Uncertain Times — Infosec's here to help. Learn about our COVID-19 Response Package.

Computer Forensics Boot Camp

Learn how to investigate cybercrime! This boot camp goes in-depth into the tools, techniques and processes used by forensics examiners to find and extract evidence from computers.

Train from home — save up to $1,000

Get expert, live instruction without having to travel with an Infosec Flex Pro boot camp. We’ve trained 1,000s of students online over the past 5 years, helping our clients meet their career goals wherever they are most comfortable studying.

Now through the end of the month, you can enroll in any online Infosec Flex boot camp and save up to $1,000.

Earn your CCFE, guaranteed!

Boot camp overview

Infosec’s Computer Forensics Boot Camp teaches you how to identify, preserve, extract, analyze and report forensic evidence on computers. You will learn about the challenges of computer forensics, walk through the process of analysis and examination of operating systems, and gain a deep understanding of differences in evidence locations and examination techniques on Windows and Linux computers.

More than 30 hands-on labs simulating a real cybercrime investigation provide you with practical experience using commercial and opensource forensic tools. This boot camp also prepares you to become a Certified Computer Forensics Examiner (CCFE).

Skill up and get certified, guaranteed

Exam Pass Guarantee

If you don’t pass your exam on the first attempt, get a second attempt for free. Includes the ability to re-sit the course for free for up to one year.

100% Satisfaction Guarantee

If you’re not 100% satisfied with your training at the end of the first day, you may withdraw and enroll in a different Flex Pro or Flex Classroom course.

Knowledge Transfer Guarantee

If an employee leaves within three months of obtaining certification, Infosec will train a different employee at the same organization tuition-free for up to one year.

What's included?

93% pass rate — the best in the industry

  • Five days of training with an expert forensics instructor
  • Immediate access to in-depth computer forensics pre-study course
  • Infosec proprietary digital courseware (physical textbooks available to purchase)
  • CCFE exam voucher
  • 90-day access to cyber range (Flex Pro)
  • 90-day access to course replays (Flex Pro)
  • Curated videos from other top-rated instructors (Flex Pro)
  • 100% Satisfaction Guarantee
  • Exam Pass Guarantee (Flex Pro)

Limited-time offer: Continue learning after your boot camp with a complimentary 90-day subscription to Infosec Skills, which includes unlimited access to 500+ online courses, 100+ hands-on labs and projects, skill assessments, custom certification practice exams and more.

Hands-on labs

Play the part of a forensic examiner in our custom lab environment. More than 30 labs containing over a hundred exercises follow a cohesive scenario, providing you with a complete experience of a forensic investigation, from identifying evidence in a crime scene to extracting and examining artifacts from the suspect’s and victim’s computers. You will use popular commercial and open source tools to practice and learn new skills in forensics image creation and analysis, examining file signatures and metadata, memory forensics, browser and email forensics, examining social media and cloud artifacts, and many other areas of forensic analysis.

Award-winning training that you can trust

Infosec Skills

Best IT Security-related Training Program

Cyber Work with Chris Sienko

Best Cybersecurity Podcast

2019 Wisconsin Innovation Award


Rising Star

Partner Award

G2 Crowd Leader

Technical Skills Development Software

Who should attend?

  • Law enforcement professionals looking to expand into computer crime investigations
  • Legal professionals
  • IT/Infosec pros tasked with corporate forensics and incident handling
  • Anyone with a desire to learn about computer forensics and develop their skills


Students must have no criminal record. Basic computer skills, including the ability or desire to work outside the Windows GUI interface, are necessary. A+ certification and/or similar training and experience is not required, but recommended. This is a very in depth training course and is not intended for individuals who have limited or no computer skills.

Why choose Infosec

Your flexible learning experience

Infosec Flex makes expert, live instruction convenient with online and in-person formats tailored to how, when and where you learn best.

Public training boot camps held nationwide

  • Pre-study course materials
  • Live instruction
  • Digital courseware
  • Daily reinforcement materials
  • Catered lunches
  • Infosec community forum access
  • 100% Satisfaction Guarantee
  • Knowledge Transfer Guarantee

Most Popular

Immersive, live-streamed instruction

  • Pre-study course materials
  • Live instruction
  • Digital courseware
  • Daily reinforcement materials
  • Detailed performance reporting
  • Video replays
  • 90-day extended access to materials
  • Infosec community forum access
  • Exam Pass Guarantee
  • 100% Satisfaction Guarantee

Tailored team training at your location

  • Pre-study course materials
  • Live, customized instruction at your location
  • Digital courseware
  • Daily reinforcement materials
  • Detailed team performance reporting
  • Video replays
  • 90-day extended access to materials
  • Infosec community forum access
  • Exam Pass Guarantee
  • 100% Satisfaction Guarantee
  • Knowledge Transfer Guarantee

Benefits and goals

This training immerses you in computer forensics and investigations through engaging lectures and hands-on labs. Upon completion, you will have an understanding of:

  • Provisions of IT law
  • Complex technical forensics concepts
  • How to apply forensics concepts to forensic investigations
  • Evidence-handling procedures and the general rules of evidence
  • Key technologies used in computers
  • Full range of computer forensics tools
  • Acquiring forensic evidence
  • Locating forensic artifacts in various operating systems
  • Analyzing extracted evidence
  • Properly reporting findings
  • Skills needed to track an offender on the internet
  • How to work with law enforcement
  • How to design an incident response strategy

Certification details

This boot camp prepares you to become a Certified Computer Forensics Examiner. The CCFE certification validates your knowledge of nine domains related to the computer forensics evidence recovery and analysis process:

  • Law, ethics and legal issues
  • The investigation process
  • Computer forensics tools
  • Hard disk evidence recovery & integrity
  • Digital device recovery & integrity
  • File system forensics
  • Evidence analysis & correlation
  • Evidence recovery of Windows-based systems
  • Network and volitile memory forensics
  • Report writing

Can’t get away for a week?

