Earn your next certification, guaranteed!

Computer and Mobile Forensics Training Boot Camp

Learn how to investigate cybercrime! This popular boot camp goes in-depth into the tools, techniques and processes used by forensics examiners to find and extract evidence from computers and mobile devices.

Earn your CCFE and CMFE, guaranteed!

Boot camp overview

Infosec’s Computer and Mobile Forensics Boot Camp teaches you how to identify, preserve, extract, analyze and report forensic evidence on computers and mobile devices. You will learn about the challenges of computer and mobile forensics, walk through the process of analysis and examination of operating systems and mobile devices, and gain a deep understanding of differences in evidence locations and examination techniques on Windows and Linux computers and Android, iOS and Windows phones.

More than 30 hands-on labs simulating a real cybercrime investigation provide you with practical experience using commercial and opensource forensic tools. The boot camp also prepares you to earn two popular certifications: the Certified Computer Forensics Examiner (CCFE) and the Certified Mobile Forensics Examiner (CMFE).

Skill up and get certified, guaranteed

Exam Pass Guarantee

If you don’t pass your exam on the first attempt, get a second attempt for free. Includes the ability to re-sit the course for free for up to one year.

100% Satisfaction Guarantee

If you’re not 100% satisfied with your training at the end of the first day, you may withdraw and enroll in a different Flex Pro or Flex Classroom course.

Knowledge Transfer Guarantee

If an employee leaves within three months of obtaining certification, Infosec will train a different employee at the same organization tuition-free for up to one year.

What's included?

93% pass rate — the best in the industry

  • Seven days of training with an expert forensics instructor
  • Immediate access to in-depth forensics pre-study course
  • Infosec proprietary digital courseware (physical textbooks available to purchase)
  • CCFE and CMFE exam vouchers
  • 90-day access to cyber range (Flex Pro)
  • 90-day access to course replays (Flex Pro)
  • Curated videos from other top-rated instructors (add-on)
  • 100% Satisfaction Guarantee
  • Exam Pass Guarantee (Flex Pro)

Hands-on labs

Play the part of a forensic examiner in our custom lab environment. More than 30 labs containing over a hundred exercises follow a cohesive scenario, providing you with a complete experience of a forensic investigation, from identifying evidence in a crime scene to extracting and examining artifacts from the suspect’s and victim’s computers. You will use popular commercial and opensource tools to practice and learn new skills in forensics image creation and analysis, examining file signatures and metadata, memory forensics, browser and email forensics, examining social media and cloud artifacts, and many other areas of forensic analysis.

Award-winning training that you can trust

Rising Star

Partner Award

G2 Crowd Leader

Technical Skills Development Software

Gold Winner

Best Cybersecurity Education Provider

Publisher's Choice

Security Training for Infosec Professionals

Top 20 Company

IT Training

Who should attend?

  • Law enforcement professionals looking to expand
    into computer crime investigations
  • Legal professionals
  • IT and information security professionals being tasked
    with corporate forensics and incident handling
  • Anyone with a desire to learn about computer
    forensics and develop their skills

Prerequisites

Students must have no criminal record. Basic computer skills, including the ability or desire to work outside the Windows GUI interface, are necessary. A+ certification and/or similar training and experience is not required, but recommended.

This is a very in-depth training course and is not intended for individuals who have limited or no computer skills.

Why choose Infosec

Your flexible learning experience

Infosec Flex makes expert, live instruction convenient with online and in-person formats tailored to how, when and where you learn best.

Public training boot camps held nationwide

  • Pre-study course materials
  • Live instruction
  • Digital courseware
  • Daily reinforcement materials
  • Catered lunches
  • Infosec community forum access
  • 100% Satisfaction Guarantee
  • Knowledge Transfer Guarantee

Most Popular

Immersive, live-streamed instruction

  • Pre-study course materials
  • Live instruction
  • Digital courseware
  • Daily reinforcement materials
  • Detailed performance reporting
  • Video replays
  • 90-day extended access to materials
  • Infosec community forum access
  • Exam Pass Guarantee
  • 100% Satisfaction Guarantee
  • Knowledge Transfer Guarantee

Tailored team training at your location

  • Pre-study course materials
  • Live, customized instruction at your location
  • Digital courseware
  • Daily reinforcement materials
  • Detailed team performance reporting
  • Video replays
  • 90-day extended access to materials
  • Infosec community forum access
  • Exam Pass Guarantee
  • 100% Satisfaction Guarantee
  • Knowledge Transfer Guarantee

