Computer and Mobile Forensics Training Boot Camp
Learn how to investigate cybercrime! This popular boot camp goes in-depth into the tools, techniques and processes used by forensics examiners to find and extract evidence from computers and mobile devices.
Earn your CCFE and CMFE, guaranteed!
- Exam Pass Guarantee (live online)
- 100% Satisfaction Guarantee
- CCFE and CMFE exam vouchers
- Unlimited CCFE and CMFE practice exam attempts
- Seven days live, expert forensics instruction (live online or in-person)
- Immediate access to Infosec Skills — including a bonus boot camp prep course — from the minute you enroll to 90 days after your boot camp
- Learn by doing with 100s of additional hands-on courses and labs
- 90-day access to all boot camp video replays and materials
- Knowledge Transfer Guarantee
Hands-on labs
Play the part of a forensic examiner in our custom lab environment. More than 30 labs containing over a hundred exercises follow a cohesive scenario, providing you with a complete experience of a forensic investigation, from identifying evidence in a crime scene to extracting and examining artifacts from the suspect’s and victim’s computers. You will use popular commercial and open-source tools to practice and learn new skills in forensics image creation and analysis, examining file signatures and metadata, memory forensics, browser and email forensics, examining social media and cloud artifacts, and many other areas of forensic analysis.
Dual certification details
After completing this boot camp, you will be certified with the following certifications:
- Certified Computer Forensics Examiner (CCFE):
The CCFE certification validates your knowledge of nine domains related to the computer forensics evidence recovery and analysis process. - Certified Mobile Forensics Examiner (CMFE):
The CMFE certification validates your knowledge of five domains related to performing the mobile forensics process on different types of mobile devices.
Training overview
Infosec’s Computer and Mobile Forensics Boot Camp teaches you how to identify, preserve, extract, analyze and report forensic evidence on computers and mobile devices. You will learn about the challenges of computer and mobile forensics, walk through the process of analysis and examination of operating systems and mobile devices, and gain a deep understanding of differences in evidence locations and examination techniques on Windows and Linux computers and Android, iOS and Windows phones.
More than 30 hands-on labs simulating a real cybercrime investigation provide you with practical experience using commercial and open-source forensic tools. The boot camp also prepares you to earn two popular certifications: the Certified Computer Forensics Examiner (CCFE) and the Certified Mobile Forensics Examiner (CMFE).
What you'll learn
- Provisions of IT law
- Complex technical forensics concepts
- How to apply forensics concepts to forensic investigations
- Evidence-handling procedures and the general rules of evidence
- Key technologies used in computers and mobile devices
- Full range of computer forensics tools
- Acquiring forensic evidence
- Locating forensic artifacts in various operating systems
- Analyzing extracted evidence
- Properly reporting findings
- Skills needed to track an offender on the internet
- How to work with law enforcement
- How to design an incident response strategy
Who should attend
- Law enforcement professionals looking to expand into computer crime investigations
- Legal professionals
- IT and information security professionals being tasked with corporate forensics and incident handling
- Anyone with a desire to learn about computer forensics and develop their skills
Prerequisites
Students must have no criminal record. Basic computer skills, including the ability or desire to work outside the Windows GUI interface, are necessary. A+ certification and/or similar training and experience is not required, but recommended.
This is a very in-depth training course and is not intended for individuals who have limited or no computer skills.
Get training resources sent to your inbox
Everything you need to earn your CCFE and CMFE
- Exam Pass Guarantee (live online)
- 100% Satisfaction Guarantee
- CCFE and CMFE exam vouchers
- 7 days live, expert forensics instruction (live online or in-person)
- Computer and Mobile forensics boot camp prep course
- Learn by doing with 100s of additional hands-on courses and labs
- 90-day access to all boot camp video replays and materials
- Knowledge Transfer Guarantee
Exam Pass Guarantee
We guarantee you’ll pass your exam on the first attempt. Learn more.
CCFE and CMFE training schedule
Infosec’s computer and mobile forensics training is more than just a boot camp. We support you before, during and after your live training to ensure you’re fully prepared for your exam — and get certified on your first attempt.
-
Before your boot camp
-
Start learning now. You’ll get immediate access to all the content in Infosec Skills, including an in-depth CCFE and CMFE prep course, the moment you enroll. Prepare for your live boot camp, uncover your knowledge gaps and maximize your training experience.
-
-
During your boot camp
-
Day 1
Course introduction- Computer forensics and investigation as a profession
- Define computer forensics
- Describe how to prepare for computer investigations and explain the difference between law enforcement agency and corporate investigations
- Explain the importance of maintaining professional conduct
Digital evidence — legal issues
- Identifying digital evidence
- Evidence admissibility
- Federal rules of evidence
- Daubert standard
- Discovery
- Warrants
- What is seizure?