Learn computer forensics on-demand.

Get the cybersecurity training you need at a pace that fits your schedule with a subscription to Infosec Skills. Includes unlimited access to hundreds of additional on-demand courses — plus cloud-hosted cyber ranges where you can practice and apply knowledge in real-world scenarios — all for just $34 a month!

  • 70+ learning paths
  • 500+ courses
  • Cloud-hosted cyber ranges and hands-on projects
  • Skill assessments and certification practice exams
  • Infosec community peer support

You're in good company.

"I’ve taken five boot camps with Infosec and all my instructors have been great."

Jeffrey Coa

Information Security Systems Officer

"Comparing Infosec to other vendors is like comparing apples to oranges. My instructor was hands-down the best I’ve had." 

James Coyle

FireEye, Inc.

"I knew Infosec could tell me what to expect on the exam and what topics to focus on most."

Julian Tang

Chief Information Officer

Our clients

Bank of America
Defense Information Systems Agency

Find your boot camp

Computer Forensics Boot Camp details

Day 1

  • Course introduction
  • Computer Forensics and investigation as a profession
    • Define computer forensics
    • Describe how to prepare for computer investigations and explain the difference between law enforcement agency and corporate investigations
    • Explain the importance of maintaining professional conduct
  • Digital evidence — legal issues
    • Identifying digital evidence
    • Evidence admissibility
      • Federal rules of evidence
      • Daubert standard
    • Discovery
    • Warrants
      • What is seizure?
      • Consent issues
    • Expert witness
    • Roles and responsibilities
    • Ethics
      • (ISC)²
      • AAFS
      • ISO
  • Investigations
    • Investigative process
    • Chain of custody
    • Incident response
    • E-discovery
    • Criminal v. civil v. administrative investigations
    • Intellectual property
      • Markman hearing
    • Reporting
    • Quality control
      • Lab and tool
      • Investigator
      • Examination
      • Standards
    • Evidence management
      • SOPS
      • Collection
      • Documentation
      • Preservation
      • Transport/tracking
      • Storage/access control
      • Disposition
  • Current computer forensics tools and hardware
    • Commercial
    • Free/open source

Day 2

  • Forensic science fundamentals
    • Principles and methods
      • Locard’s Principle
      • Inman-Rudin Paradigm
      • Scientific method
      • Peer review
    • Forensic analysis process
  • Hardware
    • Storage media
      • Hard disk geometry
      • Solid state drives
      • RAIDS
    • Operating system
      • Boot process
      • BIOS/CMOS
      • The Swap File
  • File systems
    • File systems
      • NTFS file system
      • FAT file system
      • HFS+
      • Ext2/3/4
      • Embedded
    • Erased vs. deleted
    • Live Forensics

Day 3

  • File and Operating System Forensics
    • Keyword Searching
    • Metadata
    • Time line analysis
    • Hash analysis
    • File signatures
      • File filtering (KFF)
    • Volume shadow copies
    • Time zone issues
    • Link files
    • Print Spool
    • Deleted files
      • Recycle bin forensics
    • File slack
    • Damaged media
      • Physical damage
      • Logical damage
      • File carving
    • Registry forensics
      • USB devices
      • HKLM
    • Multimedia files
      • EXIF data
    • Compound files
      • Compression
      • Ole
      • AD
    • Passwords
  • Web and application forensics
    • Common web attack vectors
      • SQL injection
      • Cross-site scripting
      • Cookies
    • Browser artifacts
    • Email investigations
      • Email headers
      • Email files
    • Messaging forensics
    • Database forensics
    • Software forensics
      • Traces and application debris
      • Software analysis (hashes, code comparison techniques, etc.)
    • Malware analysis
      • Malware types and behavior
      • Static vs. dynamic analysis

Day 4

  • Network forensics
    • TCP/IP
      • IP addressing
      • Proxies
      • Ports and services
    • Types of attacks
    • Wired vs. wireless
    • Network devices forensics
      • Routers
      • Firewalls
      • Examining logs
  • Packet analysis
    • OS utilities
      • Netstat
      • Net sessions
      • Openfles
    • Network monitoring tools
      • SNORT
      • Wireshark
      • NetworkMiner
  • Anti-forensics
    • Hiding
      • Encryption
      • Symmetric
      • Asymmetric
      • TrueCrypt hidden partitions
    • Steganography
    • Packing
    • Hidden devices (NAS)
    • Tunneling/Onion routing
    • Destruction
      • Wiping/overwriting
      • Corruption/degaussing
    • Spoofing
      • Address spoofing
      • Data spoofing
      • Timestomping
    • Log tampering
    • Live operating systems

Day 5

  • New & emerging technology
    • Legal issues (privacy, obtaining warrants)
    • Social networks forensics
    • Types of social networks
    • Types of evidence
    • Collecting data
    • Virtualization
    • Virtualization forensics
    • Use of virtualization in forensics
    • Cloud forensics
    • Types of cloud services
    • Challenges of cloud forensics
    • Big data
    • Control systems and IOT
  • Mobile forensics
    • Types of devices
    • GPS
    • Cell phones
    • Tablets
    • Vendor and carrier identification
    • Obtaining information from cellular provider
    • GSM vs. CDMA
    • Common tools and methodology