Infosec’s Computer Forensics Boot Camp teaches you how to identify, preserve, extract, analyze and report forensic evidence on computers. You will learn about the challenges of computer forensics, walk through the process of analysis and examination of operating systems, and gain a deep understanding of differences in evidence locations and examination techniques on Windows and Linux computers.

More than 30 hands-on labs simulating a real cybercrime investigation provide you with practical experience using commercial and opensource forensic tools. This boot camp also prepares you to become a Certified Computer Forensics Examiner (CCFE).

• Five days of training with an expert forensics instructor
• Immediate access to in-depth computer forensics pre-study course
• Infosec proprietary digital courseware (physical textbooks available to purchase)
• CCFE exam voucher
• 90-day access to cyber range (Flex Pro)
• 90-day access to course replays (Flex Pro)
• Curated videos from other top-rated instructors (Flex Pro)
• 100% Satisfaction Guarantee
• Exam Pass Guarantee (Flex Pro)

Play the part of a forensic examiner in our custom lab environment. More than 30 labs containing over a hundred exercises follow a cohesive scenario, providing you with a complete experience of a forensic investigation, from identifying evidence in a crime scene to extracting and examining artifacts from the suspect’s and victim’s computers. You will use popular commercial and open source tools to practice and learn new skills in forensics image creation and analysis, examining file signatures and metadata, memory forensics, browser and email forensics, examining social media and cloud artifacts, and many other areas of forensic analysis.

• Law enforcement professionals looking to expand into computer crime investigations
• Legal professionals
• IT/Infosec pros tasked with corporate forensics and incident handling
• Anyone with a desire to learn about computer forensics and develop their skills

Students must have no criminal record. Basic computer skills, including the ability or desire to work outside the Windows GUI interface, are necessary. A+ certification and/or similar training and experience is not required, but recommended. This is a very in depth training course and is not intended for individuals who have limited or no computer skills.

This training immerses you in computer forensics and investigations through engaging lectures and hands-on labs. Upon completion, you will have an understanding of:

• Provisions of IT law
• Complex technical forensics concepts
• How to apply forensics concepts to forensic investigations
• Evidence-handling procedures and the general rules of evidence
• Key technologies used in computers
• Full range of computer forensics tools
• Acquiring forensic evidence
• Locating forensic artifacts in various operating systems
• Analyzing extracted evidence
• Properly reporting findings
• Skills needed to track an offender on the internet
• How to work with law enforcement
• How to design an incident response strategy

This boot camp prepares you to become a Certified Computer Forensics Examiner. The CCFE certification validates your knowledge of nine domains related to the computer forensics evidence recovery and analysis process:

• Law, ethics and legal issues
• The investigation process
• Computer forensics tools
• Hard disk evidence recovery & integrity
• Digital device recovery & integrity
• File system forensics
• Evidence analysis & correlation
• Evidence recovery of Windows-based systems
• Network and volitile memory forensics
• Report writing

Day 1

• Course introduction
• Computer Forensics and investigation as a profession
  • Define computer forensics
  • Describe how to prepare for computer investigations and explain the difference between law enforcement agency and corporate investigations
  • Explain the importance of maintaining professional conduct
• Digital evidence — legal issues
  • Identifying digital evidence
  • Evidence admissibility
    • Federal rules of evidence
    • Daubert standard
  • Discovery
  • Warrants
    • What is seizure?
    • Consent issues
  • Expert witness
  • Roles and responsibilities
  • Ethics
    • (ISC)²
    • AAFS
    • ISO
• Investigations
  • Investigative process
  • Chain of custody
  • Incident response
  • E-discovery
  • Criminal v. civil v. administrative investigations
  • Intellectual property
    • Markman hearing
  • Reporting
  • Quality control
    • Lab and tool
    • Investigator
    • Examination
    • Standards
  • Evidence management
    • SOPS
    • Collection
    • Documentation
    • Preservation
    • Transport/tracking
    • Storage/access control
    • Disposition
• Current computer forensics tools and hardware
  • Commercial
  • Free/open source

Day 2

• Forensic science fundamentals
  • Principles and methods
    • Locard’s Principle
    • Inman-Rudin Paradigm
    • Scientific method
    • Peer review
  • Forensic analysis process
• Hardware
  • Storage media
    • Hard disk geometry
    • Solid state drives
    • RAIDS
  • Operating system
    • Boot process
    • BIOS/CMOS
    • The Swap File
• File systems
  • File systems
    • NTFS file system
    • FAT file system
    • HFS+
    • Ext2/3/4
    • Embedded
  • Erased vs. deleted
  • Live Forensics

Day 3

• File and Operating System Forensics
  • Keyword Searching
  • Metadata
  • Time line analysis
  • Hash analysis
  • File signatures
    • File filtering (KFF)
  • Volume shadow copies
  • Time zone issues
  • Link files
  • Print Spool
  • Deleted files
    • Recycle bin forensics
  • File slack
  • Damaged media
    • Physical damage
    • Logical damage
    • File carving
  • Registry forensics
    • USB devices
    • HKLM
  • Multimedia files
    • EXIF data
  • Compound files
    • Compression
    • Ole
    • AD
  • Passwords
• Web and application forensics
  • Common web attack vectors
    • SQL injection
    • Cross-site scripting
    • Cookies
  • Browser artifacts
  • Email investigations
    • Email headers
    • Email files
  • Messaging forensics
  • Database forensics
  • Software forensics
    • Traces and application debris
    • Software analysis (hashes, code comparison techniques, etc.)
  • Malware analysis
    • Malware types and behavior
    • Static vs. dynamic analysis

Day 4

• Network forensics
  • TCP/IP
    • IP addressing
    • Proxies
    • Ports and services
  • Types of attacks
  • Wired vs. wireless
  • Network devices forensics
    • Routers
    • Firewalls
    • Examining logs
• Packet analysis
  • OS utilities
    • Netstat
    • Net sessions
    • Openfles
  • Network monitoring tools
    • SNORT
    • Wireshark
    • NetworkMiner
• Anti-forensics
  • Hiding
    • Encryption
    • Symmetric
    • Asymmetric
    • TrueCrypt hidden partitions
  • Steganography
  • Packing
  • Hidden devices (NAS)
  • Tunneling/Onion routing
  • Destruction
    • Wiping/overwriting
    • Corruption/degaussing
  • Spoofing
    • Address spoofing
    • Data spoofing
    • Timestomping
  • Log tampering
  • Live operating systems

Day 5

• New & emerging technology
  • Legal issues (privacy, obtaining warrants)
  • Social networks forensics
  • Types of social networks
  • Types of evidence
  • Collecting data
  • Virtualization
  • Virtualization forensics
  • Use of virtualization in forensics
  • Cloud forensics
  • Types of cloud services
  • Challenges of cloud forensics
  • Big data
  • Control systems and IOT
• Mobile forensics
  • Types of devices
  • GPS
  • Cell phones
  • Tablets
  • Vendor and carrier identification
  • Obtaining information from cellular provider
  • GSM vs. CDMA
  • Common tools and methodology