- Consent issues
- Expert witness
- Roles and responsibilities
- Ethics
- (ISC)²
- AAFS
- ISO
Investigations
- Investigative process
- Chain of custody
- Incident response
- E-discovery
- Criminal vs. civil vs. administrative investigations
- Intellectual property
- Markman hearing
- Reporting
- Quality control
- Lab and tool
- Investigator
- Examination
- Standards
- Evidence management
- SOPS
- Collection
- Documentation
- Preservation
- Transport/tracking
- Storage/access control
- Disposition
- Current computer forensics tools and hardware
- Commercial
- Free/open source
Day 2
Forensic science fundamentals- Principles and methods
- Locard’s Principle
- Inman-Rudin Paradigm
- Scientific method
- Peer review
- Forensic analysis process
Hardware
- Storage media
- Hard disk geometry
- Solid state drives
- RAIDS
- Operating system
- Boot process
- BIOS/CMOS
- The Swap File
File systems
- File systems
- NTFS file system
- FAT file system
- HFS+
- Ext2/3/4
- Embedded
- Erased vs. deleted
- Live forensics
Day 3
File and operating system forensics- Keyword searching
- Metadata
- Timeline analysis
- Hash analysis
- File signatures
- File filtering (KFF)
- Volume Shadow Copies
- Time zone issues
- Link files
- Print spool
- Deleted files
- Recycle bin forensics
- File slack
- Damaged media
- Physical damage
- Logical damage
- File carving
- Registry forensics
- USB devices
- HKLM
- Multimedia files
- EXIF data
- Compound files
- Compression
- Ole
- AD
- Passwords
Web and application forensics
- Common web attack vectors
- SQL injection
- Cross-site scripting
- Cookies
- Browser artifacts
- Email investigations
- Email headers
- Email files
- Messaging forensics
- Database forensics
- Software forensics
- Traces and application debris
- Software analysis (hashes, code comparison techniques, etc.)
- Malware analysis
- Malware types and behavior
- Static vs. dynamic analysis
Day 4
Network forensics- TCP/IP
- IP addressing
- Proxies
- Ports and services
- Types of attacks
- Wired vs. wireless
- Network devices forensics
- Routers
- Firewalls
- Examining logs
Packet analysis
- OS utilities
- Netstat
- Net sessions
- Openfles
- Network monitoring tools
- SNORT
- Wireshark
- NetworkMiner
Anti-forensics
- Hiding
- Encryption
- Symmetric
- Asymmetric
- TrueCrypt hidden partitions
- Steganography
- Packing
- Hidden devices (NAS)
- Tunneling/Onion routing
- Destruction
- Wiping/overwriting
- Corruption/degaussing
- Spoofing
- Address spoofing
- Data spoofing
- Timestomping
- Log tampering
- Live operating systems
Day 5
New & emerging technology- Legal issues (privacy, obtaining warrants)
- Social networks forensics
- Types of social networks
- Types of evidence
- Collecting data
- Virtualization
- Virtualization forensics
- Use of virtualization in forensics
- Cloud forensics
- Types of cloud services
- Challenges of cloud forensics
- Big data
- Control systems and IOT
Mobile forensics introduction
- Types of devices
- GPS
- Cell phones
- Tablets
- Vendor and carrier identification
- Obtaining information from cellular provider
- GSM vs. CDMA
- Common tools and methodology
Day 6
Mobile forensics process- Mobile forensics challenges
- OS variety
- Differences in hardware and filesystems
- Security features
- Data volatility
- Cloud storage
- Types of evidence found on mobile devices
- Collecting mobile devices at the scene
- Locating devices
- Preserving volatile data
- Physical components and accessories (SIM cards, SD cards, chargers, etc.)
- Older phones and devices
- Comparison of mobile operating systems
- Android
- iOS
- Windows phone
- Blackberry OS
- Data acquisition methods
- Logical acquisition
- Physical acquisition
- Manual acquisition
- Reporting findings
Android forensics
- Android platform
- Hardware
- SDK and debug bridge
- File systems and data structures
- Android security model
- Secure kernel and permissions
- Full disk encryption
- App security
- Bypassing Android security features
- Bootloader/recovery mode
- Rooting an Android device
- Lock screen bypassing techniques
- Android logical data acquisition and analysis
- Extracting the /data directory
- Device information
- SMS/MMS, email, browsing and social networking data
- App and cloud data
- Android physical data acquisition
- Hardware-based techniques
- JTAG
- Chip-off
- Android data recovery techniques
Day 7
iOS forensics- Apple iOS platform
- iOS devices and hardware
- iOS versions, file system and architecture
- iOS security
- Passcode and Touch ID
- Privilege separation
- ASLR and data execution prevention
- Encryption
- Bypassing iOS security features
- Operating modes of iOS devices
- Custom RAMDisk
- Jailbreaking
- Bypassing passcode
- Breaking iOS device encryption keys
- Establishing trusted communication with desktop computer
- iOS data acquisition and analysis
- SQLite databases
- Property lists
- Other important files (cookies, keyboard cache, recordings, etc.)
- iPhone/iCloud backups
- Backup structure
- Extracting and examining unencrypted backups
- Encrypted backups (extracting and decrypting the keychain)
- iOS data recovery techniques
Windows phones
- Windows Phone OS: partitions and filesystems
- Windows Phone security features
- Secure boot
- Application security and data protection
- Windows Phone logical acquisition and analysis
- Sideloading
- Extracting SMS, email and application data
- Windows 10 mobile OS forensics
Feature phones forensics
- Acquiring and examining data from feature phones
-
-
After your boot camp
-
Your Infosec Skills access extends 90 days past your boot camp, so you can take additional time to prepare for your exam, get a head start on your next certification goal or start earning CPEs.
-