Boot Camp

Computer and Mobile Forensics Training Boot Camp

Learn how to investigate cybercrime! This popular boot camp goes in-depth into the tools, techniques and processes used by forensics examiners to find and extract evidence from computers and mobile devices.

4.2 (443 ratings)

Get certified, guaranteed

Everything you need to earn your CMFE and CCFE

  • 90-day extended access to Boot Camp components, including class recordings
  • 100% Satisfaction Guarantee
  • Exam Pass Guarantee
  • Exam voucher
  • Free 90-day Infosec Skills subscription (access to 1,400+ additional courses and labs)
  • Hands-on cyber ranges and labs
  • Knowledge Transfer Guarantee
  • Onsite proctoring of exam
  • Pre-study learning path
  • Unlimited practice exam attempts

Award-winning training you can trust

Wistia video thumbnail

What you'll learn

Training overview

Infosec’s Computer and Mobile Forensics Boot Camp teaches you how to identify, preserve, extract, analyze and report forensic evidence on computers and mobile devices. You will learn about the challenges of computer and mobile forensics, walk through the process of analysis and examination of operating systems and mobile devices, and gain a deep understanding of differences in evidence locations and examination techniques on Windows and Linux computers and Android, iOS and Windows phones.

More than 30 hands-on labs simulating a real cybercrime investigation provide you with practical experience using commercial and open-source forensic tools. The boot camp also prepares you to earn two popular certifications: the Certified Computer Forensics Examiner (CCFE) and the Certified Mobile Forensics Examiner (CMFE).

Before your boot camp


Students must have no criminal record. Basic computer skills, including the ability or desire to work outside the Windows GUI interface, are necessary. A+ certification and/or similar training and experience is not required, but recommended.

This is a very in-depth training course and is not intended for individuals who have limited or no computer skills.


Training schedule

  • Day 1
    • Course introduction

      • Computer forensics and investigation as a profession
      • Define computer forensics
      • Describe how to prepare for computer investigations and explain the difference between law enforcement agency and corporate investigations
      • Explain the importance of maintaining professional conduct

      Digital evidence — legal issues

      • Identifying digital evidence
      • Evidence admissibility
      • Federal rules of evidence
      • Daubert standard
      • Discovery
      • Warrants
      • What is seizure?
      • Consent issues
      • Expert witness
      • Roles and responsibilities
      • Ethics
      • (ISC)²
      • AAFS
      • ISO


      • Investigative process
      • Chain of custody
      • Incident response
      • E-discovery
      • Criminal vs. civil vs. administrative investigations
      • Intellectual property
      • Reporting
      • Quality control
      • Evidence management
      • Current computer forensics tools and hardware
  • Day 2
    • Forensic science fundamentals

      • Principles and methods
      • Forensic analysis process


      • Storage media
      • Operating system

      File systems

      • File systems
      • Erased vs. deleted
      • Live forensics
  • Day 3
    • File and operating system forensics

      • Keyword searching
      • Metadata
      • Timeline analysis
      • Hash analysis
      • File signatures
      • Volume Shadow Copies
      • Time zone issues
      • Link files
      • Print spool
      • Deleted files
      • File slack
      • Damaged media
      • Registry forensics
      • Multimedia files
      • Compound files

      Web and application forensics

      • Common web attack vectors
      • Browser artifacts
      • Email investigations
      • Messaging forensics
      • Database forensics
      • Software forensics
      • Malware analysis
  • Day 4
    • Network forensics

      • TCP/IP
      • Types of attacks
      • Wired vs. wireless
      • Network devices forensics

      Packet analysis

      • OS utilities
      • Network monitoring tools


      • Hiding
      • Steganography
      • Packing
      • Hidden devices (NAS)
      • Tunneling/Onion routing
      • Destruction
      • Spoofing
      • Log tampering
      • Live operating systems
  • Day 5
    • New & emerging technology

      • Legal issues (privacy, obtaining warrants)
      • Social networks forensics
      • Types of social networks
      • Types of evidence
      • Collecting data
      • Virtualization
      • Virtualization forensics
      • Use of virtualization in forensics
      • Cloud forensics
      • Types of cloud services
      • Challenges of cloud forensics
      • Big data
      • Control systems and IOT

      Mobile forensics introduction

      • Types of devices
      • GPS
      • Cell phones
      • Tablets
      • Vendor and carrier identification
      • Obtaining information from cellular provider
      • GSM vs. CDMA
      • Common tools and methodology
  • Day 6
    • Mobile forensics process

      • Mobile forensics challenges
      • Types of evidence found on mobile devices
      • Collecting mobile devices at the scene
      • Comparison of mobile operating systems
      • Data acquisition methods
      • Reporting findings

      Android forensics

      • Android platform
      • Android security model
      • Bypassing Android security features
      • Android logical data acquisition and analysis
      • Android physical data acquisition
  • Day 7
    • iOS forensics

      • Apple iOS platform
      • iOS security
      • Bypassing iOS security features
      • iOS data acquisition and analysis
      • iPhone/iCloud backups
      • iOS data recovery techniques

      Windows phones

      • Windows Phone OS: partitions and filesystems
      • Windows Phone security features
      • Windows Phone logical acquisition and analysis
      • Windows 10 mobile OS forensics

      Feature phones forensics

      • Acquiring and examining data from feature phones

Guaranteed results

Our boot camp guarantees

Exam Pass Guarantee

If you don’t pass your exam on the first attempt, get a second attempt for free. Includes the ability to re-sit the course for free for up to one year (does not apply to CMMC-AB boot camps).

100% Satisfaction Guarantee

If you’re not 100% satisfied with your training at the end of the first day, you may withdraw and enroll in a different online or in-person course.

Knowledge Transfer Guarantee

If an employee leaves within three months of obtaining certification, Infosec will train a different employee at the same organization tuition-free for up to one year.

Unlock team training discounts

If you’re like many of our clients, employee certification is more than a goal — it’s a business requirement. Connect with our team to learn more about our training discounts.

Enroll in a boot camp

  • June 12, 2023 - June 18, 2023

    Online only

    Exam Pass Guarantee
  • July 17, 2023 - July 23, 2023

    Online only

    Exam Pass Guarantee
  • September 11, 2023 - September 17, 2023

    Online only

    Exam Pass Guarantee
  • November 13, 2023 - November 19, 2023

    Online only

    Exam Pass Guarantee
  • January 29, 2024 - February 4, 2024

    Online only

    Exam Pass Guarantee
  • February 26, 2024 - March 3, 2024

    Online only

    Exam Pass Guarantee