Benefits and goals

This training immerses you in computer forensics and investigations through engaging lectures and hands-on labs. Upon completion, you will have an understanding of:

  • Provisions of IT law
  • Complex technical forensics concepts
  • How to apply forensics concepts to forensic investigations
  • Evidence-handling procedures and the general rules of evidence
  • Key technologies used in computers and mobile devices
  • Full range of computer forensics tools
  • Acquiring forensic evidence
  • Locating forensic artifacts in various operating systems
  • Analyzing extracted evidence
  • Properly reporting findings
  • Skills needed to track an offender on the internet
  • How to work with law enforcement
  • How to design an incident response strategy

Dual certification details

After completing this boot camp, you will be certified with
the following certifications:

  • Certified Computer Forensics Examiner (CCFE):
    The CCFE certification validates your knowledge of
    nine domains related to the computer forensics
    evidence recovery and analysis process.
  • Certified Mobile Forensics Examiner (CMFE):
    The CMFE certification validates your knowledge of five
    domains related to performing the mobile forensics
    process on different types of mobile devices.

Can’t get away for a week?

Learn forensics on-demand.

Get the cybersecurity training you need at a pace that fits your schedule with a subscription to Infosec Skills. Includes unlimited access to hundreds of additional on-demand courses — plus cloud-hosted cyber ranges where you can practice and apply knowledge in real-world scenarios — all for just $34 a month!

  • 400+ courses
  • 4 cyber range environments
  • 100+ hands-on labs
  • Certification practice exams
  • 50+ learning paths

You're in good company.

"I’ve taken five boot camps with Infosec and all my instructors have been great."

Jeffrey Coa

Information Security Systems Officer

"The course not only met my expectations, but exceeded them. It was the most engaging online training I’ve ever had."

Val Vask

Commercial Technical Lead

"I knew Infosec could tell me what to expect on the exam and what topics to focus on most."

Julian Tang

Chief Information Officer

Our clients

FedEx
Microsoft
Bank of America
Defense Information Systems Agency
Symantec

Find your boot camp

Computer and Mobile Forensics Boot Camp details

Day 1
Course introduction

  • Computer forensics and investigation as a profession
  • Define computer forensics
  • Describe how to prepare for computer investigations and explain the difference between law enforcement agency and corporate investigations
  • Explain the importance of maintaining professional conduct

Digital evidence — legal issues

  • Identifying digital evidence
  • Evidence admissibility
  • Federal rules of evidence
  • Daubert standard
  • Discovery
  • Warrants
  • What is seizure?
  • Consent issues
  • Expert witness
  • Roles and responsibilities
  • Ethics
  • (ISC)²
  • AAFS
  • ISO

Investigations

  • Investigative process
  • Chain of custody
  • Incident response
  • E-discovery
  • Criminal vs. civil vs. administrative investigations
  • Intellectual property
    • Markman hearing
  • Reporting
  • Quality control
    • Lab and tool
    • Investigator
    • Examination
    • Standards
  • Evidence management
    • SOPS
    • Collection
    • Documentation
    • Preservation
    • Transport/tracking
    • Storage/access control
    • Disposition
  • Current computer forensics tools and hardware
    • Commercial
    • Free/open source

Day 2
Forensic science fundamentals

  • Principles and methods
    • Locard’s Principle
    • Inman-Rudin Paradigm
    • Scientific method
    • Peer review
  • Forensic analysis process

Hardware

  • Storage media
    • Hard disk geometry
    • Solid state drives
    • RAIDS
  • Operating system
    • Boot process
    • BIOS/CMOS
    • The Swap File

File systems

  • File systems
    • NTFS file system
    • FAT file system
    • HFS+
    • Ext2/3/4
    • Embedded
  • Erased vs. deleted
  • Live forensics

Day 3
File and operating system forensics

  • Keyword searching
  • Metadata
  • Timeline analysis
  • Hash analysis
  • File signatures
    • File filtering (KFF)
  • Volume Shadow Copies
  • Time zone issues
  • Link files
  • Print spool
  • Deleted files
    • Recycle bin forensics
  • File slack
  • Damaged media
    • Physical damage
    • Logical damage
    • File carving
  • Registry forensics
    • USB devices
    • HKLM
  • Multimedia files
    • EXIF data
  • Compound files
    • Compression
    • Ole
    • AD
    • Passwords

