$2,995.00

Ask us about our Best Price Guarantee. We’ll beat any competitor’s price!

ICLIn-Classroom Learning VLTVirtual Live Training GTRGuaranteed to Run (*Discounted Registrations may not be eligible/are subject to change)
Location Start date End Date Class Times Class Details Action
11/04/2024 11/08/2024 ICLVLTGTR Register
or Quote

Overview

About this Cybersecurity Training Course

Digital Forensics is the investigation and recovery of data contained in digital devices. This data is often the subject of investigations in litigation, proof of guilt, and corrective action in an organization. When the time comes that you need to investigate your organization, will you have the skill set necessary to gather the digital data that you need? The Certified Digital Forensics Examiner Cybersecurity Training Course will benefit organizations, individuals, government offices, and law enforcement agencies in performing these investigations and reporting their findings.

To illustrate, lets say an employee needs to be terminated for a violation of computer usage rules. To do so the organization must furnish an irrefutable burden of proof based on digital evidence. If not irrefutable, an attorney knowledgeable about Digital Forensics could have the case thrown out of court. Government and investigative agencies need proper training to succeed in cases like the above as well as those including acts of fraud, computer misuse, illegal pornography, counterfeiting, and so forth. A C)DFE is aptly prepared to handle these types of situations.

Prerequisites

  • C)SS: Security Sentinel
  • C)ISSO: Information Systems
  • Security Officer
  • Or equivalent experience 

Target Student:

  • Forensic Auditor
  • IT Auditor
  • Law Enforcement
  • Internal Auditor 

Cybersecurity Training Course Objective

Upon completion, students will:

  • Have knowledge to perform digital forensic examinations
  • Have knowledge to accurately report on their findings from examinations
  • Be ready to sit for the C)DFE Exam

Description

Module 1 – Introduction

  • Lesson Objectives
  • Introductions (Instructor)
  • Introductions (Students)
  • Disclaimers
  • Notice
  • Cybersecurity Training Course Schedule
  • Student Guide (Layout)
  • Introduction to Computer Forensics
  • Cybersecurity Training Course Objectives

Module 2 Computer Forensic Incidents

  • Lesson Objectives
  • The Legal System
  • Criminal Incidents
  • Civil Incidents
  • Computer Fraud
  • Internal Threats
  • Investigative Challenges
  • Common Frame of Reference
  • Media Volume

Module 3 – Investigation Process

  • Lesson Objectives
  • Investigating Computer Crimes
  • Prior to the Investigation
  • Forensics Workstation
  • Building Your Team of Investigators
  • Preparing for an Investigation
  • Search Warrant
  • Forensic Photography
  • Preliminary Information
  • First Responder
  • Collecting Physical Evidence
  • Collecting Electronic Evidence
  • Guideline for Acquiring Electronic Evidence
  • Securing the Evidence
  • Managing the Evidence
  • Chain of Custody
  • Duplicate the Data
  • Verify the Integrity of the Image
  • Who is involved in Computer Forensics?
  • Decision Makers and Authorization
  • Risk Assessment
  • Forensic Investigation Toolkit
  • Investigation Methodology
  • Recover Last Data
  • Data Analysis
  • Data Analysis Tools
  • Assessing the Evidence
  • Assessing the Case
  • Location Assessment
  • Best Practices
  • Documentation
  • Gathering and Organizing Information
  • Writing the Report
  • Expert Witness
  • Closing the Case

Module 4 – OS Disk Storage Concepts

  • Lesson Objectives
  • Disk Based Operating Systems
  • OS / File Storage Concepts
  • Disk Storage Concepts

Module 5 Digital Acquisition and Analysis

  • Lesson Objectives
  • Digital Acquisition
  • Digital Acquisition Procedures
  • Digital Forensic Analysis Tools

Module 6 – Forensic Examination Protocols

  • Lesson Objectives
  • Forensic Examination Protocols
  • Forensic Examination

Module 7 – Digital Evidence Protocols

  • Lesson Objectives
  • Digital Evidence Concepts
  • Digital Evidence Categories
  • Digital Evidence: Admissibility

Module 8 Computer Forensic Investigative

  • Theory
  • Lesson Objectives
  • Computer Forensic Investigative Theory

Module 9 – Digital Evidence Presentation

  • Lesson Objectives
  • Digital Evidence Presentation
  • Digital Evidence
  • Digital Evidence: Hearsay
  • Digital Evidence: Summary

Module 10 – Computer Forensics Lab

  • Protocols
  • Lesson Objectives
  • Overview
  • Reports
  • Peer Review
  • Who should review?
  • Peer Review
  • Consistency
  • Accuracy
  • Research
  • Validation
  • Quality Assurance
  • Standard Operating Procedures
  • Relevance
  • Peer Review
  • Annual Review
  • Deviation
  • Lab Intake
  • Tracking
  • Storage
  • Discovery

Module 11 – Computer Forensics Processing

  • Techniques
  • Lesson Objectives
  • Computer Forensic Processing Techniques

Module 12 – Digital Forensics Reporting

  • Lesson Objectives
  • Analysis Report
  • Definition
  • Computer Sciences
  • Ten Laws of Good Report Writing
  • Request
  • Summary of Findings
  • Forensic Examination
  • Tools
  • Evidence
  • Cover Page
  • Table of Contents
  • Examination Report
  • Background
  • Items of Evidence
  • Analysis
  • Findings
  • Conclusion
  • Exhibits
  • Signatures

