CDFE - Certified Digital Forensics Examiner

Start Date Time Days Price GTR Availability
October 23, 2017 09:00 (EST) 5 $3,750.00 Register
December 11, 2017 09:00 (EST) 5 $3,750.00 Register

 

COURSE OVERVIEW

The Certified Digital Forensics Examiner program is designed to train Cyber Crime and Fraud Investigators whereby students are taught electronic discovery and advanced investigation techniques. This course is essential to anyone encountering digital evidence while conducting an investigation.

 

Mile2’s Certified Digital Forensics Examiner training teaches the methodology for conducting a computer forensic examination.  Students will learn to use forensically sound investigative techniques in order to evaluate the scene, collect and document all relevant information, interview appropriate personnel, maintain chain-of-custody, and write a findings report.

 

The Certified Digital Forensics Examiner course will benefit organizations, individuals, government offices, and law enforcement agencies interested in pursuing litigation, proof of guilt, or corrective action based on digital evidence. 

 

Prerequisites:

  • A minimum of 1 year in computers

 

Student Materials:

  • Student Workbook
  • Student Lab guide
  • Exam Prep guide

 

Certification Exams:

  • Mile2 C)DFE – Certified Digital Forensics Examiner

 

CPEs: 40 Hours

 

WHO SHOULD ATTEND?

  • Security Officers
  • IS Managers
  • Agents/Police Officers
  • Attorneys
  • Data Owners
  • IT managers
  • IS Manager/Officers

 

UPON COMPLETION

Upon completion, Certified Digital Forensics Examiner students will be able to establish industry acceptable digital forensics standards with current best practices and policies. Students will also be prepared to competently take the C)DFE exam. 

 

EXAM INFORMATION

The Certified Digital Forensics Examiner exam is taken online through Mile2’s Assessment and Certification System (“MACS”), which is accessible on your mile2.com account. The exam will take 2 hours and consist of 100 multiple-choice questions.

 

COURSE CONTENT

Module 1: Introduction

Module 2: Computer Forensic Incidents

Module 3: Investigation Process

Module 4: Disk Storage Concepts

Module 5: Digital Acquisition & Analysis

Module 6: Forensic Examination Protocols

Module 7: Digital Evidence Protocols

Module 8: CFI Theory

Module 9: Digital Evidence Presentation

Module 10: Computer Forensic Laboratory Protocols

Module 11: Computer Forensic Processing Techniques

Module 12: Digital Forensics Reporting

Module 13: Specialized Artefact Recovery

Module 14: e-Discovery and ESI

Module 15: Cell Phone Forensics

Module 16: USB Forensics

Module 17: Incident Handling

Appendix 1: PDA Forensics         

Appendix 2: Investigating Harassment

 

LAB OUTLINE

Mile2 – Lab 1:  Preparing Forensic Workstation

AccessData FTK Imager Installation

AccessData FTK Installation

KFF Library Database Installation

AccessData Registry Viewer Installation

AccessData Password Recovery Toolkit Installation

 

Mile2 – Lab 2:  Chain of Custody

Chain of Custody Search and Seizure

Chain of Custody Forensic Imaging

 

Mile2 – Lab 3:  Imaging Case Evidence / FTK Imager

 

Mile2 – Lab 4:  Reviewing Evidence / AccessData Tools

Creating a Case in AccessData Forensic Toolkit

Reviewing Evidence in AccessData FTK Imager

Reviewing Software File in AccessData Registry Viewer

Reviewing System File in AccessData Registry Viewer

Reviewing SAM File in AccessData Registry    Viewer

 

Module 1 – Introduction

  • Lesson Objectives
  • Introductions (Instructor)
  • Introductions (Students)
  • Disclaimers
  • Notice
  • Course Schedule
  • Student Guide (Layout)
  • Introduction to Computer Forensics
  • Course Objectives

 

Module 2 – Computer Forensic Incidents

  • Lesson Objectives
  • The Legal System
  • Criminal Incidents
  • Civil Incidents
  • Computer Fraud
  • Internal Threats
  • Investigative Challenges
  • Common Frame of Reference
  • Media Volume

