Computer Forensics Boot Camp
Learn how to investigate cybercrime! This boot camp goes in-depth into the tools, techniques and processes used by forensics examiners to find and extract evidence from computers.
Earn your CCFE, guaranteed!
- Exam Pass Guarantee
- 100% Satisfaction Guarantee
- CCFE exam voucher
- Unlimited CCFE practice exam attempts
- Five days live, expert CCFE instruction
- Immediate access to Infosec Skills from the minute you enroll to 90 days after your boot camp
- Learn by doing with 100s of additional hands-on courses and labs
- 90-day access to all boot camp video replays and materials
- Knowledge Transfer Guarantee
Hands-on labs
Play the part of a forensic examiner in our custom lab environment. More than 30 labs containing over a hundred exercises follow a cohesive scenario, providing you with a complete experience of a forensic investigation, from identifying evidence in a crime scene to extracting and examining artifacts from the suspect’s and victim’s computers. You will use popular commercial and open-source tools to practice and learn new skills in forensics image creation and analysis, examining file signatures and metadata, memory forensics, browser and email forensics, examining social media and cloud artifacts, and many other areas of forensic analysis.
Certification details
- Law, ethics and legal issues
- The investigation process
- Computer forensics tools
- Hard disk evidence recovery & integrity
- Digital device recovery & integrity
- File system forensics
- Evidence analysis & correlation
- Evidence recovery of Windows-based systems
- Network and volatile memory forensics
- Report writing
Training overview
Infosec’s Computer Forensics Boot Camp teaches you how to identify, preserve, extract, analyze and report forensic evidence on computers. You will learn about the challenges of computer forensics, walk through the process of analysis and examination of operating systems, and gain a deep understanding of differences in evidence locations and examination techniques on Windows and Linux computers.
More than 30 hands-on labs simulating a real cybercrime investigation provide you with practical experience using commercial and open-source forensic tools. This boot camp also prepares you to become a Certified Computer Forensics Examiner (CCFE).
What you'll learn
- Provisions of IT law
- Complex technical forensics concepts
- How to apply forensics concepts to forensic investigations
- Evidence-handling procedures and the general rules of evidence
- Key technologies used in computers
- Full range of computer forensics tools
- Acquiring forensic evidence
- Locating forensic artifacts in various operating systems
- Analyzing extracted evidence
- Properly reporting findings
- Skills needed to track an offender on the internet
- How to work with law enforcement
- How to design an incident response strategy
Who should attend
- Law enforcement professionals looking to expand into computer crime investigations
- Legal professionals
- IT/Infosec pros tasked with corporate forensics and incident handling
- Anyone with a desire to learn about computer forensics and develop their skills
Prerequisites
Students must have no criminal record. Basic computer skills, including the ability or desire to work outside the Windows GUI interface, are necessary. A+ certification and/or similar training and experience is not required, but recommended. This is a very in depth training course and is not intended for individuals who have limited or no computer skills.
Everything you need to earn your CCFE
- Exam Pass Guarantee
- 100% Satisfaction Guarantee
- CCFE exam voucher
- 5 days live, expert CCFE instruction
- Learn by doing with 100s of additional hands-on courses and labs
- 90-day access to all boot camp video replays and materials
- Knowledge Transfer Guarantee
Exam Pass Guarantee
We guarantee you’ll pass your exam on the first attempt. Learn more.Â
CCFE training schedule
Infosec’s CCFE training is more than just a boot camp. We support you before, during and after your live training to ensure you’re fully prepared for your exam — and get certified on your first attempt.
-
Before your boot camp
-
Start learning now. You’ll get immediate access to all the content in Infosec Skills the moment you enroll. Prepare for your live boot camp, uncover your knowledge gaps and maximize your training experience.
