OVERVIEW
For many years, law enforcement officers have been the primary forensic computer examiners; however the need for qualified civilian forensic computer examiners is growing faster than ever. The Forensic Computer Examiner Online Training Program will help you break into this field by preparing you for the Certified Computer Examiner credential. This online certificate program is offered in partnership with major colleges, universities, and other accredited education providers.
“My facilitator Bill Taylor was first rate. He is a true subject matter expert with excellent customer service skills. He went above and beyond the call of duty to help resolve technical issues and answer all questions in a timely manner."
- D.C., Florida Institute of Technology
OBJECTIVE
Upon successful completion of the Forensic Computer Examiner Online Training Program, you’ll:
- Know what a forensic examiner may expect to encounter during an examination
- Understand software licensing and how it affects forensic examiners
- Explore forensic ethical standards as they apply to forensic examiners
- Determine when a legal opinion may be necessary to prevent privacy issues from interfering with the examination or causing a valid lawsuit
- Understand how to properly establish and maintain the physical chain of custody of media and evidence
- Know the significance of, location of, and how to recover data from swap files, temporary files, Internet cache files, Internet cookies, mail files, and Internet sites visited
- Be able to prevent virus introduction and prevent activation of "booby traps"
- Understand how to find and document data, including hidden data and password-protected data
- Discover how to present recovered and evidence data to the client in a useful format
- Understand how to present data in court or other proceedings
- Be fully prepared to sit for the CCE Certification testing through the International Society of Forensic Computer Examiners
DETAILS
As criminal defense attorneys and civil attorneys encountered law-enforcement examiners, the need for qualified civilian forensic computer examiners grew. Currently, there’s a huge demand for certified, qualified forensic computer examiners. Some trained examiners have started their own businesses, some work for large companies, such as Deloitte and Touche, and others work for law-enforcement agencies.
This comprehensive online program prepares you for a career in this emerging field. You’ll learn not only to thoroughly examine digital media, but also to clearly document, control, prepare, and present examination results that will stand up in a court of law. You’ll be able to identify where and how data is stored and how to recover and interpret data and draw appropriate conclusions based on the data. Education on the ethics of computer forensics is also included. This program is hands-on and emphasizes learning by doing.
The primary certification for civilian forensic computer examiners is the Certified Computer Examiner (CCE) certification. The Forensic Computer Examiner Online Training Program is an authorized ISFCE (International Society of Forensic Computer Examiners) training course that will thoroughly prepare you to take the CCE certification exam.
Upon registering, you're given twelve months to complete this program.
OUTLINE
I. Module 1-
Introduction to Computer Forensics
A. Recommended Machine
Configurations
B. What makes a good computer
forensic examiner?
C. Computer Forensics vs. E
Discovery
D. Dealing with clients or
employers
1. Work Product
2. lient
Contracts
3. Legal and
privacy issues
E. Software Licensing
F. Ethical Conduct Issues
G. Cases that may include digital
evidence
H. Forensic Examination Procedures
I. Determining Scope of
Examinations
J. Hardware and Imaging Issues
K. Floppy Diskette, USB and
Optical Media Examination
L. Limited Examinations
M. Forensically Sterile
Examination Media
N. Examination Documentation and
Reports
O. ASCII Table
P. General Overview of Boot
Process and Operating Systems
Q. Floppy Diskette Sides, FD
Tracks, Hard Disk Drives
R. BIOS History
S. Networked Computers
T. Media Acquisition
U. Acquisition Documentation
V. Chain of Custody
II. Module 2 –
Imaging
A. Recommended Machine
Configurations
B. Imaging Theory and Process
C. Imaging Methods
D. Write Blocking
E. Imaging Flash Drives
F. Wiping, Hashing, Validation,