 

CDFE Module 3 – Investigation Process

  • Lesson Objectives
  • Investigating Computer Crimes
  • Prior to the Investigation
  • Forensics Workstation
  • Building Your Team of Investigators
  • Who is involved in
  • Computer Forensics?
  • Decision Makers and Authorization
  • Risk Assessment
  • Forensic Investigation Toolkit
  • Investigation Methodology
  • Preparing for an Investigation
  • Search Warrant
  • Forensic Photography
  • Preliminary Information
  • First Responder
  • Collecting Physical Evidence
  • Collecting Electronic Evidence
  • Guideline for Acquiring Electronic Evidence
  • Securing the Evidence
  • Managing the Evidence
  • Chain of Custody
  • Duplicate the Data
  • Verify the Integrity of the Image
  • Recover Last Data
  • Data Analysis
  • Data Analysis Tools
  • Assessing the Evidence
  • Assessing the Case
  • Location Assessment
  • Best Practices
  • Documentation
  • Gathering and Organizing Information
  • Writing the Report
  • Expert Witness
  • Closing the Case

 

Module 4 – OS Disk Storage Concepts

  • Lesson Objectives
  • Disk Based Operating Systems
  • OS / File Storage Concepts
  • Disk Storage Concepts

 

Module 5- Digital Acquisition and Analysis

  • Lesson Objectives
  • Digital Acquisition
  • Digital Acquisition Procedures
  • Digital Forensic Analysis Tools

 

Module 6 – Forensic Examination Protocols

  • Lesson Objectives
  • Forensic Examination Protocols
  • Forensic Examination

 

Module 7 – Digital Evidence Protocols

  • Lesson Objectives
  • Digital Evidence Concepts
  • Digital Evidence Categories
  • Digital Evidence: Admissibility

 

Module 8 – CFI Theory

  • Lesson Objectives
  • Computer Forensic Investigative Theory

 

Module 9 – Digital Evidence Presentation

  • Lesson Objectives
  • Digital Evidence Presentation
  • Digital Evidence
  • Digital Evidence:  Hearsay
  • Digital Evidence:  Summary

 

Module 10 Computer Forensics Lab Protocols

  • Lesson Objectives
  • Overview
  • Quality Assurance
  • Standard Operating Procedures
  • Reports
  • Peer Review
  • Who should review?
  • Peer Review
  • Consistency
  • Accuracy
  • Research
  • Validation
  • Relevance
  • Peer Review
  • Annual Review
  • Deviation
  • Lab Intake
  • Tracking
  • Storage
  • Discovery

Module 11 CF Processing Techniques

  • Lesson Objectives
  • Computer Forensic Processing Techniques

 

Module 12 – Digital Forensics Reporting

  • Lesson Objectives
  • Analysis Report
  • Definition
  • Computer Sciences
  • Ten Laws of Good Report Writing
  • Cover Page
  • Table of Contents
  • Examination Report
  • Background
  • Request
  • Summary of Findings
  • Forensic Examination
  • Tools
  • Evidence
  • Items of Evidence
  • Analysis
  • Findings
  • Conclusion
  • Exhibits
  • Signatures

 

Module 13 – Specialized Artifact Recovery

  • Lesson Objectives
  • Prep System Stage
  • Lesson Objectives
  • Background
  • Overview
  • Prep System Stage
  • Windows File Date/Time Stamps
  • File Signatures
  • Image File Databases
  • The Windows OS
  • Windows Registry
  • Alternate Data Streams
  • Windows Unique ID Numbers
  • Decode GUID’s
  • Historical Files
  • Windows Recycle Bin
  • Copy out INFO2 for Analysis
  • Web E-mail

 