Web and application forensics

  • Common web attack vectors
    • SQL injection
    • Cross-site scripting
    • Cookies
  • Browser artifacts
  • Email investigations
    • Email headers
    • Email files
  • Messaging forensics
  • Database forensics
  • Software forensics
    • Traces and application debris
    • Software analysis (hashes, code comparison techniques, etc.)
  • Malware analysis
    • Malware types and behavior
    • Static vs. dynamic analysis

Day 4
Network forensics

  • TCP/IP
    • IP addressing
    • Proxies
    • Ports and services
  • Types of attacks
  • Wired vs. wireless
  • Network devices forensics
    • Routers
    • Firewalls
    • Examining logs

Packet analysis

  • OS utilities
    • Netstat
    • Net sessions
    • Openfles
  • Network monitoring tools
    • SNORT
    • Wireshark
    • NetworkMiner

Anti-forensics

  • Hiding
    • Encryption
    • Symmetric
    • Asymmetric
    • TrueCrypt hidden partitions
  • Steganography
  • Packing
  • Hidden devices (NAS)
  • Tunneling/Onion routing
  • Destruction
    • Wiping/overwriting
    • Corruption/degaussing
  • Spoofing
    • Address spoofing
    • Data spoofing
    • Timestomping
  • Log tampering
  • Live operating systems

Day 5
New & emerging technology

  • Legal issues (privacy, obtaining warrants)
  • Social networks forensics
  • Types of social networks
  • Types of evidence
  • Collecting data
  • Virtualization
  • Virtualization forensics
  • Use of virtualization in forensics
  • Cloud forensics
  • Types of cloud services
  • Challenges of cloud forensics
  • Big data
  • Control systems and IOT

Mobile forensics introduction

  • Types of devices
  • GPS
  • Cell phones
  • Tablets
  • Vendor and carrier identification
  • Obtaining information from cellular provider
  • GSM vs. CDMA
  • Common tools and methodology

Day 6
Mobile forensics process

  • Mobile forensics challenges
    • OS variety
    • Differences in hardware and filesystems
    • Security features
    • Data volatility
    • Cloud storage
  • Types of evidence found on mobile devices
  • Collecting mobile devices at the scene
    • Locating devices
    • Preserving volatile data
    • Physical components and accessories (SIM cards, SD cards, chargers, etc.)
    • Older phones and devices
  • Comparison of mobile operating systems
    • Android
    • iOS
    • Windows phone
    • Blackberry OS
  • Data acquisition methods
    • Logical acquisition
    • Physical acquisition
    • Manual acquisition
  • Reporting findings

Android forensics

  • Android platform
    • Hardware
    • SDK and debug bridge
    • File systems and data structures
  • Android security model
    • Secure kernel and permissions
    • Full disk encryption
    • App security
  • Bypassing Android security features
    • Bootloader/recovery mode
    • Rooting an Android device
    • Lock screen bypassing techniques
  • Android logical data acquisition and analysis
    • Extracting the /data directory
    • Device information
    • SMS/MMS, email, browsing and social networking data
    • App and cloud data
  • Android physical data acquisition
    • Hardware-based techniques
    • JTAG
    • Chip-off
    • Android data recovery techniques

Day 7
iOS forensics

  • Apple iOS platform
    • iOS devices and hardware
    • iOS versions, file system and architecture
  • iOS security
    • Passcode and Touch ID
    • Privilege separation
    • ASLR and data execution prevention
    • Encryption
  • Bypassing iOS security features
    • Operating modes of iOS devices
    • Custom RAMDisk
    • Jailbreaking
    • Bypassing passcode
    • Breaking iOS device encryption keys
    • Establishing trusted communication with desktop computer
  • iOS data acquisition and analysis
    • SQLite databases
    • Property lists
    • Other important files (cookies, keyboard cache, recordings, etc.)
  • iPhone/iCloud backups
    • Backup structure
    • Extracting and examining unencrypted backups
    • Encrypted backups (extracting and decrypting the keychain)
  • iOS data recovery techniques

Windows phones

  • Windows Phone OS: partitions and filesystems
  • Windows Phone security features
    • Secure boot
    • Application security and data protection
  • Windows Phone logical acquisition and analysis
    • Sideloading
    • Extracting SMS, email and application data
  • Windows 10 mobile OS forensics

Feature phones forensics

  • Acquiring and examining data from feature phones

Frequently asked questions

  • Why is getting certified an important part of a computer forensics career?
    • Receiving a CCFE or CMFE certification proves to employers that you possess fundamental knowledge of computer forensics across a breadth of related topics. Becoming certified will differentiate you from others vying for positions in the computer forensics market, showing that you are a skilled professional committed to excellence.