Image Restoration, Cloning, Unallocated Space
G. Drive Partitioning
H. One (1) Student Lab Practical
Exercise
III. Module 3 – File
Signatures, Data Formats & Unallocated Space
A. File Identification
B. File Headers
C. General File Types
D. File Viewers
E. Examination of Compressed Files
F. Data Carving – Using Simple
Carver
G. One (1) Student Lab Practical
Exercise
IV. Module 4 – FAT
File System
A. Logical structures of DOS,
Windows 95, Windows 98
B. Master Boot Record
C. File Allocation Table
1. 16 Bit FAT
2. 32 Bit FAT
D. Directory Entries
E. Clusters
F. Unallocated Space
G. Sub-Directories
H. FORMAT
I. Six (6) Student Lab Practical
Exercises
V. Module 5 – NTFS
File System
A. Introduction and Overview
B. Basic Terms
C. Basic Boot Record Information
D. Time Stamps
E. Root Directory
F. Recycle Bin
G. File Creation
H. File Deletion
I. Examining NTFS Drives
J. Two (2) Student Lab Practical
Exercises
VI. Module 6 –
Registry & Artifacts
A. Creating an Examination Boot
Disk
B. Data Recovery
C. Windows Swap and Page Files
D. Forensic Analysis of the
Windows Registry
E. Internet Cache Files, Cookies
and Internet Sites
F. Microsoft Outlook
G. MSMAIL
H. Logical Structures
I. Tracking User Specific Computer
Use
J. Internet Explorer Cache Index
K. Basic Mail Issues
L. Basic Internet Issues
M. Common Situations Encountered
during Examinations
N. Password Protection and
Defeating Passwords
O. Compound Documents
P. Examining CDR Media
Q. FTK
R. Three (3) Student Lab Practical
Exercises
VII. Module 7 –
Forensic Policy, Case Writing, Legal Process & Forensic Tool Kits
A. Use of Policy and Checklists in
Forensic Practice
B. Data Presentation to Client
C. Case Report Writing
D. Legal Process
E. Expert Admission
F. Going to Court
G. Use of Forensic Tools and
Software
H. One (1) Student Lab Practical
Exercise – Hard drive examination
VIII. Module 8 -
Introduction to Mobile Data Exploitation
A. Mobile Phone Extraction Process
1. Collection
2. Isolation
3. Interrogation
4. Imaging
5. Analysis
B. Mobile Networks
C. International Mobile Subscriber
Identity
D. Use of Forensic Tools and
Software
E. One (1) Student Lab Practical
Exercise
REQUIREMENTS
This program is compatible with the Windows XP and later operating systems and IE 7 and later browsers.
Minimum Computer Requirements:
- PC with the latest updates and BIOS (Mac computers may not be used)
- XP, Vista, Windows 7, Windows 8 or Windows 10 operating systems
- Internet access
- 1 GB (or more) memory
- 10 GB or larger hard-disk drive for examination purposes
- 2 (or more) open USB 2.0 ports
Recommended Configuration:
- PC with the latest updates and BIOS
- Windows 2000 or XP operating system
- High-speed Internet access
- 2 GB (or more) memory
- 15 GB or larger hard-disk drive for examination purposes
- Integrated PS/2 ports (not USB keyboard or mouse)
- 4 open USB 2.0 ports
- 1 open Firewire/IEEE 1394 port
- Read/Write blocking device such as the FireFly Read/Write device made by Digital Intelligence
You may use either a desktop or a laptop computer.
This program is based on the concept of teaching computer forensics from a vendor-neutral perspective, and you’ll learn the low-level mechanics of commonly encountered file systems. If you can gain a solid understanding of one file system and how it functions at a low level, then you’ll be prepared to learn other file systems as well.
This program material also teaches low-level mechanics and functions of both the FAT file system and the New Technology File System (NTFS). Although the FAT file system is not available on new computers, it’s the default file system on floppy diskettes and USB devices. Many computer forensic incidents involve USB devices and will continue to involve these devices for years to come. Consequently, students studying to become successful forensic computer examiners must understand the FAT file.
Windows 98 and earlier versions are based on the FAT file system. A computer formatted with Windows 2000, XP, and Vista versions will typically be formatted with the NTFS file system.
The completion of several practical exercises is a requirement of this program. Some might include floppy diskettes. Although the floppy diskette is no longer commonly encountered in the field, keep in mind that it’s the exercise that is significant, and any action taken on a floppy diskette can be replicated on a hard drive.