Module 14 – eDiscovery and ESI

  • Lesson Objectives
  • eDiscovery
  • Discoverable ESI Material
  • eDiscovery Notification
  • Required Disclosure
  • eDiscovery Conference
  • Preserving Information
  • eDiscovery Liaison
  • eDiscovery Products
  • Metadata
  • What is Metadata?
  • Data Retention Architecture
  • “Safe Harbor” Rule 37(f)
  • eDiscovery Spoliation
  • Tools for eDiscovery

 

Module 15 – Cell Phone Forensics

  • Lesson Objectives
  • Cell Phones
  • Types of Cell Networks
  • What can a criminal do with Cell Phones?
  • Cell Phone Forensics
  • Forensics Information in Cell Phones
  • Subscriber Identity Module (SIM)
  • Integrated Circuit Card Identification (ICCID)
  • International Mobile Equipment Identifier (IMEI)
  • Electronic Seal Number (ESN)
  • Helpful Hints for the Investigation
  • Things to Remember when Collecting Evidence
  • Acquire Data from SIM Cards
  • SIM Cards
  • Cell Phone Memory
  • Analyze Information
  • Analyze
  • Cell Phone Forensic Tools
  • Device and SIM Card Seizure
  • Cell Phone Analyzer
  • Tools
  • Forensic Card Reader
  • ForensicSIM Tool
  • Forensic Challenges
  • Paraben Forensics Hardware
  • Paraben Forensics Hardware
  • Paraben:  Remote Charger
  • Paraben:  Device Seizure Toolbox
  • Paraben:  Wireless Stronghold Tent
  • Paraben:  Passport Stronghold Bag
  • Paraben: Project-a-phone
  • Paraben: Project-a-phone
  • Paraben: SATA Adapter
  • Paraben:  Lockdown
  • Paraben:  SIM Card Reader
  • Paraben:  Sony Clie
  • Paraben:  CSI Stick
  • Paraben:  USB Serial DB9 Adapter
  • Paraben:  P2 Commander

 

Module 16 – USB Forensics

  • Lesson Objectives
  • USB Components
  • USB Forensics
  • USB Forensics Investigation
  • Determine USB Device Connected
  • Tools for USB Imaging

 

Module 17 – Incident Handling

  • Lesson Objectives
  • Incident Handling Defined
  • What is a security event?
  • Common Security Events of Interest
  • What is a security incident?
  • What is an incident response plan?
  • When does the plan get initiated?
  • Common Goals of Incident Response Management
  • Incident Handling Steps
  • Goal
  • Be Prepared
  • The Incident Response Plan
  • Incident Handling
  • Incident Response Plan
  • Roles of the Incident Response Team
  • Incident Response Team Makeup
  • Challenges of building an IRT
  • Incident Response Training and Awareness
  • Jump Kit
  • Prepare Your Sites and Systems
  • Goal
  • Identification of an Incident
  • Basic Incident Response Steps
  • Proper Evidence Handling
  • Goal
  • Containment
  • Onsite Response
  • Secure the Area
  • Conduct Research
  • Make Recommendations
  • Establish Intervals
  • Capture Digital Evidence
  • Change Passwords
  • Goal
  • Determine Cause
  • Defend Against Follow-on Attacks
  • More Defenses
  • Analyze Threat and Vulnerability
  • Restore System(s) to Operation
  • Goal
  • Report Findings
  • Restore System
  • Verify
  • Decide
  • Monitor Systems
  • Goal
  • Follow-up Report

 

Appendix 1 – PDA Forensics

  • Lesson Objectives
  • Personal Digital Assistants
  • Characteristics
  • Palm OS
  • Palm OS Architecture
  • Pocket PC
  • Windows Mobile Architecture
  • Linux-based PDAs
  • Linux OS for PDAs-Architecture
  • Typical PDA State
  • Security Issues
  • ActiveSync and HotSync
  • PDA Forensic Steps
  • Tips for Conducting the Investigation
  • PDA Forensic Tools
  • Countermeasures

Appendix 2 – Investigating Harassment

  • Lesson Objectives
  • Sexual Harassment Overview
  • Examples of Sexual Harassment
  • What it is not?
  • Approach of General Investigation
  • Conduct Your Investigation
  • Preventative Action