files
  
  EXIF data
  
  Compound files
  
  Compression
  
  Ole
  
  AD
  
  Passwords
  
  Web and application forensics
  
  Common web attack vectors
  
  SQL injection
  
  Cross-site scripting
  
  Cookies
  
  Browser artifacts
  
  Email investigations
  
  Email headers
  
  Email files
  
  Messaging forensics
  
  Database forensics
  
  Software forensics
  
  Traces and application debris
  
  Software analysis (hashes, code comparison techniques, etc.)
  
  Malware analysis
  
  Malware types and behavior
  
  Static vs. dynamic analysis
  
  Day 4
  Network forensics
  
  TCP/IP
  
  IP addressing
  
  Proxies
  
  Ports and services
  
  Types of attacks
  
  Wired vs. wireless
  
  Network devices forensics
  
  Routers
  
  Firewalls
  
  Examining logs
  
  Packet analysis
  
  OS utilities
  
  Netstat
  
  Net sessions
  
  Openfles
  
  Network monitoring tools
  
  SNORT
  
  Wireshark
  
  NetworkMiner
  
  Anti-forensics
  
  Hiding
  
  Encryption
  
  Symmetric
  
  Asymmetric
  
  TrueCrypt hidden partitions
  
  Steganography
  
  Packing
  
  Hidden devices (NAS)
  
  Tunneling/Onion routing
  
  Destruction
  
  Wiping/overwriting
  
  Corruption/degaussing
  
  Spoofing
  
  Address spoofing
  
  Data spoofing
  
  Timestomping
  
  Log tampering
  
  Live operating systems
  
  Day 5
  New & emerging technology
  
  Legal issues (privacy, obtaining warrants)
  
  Social networks forensics
  
  Types of social networks
  
  Types of evidence
  
  Collecting data
  
  Virtualization
  
  Virtualization forensics
  
  Use of virtualization in forensics
  
  Cloud forensics
  
  Types of cloud services
  
  Challenges of cloud forensics
  
  Big data
  
  Control systems and IOT
  
  Mobile forensics introduction
  
  Types of devices
  
  GPS
  
  Cell phones
  
  Tablets
  
  Vendor and carrier identification
  
  Obtaining information from cellular provider
  
  GSM vs. CDMA
  
  Common tools and methodology
  
  Day 6
  Mobile forensics process
  
  Mobile forensics challenges
  
  OS variety
  
  Differences in hardware and filesystems
  
  Security features
  
  Data volatility
  
  Cloud storage
  
  Types of evidence found on mobile devices
  
  Collecting mobile devices at the scene
  
  Locating devices
  
  Preserving volatile data
  
  Physical components and accessories (SIM cards, SD cards, chargers, etc.)
  
  Older phones and devices
  
  Comparison of mobile operating systems
  
  Android
  
  iOS
  
  Windows phone
  
  Blackberry OS
  
  Data acquisition methods
  
  Logical acquisition
  
  Physical acquisition
  
  Manual acquisition
  
  Reporting findings
  
  Android forensics
  
  Android platform
  
  Hardware
  
  SDK and debug bridge
  
  File systems and data structures
  
  Android security model
  
  Secure kernel and permissions
  
  Full disk encryption
  
  App security
  
  Bypassing Android security features
  
  Bootloader/recovery mode
  
  Rooting an Android device
  
  Lock screen bypassing techniques
  
  Android logical data acquisition and analysis
  
  Extracting the /data directory
  
  Device information
  
  SMS/MMS, email, browsing and social networking data
  
  App and cloud data
  
  Android physical data acquisition
  
  Hardware-based techniques
  
  JTAG
  
  Chip-off
  
  Android data recovery techniques
  
  Day 7
  iOS forensics
  
  Apple iOS platform
  
  iOS devices and hardware
  
  iOS versions, file system and architecture
  
  iOS security
  
  Passcode and Touch ID
  
  Privilege separation
  
  ASLR and data execution prevention
  
  Encryption
  
  Bypassing iOS security features
  
  Operating modes of iOS devices
  
  Custom RAMDisk
  
  Jailbreaking
  
  Bypassing passcode
  
  Breaking iOS device encryption keys
  
  Establishing trusted communication with desktop computer
  
  iOS data acquisition and analysis
  
  SQLite databases
  
  Property lists
  
  Other important files (cookies, keyboard cache, recordings, etc.)
  
  iPhone/iCloud backups
  
  Backup structure
  
  Extracting and examining unencrypted backups
  
  Encrypted backups (extracting and decrypting the keychain)
  
  iOS data recovery techniques
  
  Windows phones
  
  Windows Phone OS: partitions and filesystems
  
  Windows Phone security features
  
  Secure boot
  
  Application security and data protection
  
  Windows Phone logical acquisition and analysis
  
  Sideloading
  
  Extracting SMS, email and application data
  
  Windows 10 mobile OS forensics
  
  Feature phones forensics
  
  Acquiring and examining data from feature phones
After your boot camp
- Your boot camp includes a 1-year subscription to Infosec Skills, so you can take additional time to prepare for your exam, get a head start on your next certification goal or start earning CPEs.

Free computer and mobile forensics training resources

Computer forensics Resource Hub

Explore our computer forensics resource hub to learn all about computer and network forensics, including exam information, study resources, salary data, job outlook and more.

See Resources

Computer forensics careers: Taking down a $1.2 billion Ponzi scheme

Few people know what it's like to help take down a $1.2 billion dollar Ponzi scheme, but that's exactly what today's guest did. Sam Rubin, VP at The Crypsis Group, explains how he had to re-create the crime within a courtroom, as well as the tasks of digital forensics folks at all levels, from intern to the person giving the testimony. There's a good chance you may want to go into a career in forensics after listening to all of Sam's stories.

Sam Rubin is a Vice President at The Crypsis Group, where he leads the firm’s Managed Security Services business, assists clients and develops the firm’s business expansion strategies. Sam is an industry-recognized cybersecurity professional with wide-ranging expertise in data breach incident response, digital forensics and cybersecurity risk management. Sam frequently serves as an expert witness and has provided expert opinions in numerous high-stakes matters, including a landmark civil trade secret misappropriation case, a criminal securities fraud matter and civil litigation stemming from a multi-billion-dollar Ponzi scheme. Sam is a frequent presenter, author and lecturer on cyber-related topics, including digital forensics and incident response, insider threats and information security best practices. Before joining Crypsis in 2017, Sam was at Stroz Friedberg, where he was Managing Director and head of the company’s west region digital forensic practice.

Listen Now

Getting started in digital forensics

Keatron Evans, Infosec instructor and Managing Partner at KM Cyber Security discusses the difference between computer, mobile and network forensics, how a forensics certification can progress your career and digital forensics questions from live viewers.