-
-
During your boot camp
-
Day 1
- Course introduction
- Computer Forensics and investigation as a profession
- Define computer forensics
- Describe how to prepare for computer investigations and explain the difference between law enforcement agency and corporate investigations
- Explain the importance of maintaining professional conduct
- Digital evidence — legal issues
- Identifying digital evidence
- Evidence admissibility
- Federal rules of evidence
- Daubert standard
- Discovery
- Warrants
- What is seizure?
- Consent issues
- Expert witness
- Roles and responsibilities
- Ethics
- (ISC)²
- AAFS
- ISO
- Investigations
- Investigative process
- Chain of custody
- Incident response
- E-discovery
- Criminal v. civil v. administrative investigations
- Intellectual property
- Markman hearing
- Reporting
- Quality control
- Lab and tool
- Investigator
- Examination
- Standards
- Evidence management
- SOPS
- Collection
- Documentation
- Preservation
- Transport/tracking
- Storage/access control
- Disposition
- Current computer forensics tools and hardware
- Commercial
- Free/open source
Day 2
- Forensic science fundamentals
- Principles and methods
- Locard’s Principle
- Inman-Rudin Paradigm
- Scientific method
- Peer review
- Forensic analysis process
- Principles and methods
- Hardware
- Storage media
- Hard disk geometry
- Solid state drives
- RAIDS
- Operating system
- Boot process
- BIOS/CMOS
- The Swap File
- Storage media
- File systems
- File systems
- NTFS file system
- FAT file system
- HFS+
- Ext2/3/4
- Embedded
- Erased vs. deleted
- Live Forensics
- File systems
Day 3
- File and Operating System Forensics
- Keyword Searching
- Metadata
- Time line analysis
- Hash analysis
- File signatures
- File filtering (KFF)
- Volume shadow copies
- Time zone issues
- Link files
- Print Spool
- Deleted files
- Recycle bin forensics
- File slack
- Damaged media
- Physical damage
- Logical damage
- File carving
- Registry forensics
- USB devices
- HKLM
- Multimedia files
- EXIF data
- Compound files
- Compression
- Ole
- AD
- Passwords
- Web and application forensics
- Common web attack vectors
- SQL injection
- Cross-site scripting
- Cookies
- Browser artifacts
- Email investigations
- Email headers
- Email files
- Messaging forensics
- Database forensics
- Software forensics
- Traces and application debris
- Software analysis (hashes, code comparison techniques, etc.)
- Malware analysis
- Malware types and behavior
- Static vs. dynamic analysis
- Common web attack vectors
Day 4
- Network forensics
- TCP/IP
- IP addressing
- Proxies
- Ports and services
- Types of attacks
- Wired vs. wireless
- Network devises forensics
- Routers
- Firewalls
- Examining logs
- TCP/IP
- Packet analysis
- OS utilities
- Netstat
- Net sessions
- Openfles
- Network monitoring tools
- SNORT
- Wireshark
- NetworkMiner
- OS utilities
- Anti-forensics
- Hiding
- Encryption
- Symmetric
- Asymmetric
- TrueCrypt hidden partitions
- Steganography
- Packing
- Hidden devices (NAS)
- Tunneling/Onion routing
- Destruction
- Wiping/overwriting
- Corruption/degaussing
- Spoofing
- Address spoofing
- Data spoofing
- Timestamping
- Log tampering
- Live operating systems
- Hiding
Day 5
- New & emerging technology
- Legal issues (privacy, obtaining warrants)
- Social networks forensics
- Types of social networks
- Types of evidence
- Collecting data
- Virtualization
- Virtualization forensics
- Use of virtualization in forensics
- Cloud forensics
- Types of cloud services
- Challenges of cloud forensics
- Big data
- Control systems and IoT
- Mobile forensics
- Types of devices
- GPS
- Cell phones
- Tablets
- Vendor and carrier identification
- Obtaining information from a cellular provider
- GSM vs. CDMA
- Common tools and methodology
-
-
After your boot camp
-
Your Infosec Skills access extends 90 days past your boot camp, so you can take additional time to prepare for your exam, get a head start on your next certification goal or start earning CPEs.
-
Free CCFE training resources
Sign up