Module 13 – Specialized Artifact Recovery

  • Lesson Objectives
  • Prep System Stage
  • Lesson Objectives
  • Background
  • Overview
  • Prep System Stage
  • Windows File Date/Time Stamps
  • File Signatures
  • Image File Databases
  • The Windows OS
  • Windows Registry
  • Alternate Data Streams
  • Windows Unique ID Numbers
  • Decode GUID’s
  • Historical Files
  • Windows Recycle Bin
  • Copy out INFO2 for Analysis
  • Web E-mail

Module 14 – eDiscovery and ESI

  • Lesson Objectives
  • eDiscovery
  • Discoverable ESI Material
  • eDiscovery Notification
  • Required Disclosure
  • eDiscovery Conference
  • Preserving Information
  • eDiscovery Liaison
  • eDiscovery Products
  • Metadata
  • What is Metadata?
  • Data Retention Architecture
  • “Safe Harbor” Rule 37(f)
  • eDiscovery Spoliation
  • Tools for eDiscovery

Module 15 – Cell Phone Forensics

  • Lesson Objectives
  • Cell Phones
  • Types of Cell Networks
  • What can a criminal do with Cell Phones?
  • Cell Phone Forensics
  • Forensics Information in Cell Phones
  • Subscriber Identity Module (SIM)
  • Integrated Circuit Card Identification (ICCID)
  • International Mobile Equipment Identifier (IMEI)
  • Electronic Seal Number (ESN)
  • Helpful Hints for the Investigation
  • Things to Remember when Collecting Evidence
  • Acquire Data from SIM Cards
  • SIM Cards
  • Cell Phone Memory
  • Analyze Information
  • Analyze
  • Cell Phone Forensic Tools
  • Device and SIM Card Seizure
  • Cell Phone Analyzer
  • Tools
  • Forensic Card Reader
  • ForensicSIM Tool
  • Forensic Challenges
  • Paraben Forensics Hardware
  • Paraben: Remote Charger
  • Paraben: Device Seizure Toolbox
  • Paraben: Wireless Stronghold Tent
  • Paraben: Passport Stronghold Bag
  • Paraben: Project-a-phone
  • Paraben: SATA Adapter
  • Paraben: Lockdown
  • Paraben: SIM Card Reader
  • Paraben: Sony Clie
  • Paraben: CSI Stick
  • Paraben: USB Serial DB9 Adapter
  • Paraben: P2 Commander

Module 16 – USB Forensics

  • Lesson Objectives
  • USB Components
  • USB Forensics
  • USB Forensics Investigation
  • Determine USB Device Connected
  • Tools for USB Imaging

Module 17 – Incident Handling

  • Lesson Objectives
  • Incident Handling Defined
  • What is a security event?
  • Common Security Events of Interest
  • What is a security incident?
  • What is an incident response plan?
  • When does the plan get initiated?
  • Common Goals of Incident Response Management
  • Incident Handling Steps
  • Goal
  • Be Prepared
  • The Incident Response Plan
  • Incident Handling
  • Incident Response Plan
  • Roles of the Incident Response Team
  • Incident Response Team Makeup
  • Challenges of building an IRT
  • Incident Response Training and Awareness
  • Jump Kit
  • Restore System(s) to Operation
  • Goal
  • Report Findings
  • Restore System
  • Verify

Appendix 1 – PDA Forensics

  • Lesson Objectives
  • Personal Digital Assistants
  • Characteristics
  • Palm OS
  • Palm OS Architecture
  • Pocket PC
  • Windows Mobile Architecture
  • Linux-based PDAs
  • Linux OS for PDAs-Architecture
  • Typical PDA State
  • Security Issues
  • ActiveSync and HotSync
  • PDA Forensic Steps
  • Tips for Conducting the Investigation
  • PDA Forensic Tools
  • Countermeasures

Appendix 2- Investigating Harassment

  • Lesson Objectives
  • Sexual Harassment Overview
  • Examples of Sexual Harassment
  • What it is not?
  • Approach of General Investigation
  • Conduct Your Investigation
  • Preventative Action

Labs 1-4 Objective Summary

  • Recovering electronically stored data for civil litigation
  • Recovering, categorizing and analyzing data
  • Hiding and discovering potential evidence
  • Investigating a misappropriations of proprietary information complaints
  • Bit-by-bit imaging digital media and preserving the integrity of the image
  • Identifying and reconstructing information within various file systems
  • Conducting an investigation into a complaint of sexual harassment
  • Understanding anti-forensics and steganography
  • Discover how a computer has been used and learn:
  • What websites have been visited?
  • What data has been deleted, and why?
  • What data is stored on the hard drive?
  • What e-mails have been sent and received?
  • Has data been copied off of the computer?

Lab 1 – Preparing Forensic Workstations

  • AccessData FTK Imager Installation
  • AccessData FTK Installation
  • KFF Library Database Installation
  • AccessData Registry Viewer Installation
  • AccessData Password Recovery Toolkit
  • Installation

Lab 2 – Chain of Custody

  • Chain of Custody Search and Seizure
  • Chain of Custody Forensic Imaging

Lab 3 – Imaging Case Evidence / FTK Imager

Lab 4 – Reviewing Evidence / AccessData Tools

  • Creating a Case in AccessData Forensic Toolkit
  • Review Evidence in AccessData FTK Imager
  • Review Software File in AccessData Registry View
  • Review System File in AccessData Registry Viewer
  • Review SAM File in AccessData Registry Viewer