  • What career opportunities are afforded to graduates of this boot camp? How does this course prepare students to identify computer threats and investigate digital crime in the real world?
    • Graduates of the course are able to use their certification and experience from the boot camp as leverage to secure a job in the computer forensics industry. This course provides hands-on exposure to the tools and scenarios that computer forensics professionals work with every day, preparing our students with the necessary information they’ll need in order to deal with threats and crime in the digital world.

  • What’s the current job outlook for computer forensics professionals? What sectors/industries have the highest need for qualified professionals?
    • Apart from being a fast-growing field, the computer forensics industry is always welcoming new talents. The sectors and industries most commonly employing computer forensics professionals include legal firms, law enforcement and all levels of the government (FBI, IRS, CIA and the Department of Homeland Security).

  • What are the advantages of IACRB digital forensic certification over other similar certifications? How does this course prepare them for it?
    • Advantages include belonging to a reputable institution that is highly respected within the industry and the certification exam being a rigorous test of the skills designated to digital forensics professionals. This course is structured to give hands-on experience with the material surrounding the CCFE and CMFE so that students will feel confident in the skills they’ve developed throughout our boot camp.

  • How much programming experience is required to take this training? Do computer forensics investigators need to be competent programmers?
    • While programming skills can certainly help a computer forensics investigator, they are not necessarily required. This course does not require you to have any pre-existing computer programming knowledge. However, it is recommended that you do not take this course if you have limited or no computer skills whatsoever.

  • How has the computer forensics industry grown in recent years? Has the need for forensic skills changed within the last 5 or 10 years?
    • With new, emerging technologies and attitudes towards digital security changing every day, the need for qualified computer forensics professionals has grown fast in recent years. Changes include a shift towards mobile and cloud systems being adopted by the market, opening up various weaknesses that criminals can exploit. This boot camp has dedicated a sufficient amount of time to teach you how to deal with the developments in this ever-changing industry.

  • What job titles are most common for people who hold the IACRB CCFE certification?
    • CCFE holders have been employed by an array of industries, both corporate and legal. Common job titles include: digital forensic specialists, computer forensic analysts, computer forensic examiners, computer forensic investigators, cyber intelligence analysts, computer forensic consultants and many more!

  • What hardware and software is needed to complete this boot camp?
    • All of the required hardware and software is included with this boot camp. In addition, this course also provides you with access to 30+ labs containing over 100 exercises related to the daily job of a computer forensics professional.

  • Does the program accommodate particular areas of specialization in computer forensics?
    • Absolutely. The seven full days of intense instruction cover a wide variety of specialized topics, and this boot camp is structured to provide you with the experience and knowledge you will need to be a successful computer forensic investigator.

  • What does this computer forensics training offer that the other boot camps don’t?
    • This boot camp offers a dedicated, seven-day period of expert instruction that will immerse you in the world of computer forensics — giving you hands on experience with simulated crimes and investigations. In addition to this, our course will prepare you for two industry accredited certification exams, the CCFE and CMFE!

  • Is the live online Flex Pro boot camp as effective and informative as an in-person classroom would be?
    • As a live online Flex Pro boot camp student, you will receive the same expert instruction and materials as in-person students. You getthe same courseware, labs and exam vouchers as any other student — plus a variety of other exclusive benefits in your Infosec Flex Center, as well as an Exam Pass Guarantee!

  • Is it possible to get a one-on-one chat session with a boot camp teacher? How much feedback will I be able to get on my course material work?
    • Definitely! Our instructors spend 100% of their time working with students to help them understand all of the skills needed to acquire their CCFE or CMFE certifications. Providing you with one-to-one chat sessions and feedback on coursework from a computer forensics master is an incredibly valuable part of our instruction process.