Certified Computer Forensics Examiner (CCFE) Learning Path

Learn how to investigate cyber incidents and explore the ethical issues of conducting a digital forensics investigation with this 13-course learning path. You’ll begin with learning the foundations of forensics examination and then build your skills in a hands-on forensics cyber range.

14 hours, 39 minutes

Quick facts

About this learning path

  • courses

    100% online

  • Duration

    14 hours, 39 minutes

  • Assessment


About Certified Computer Forensics Examiner (CCFE)

Master the art of computer forensics and earn your Certified Computer Forensics Examiner (CCFE) certification. This learning path contains 13 courses, each meticulously matched to the core objectives of the CCFE exam, as well as a series of hands-on labs so you can build real-world forensics skills. Once you’ve completed the path, you’ll be ready to get your CCFE certification and showcase your newly acquired knowledge in conducting computer forensics investigations.



Who is this learning path for?


  • Digital Forensics Analyst: Break into computer forensics and acquire the foundational knowledge and skills to perform forensics investigations.
  • Current IT professionals: Expand your skill set and specialize in computer forensics, from SOC Analysts to Penetration Testers.
  • Information Risk Analysts and compliance officers: Acquire skills to help with IT audits, compliance and regulatory matters involving electronic evidence.
  • Law enforcement officers: Gain a technical understanding of computer forensics to enhance investigations.
  • Legal professionals: Understand the technical aspects of computer forensics to aid cybercrime cases.
  • Anyone aiming to gain a strong, comprehensive understanding of computer forensics: Prove your skills with a recognized computer forensics certification.



By the end of this learning path, you will:


Have a foundation of computer forensics skills related to the nine domains covered in the CCFE exam:

  • Law, ethics and legal issues
  • The investigation process
  • Computer forensic tools
  • Hard disk evidence recovery and integrity
  • Digital device recovery and integrity
  • File system forensics
  • Evidence analysis and correlation
  • Evidence recovery of Windows-based systems
  • Network and volatile memory forensics
  • Report writing

In addition, you’ll reinforce what you learned in our Computer Forensics Cyber Range, where you’ll get hands-on experience using Volatility, running Linux commands, recovering data, practicing file carving and more.



CCFE Skill Assessment

Assessment - 50 questions

CCFE Practice Exam

Assessment - 50 questions

Custom CCFE Practice Exam

Assessment - 50 questions

Computer Forensics as a Profession

Course - 00:27:00

At the bottom of it, forensics is the job of proving or disproving a theory in a reproducible manner. Take a closer look at the nitty-gritty of computer forensics as a profession with this three-video course, covering duties of the forensic analyst, teams, roles, division of labor, tools, procedure and practical advice from a long-time forensic analyst. Do laws supersede corporate policy? Why shouldn’t you admit to using hacker tools in court? Find out here.
Digital Evidence and Legal Issues

Course - 01:52:00

“The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated … “ Eleven videos take the student on a deep dive into the potential legal issues surrounding computer forensics. Take a closer look at search warrants, civil and criminal claims, chain of custody, the difference between forensics and e-discovery, ethics, application of the Fourth and Fifth Amendments to forensics, the potential difficulties that come with acting as an expert witness and more. Includes numerous example cases.
Computer Forensics Investigations

Course - 02:22:00

“They wasted three days before they even thought to ask me: Am I pretending to be their printer?” And they should have asked, because yes, he was. Fourteen videos take you through the intense process of computer forensics investigations, including the hiding places and secret ways in (like printers) that investigators and criminals might make use of. Beginning with basic procedures, you will examine the nuances of intellectual property investigations, e-discovery, the pros and cons of live analysis and historical analysis, useful tools, potential sources of trouble, search methodology, disk write protection, bit image copies and even writing reports. Includes tools, demonstrations, case studies and a checklist for the ideal forensic machine build.
Aspects of Hard Drives

Course - 00:44:00

Get technical with this four-video course on aspects of hard drives in a forensic context. Hard drive physical and logical components, sectors, the Master Boot Record, the challenges of live forensics and future considerations in the field of computer forensics are combined with an overview of settings, tools and examples.
File Systems

Course - 00:45:00

Four videos look at the challenges, details and structure of file systems. Beginning with the basics such as the difference between undeleting and data carving, this course explores a broad variety of essential topics such as MS-DOS file storage and deletion, NTFS (New Technology File System), attribute headers, VCN (virtual cluster number) and LCN (logical cluster number), inodes, drive slack and more. Includes diagrams and possible tools for use by the forensic investigator.
Email and Browser Forensics

Course - 02:01:00

They say you can tell a lot about someone by the company they keep — or the emails they write. Eleven videos take an in-depth look at the art of email and browser forensics, from the advantages (or disadvantages) of incognito browsing to types of browsers, flavors of cookie, lesser-known data records, tools and more. Explore the secrets hidden in email headers and examine how the OWASP Top 10 vulnerabilities can be put to work for forensic investigators.
Network Forensics Concepts

Course - 00:50:00

A network is simply defined as a group of computers connected together … But there’s far more to it than that. This five-video course takes you through the knowledge, tools and techniques needed to conduct the complex business of network forensics. Includes close looks at packet structure, common ports, IP address and Media Access Control (MAC) address spoofing, connection types, example cases related to innovative tools and even the potential dangers associated with certain avenues of approach.
Data Hiding

Course - 00:40:00

Four videos take you through the complexities and challenges of data hiding. From cryptographic hashes to rainbow tables, steganography, log tampering and more, this course reviews various ways of both hiding data and detecting hidden data, including tips, tools and examples.
Memory Forensics

Course - 00:19:00

Memory forensics is the analysis of volatile data stored in a system’s memory, and the key word here is “volatile.” This course looks at the complexities of memory forensics, beginning with a close examination of two valuable tools (Volatility and VirusTotal) and proceeding to live analysis, the dangers of memory forensics, examples of memory, definitions of terms such as stack and live capture, basic processes and further tools, vocabulary and examples. Prepare yourself for a challenge!
Passwords and Encryption

Course - 00:50:00

How do you break a suspect’s password? You can use sophisticated tools and cutting-edge techniques … or you can simply ask the suspect. A veteran instructor with extensive real-world knowledge teaches our five-video course on passwords and encryption in a forensic context, giving you the real nitty-gritty on everything from hashes and protected password storage to common password hiding locations (always check the desk drawers), Windows’ Encrypting File System, recovery tools, SAM (System Account Manager), the four primary hashing methods for Windows passwords and much more. Learn when to break a password, when to steal the answer and when to simply work around it.
New and Emerging Technologies

Course - 01:05:00

Rapidly-evolving technologies inevitably transform through crime. Now six modules take a closer look at the challenges of new and emerging technologies in a forensic context: virtualization, social networks and gaming. Beginning with virtualization, this course takes you through what you can expect to face when trying to forensically examine cloud data or a virtual machine, the dangers of malware applications adapting to virtual machine environments, big data (“Those that control the algorithm, control the information”), gathering evidence from social media, crime and criminals on interactive games like Second Life and more. Includes tools, examples and terminology.
Introduction to Mobile Forensics

Course - 00:44:00

Mobile phone technology is one of the most rapidly evolving areas in tech today, and that makes investigating it a challenge. Our four-video course takes a closer look at mobile forensics, including tools, examples and notable issues the investigator is likely to encounter: dead-box versus live forensics, volatile and nonvolatile memory, Subscriber Identity Module (SIM) cards, the mobile device seizure process, details of individual mobile OSes, information retrieval methods and more.
File and Operating System Forensics

Course - 01:25:00

“When dealing with operating system forensics — realistically, it comes down to what operating system you’re trying to get access to.” Eight videos give the student an inside look at file and operating system forensics, courtesy of an experienced and professional instructor. Examine the parts of an operating system and explore string searches, deleted files, fragmentation, the limitations of text searches, viewing and recovering graphic files, file carving, compression, malware, tools, vocabulary and more. Includes example uses and demonstration of the Autopsy tool.

The details

Learning path insights

How to claim CPEs

Should you complete this learning path, you’ll be able to download a certificate of completion. Use this to claim your CPEs or CPUs.

Associated NICE Work Roles

All Infosec training maps directly to the NICE Workforce Framework for Cybersecurity to guide you from beginner to expert across 52 Work Roles.

  • All-Source Analyst
  • Mission Assessment Specialist
  • Exploitation Analyst

No software. No set up. Unlimited access.

Skip the server racks and spin up a realistic environment with one click. Infosec Skills cyber ranges require no additional software, hardware or server space so your team can spend less time configuring environments and more time learning. Unlimited cyber range access is included in every Infosec Skills subscription so your team can skill up however they learn best.

Unlock 7 days of free training

  • 1,400+ hands-on courses and labs
  • Certification practice exams
  • Skill assessments

Plans & pricing

Infosec Skills Personal

$299 / year

  • 190+ role-guided learning paths (e.g., Ethical Hacking, Threat Hunting)
  • 100s of hands-on labs in cloud-hosted cyber ranges
  • Custom certification practice exams (e.g., CISSP, Security+)
  • Skill assessments
  • Infosec peer community support

Infosec Skills Teams

$799 per license / year

  • Team administration and reporting
  • Dedicated client success manager
  • Single sign-on (SSO)
    Easily authenticate and manage your learners by connecting to any identity provider that supports the SAML 2.0 standard.
  • Integrations via API
    Retrieve training performance and engagement metrics and integrate learner data into your existing LMS or HRS.
  • 190+ role-guided learning paths and assessments (e.g., Incident Response)
  • 100s of hands-on labs in cloud-hosted cyber ranges
  • Create and assign custom learning paths
  • Custom certification practice exams (e.g., CISSP, CISA)
  • Optional upgrade: Guarantee team certification with live boot camps

Learn about scholarships and financing with

Affirm logo