PREREQUISITES
To enroll in this course, you’ll need to have basic computer skills, including the ability to work outside the Windows GUI interface. This is because forensic examiners often need data that can’t easily be accessed from within Windows. Being comfortable working within the DOS environment will be very helpful in this field.
A good measure of your readiness for this program is knowing that you can successfully complete the A+ certification through CompTIA. Note that the certification is by no means a prerequisite. However, the basic knowledge needed for success in this program typically requires that you have the A+ level of experience.
A forensic computer examiner will be required to work with the hardware of a computer on many occasions, so you’ll need to have the ability or desire to remove and replace hard-disk drives from computers and change jumper settings. These topics are briefly covered within our program, but you should have these skills prior to enrolling.
To work in this field, you must not have a criminal record. This includes any felony conviction where the individual could have received a sentence of one or more years of imprisonment. This also includes any criminal history of sexually related offenses, as many digital examinations include these topics, and an examiner with this type of history could be easily discredited.
Note: If you plan to pursue the Certified Computer Examiner (CCE) credential, you must have attended a program through an ISFCE Authorized Training Center (such as this one), have documented experience in forensic computer examinations, OR be able to produce a well-documented self-study.
INSTRUCTOR
Bill Long is a retired law
enforcement supervisor with the Oklahoma Office of the Inspector
General. He is a CFCE and is owner and president of William J. Long
& Associates LLC, a firm specializing in computer forensic
examinations and data recovery.
John Fretts, in 2004, retired
as a Senior Special Agent from the Bureau of Alcohol, Tobacco, Firearms
and Explosives after 30 years. In addition to conducting firearms
and explosives investigations he specialized in computer forensic
investigations. John currently serves as Director of
Investigations for a private firm in New England.
William D. "Bill" Taylor is a
retired Computer Investigative Specialist/ Special Agent with the US
Treasury Inspector General for Tax Administration in Nashville,
Tennessee. He holds both Baccalaureate and Master's Degrees in Criminal
Justice and a Associates Degree in Forensic Computer Science. He
is also a graduate of the 152nd Session of the FBI National Academy.
Bill had over 35 years of investigative law enforcement experience when
he retired.
Clifford "Cliff" Ellston retired
in 2013 as a Senior Special Agent from the Bureau of Alcohol, Tobacco,
Firearms and Explosives after 35 years of service. In addition to
conducting firearms and explosives investigations he specialized in
computer forensic investigations. Cliff currently serves as a
compliance officer for a local retail corporation. He also
assists local police in their effort to handle and examine electronic
media evidence.
FAQS
1. Can I register for programs if I am an international student?
Yes, because ed2go programs are online you never have to actually travel to the school. Most schools offer telephone or online registration.
2. How long does it take to complete a program?
All of our programs are self-paced and open-enrollment. You can start and finish the program at your own pace. Upon registering, you're given twelve months to complete this program.
3. Do I have to buy additional materials?
No.
4. Can I get financial assistance?
ed2go courses are non-credit courses, so they do not qualify for federal aid. In some states, vocational rehab or workforce development boards will pay for qualified students to take our courses.
5. What happens when I complete the program?
Upon successful completion of the program, you will be awarded a certificate of completion. You will also become eligible to sit for the CCE Certification testing through the ISFCE. Note: You will need to list this training while submitting your application for the Certification.
6. Am I guaranteed a job?
ed2go programs will provide you with the skills you need to obtain an entry-level position in most cases. We don't provide direct job placement services, but our facilitators and career counselors will help you build your resume and are available to give advice on finding your first job. Facilitators will also be available to use as a professional reference upon completion of the program. Potential students should always do research on the job market in their area before registering.
7. Who will be my instructor?
Each student is paired up with a facilitator for one-on-one interaction. The facilitator will be available (via e-mail) to answer any questions you may have and to provide feedback on your performance. All of our facilitators are successful working professionals in the fields in which they teach.
8. What software or hardware do I need in order to take online programs and what are the system requirements?
In order to take our online programs, you must have access to a computer and the Internet. You can access the program contents from any Web-enabled computer. You don't have to use the same computer to log-in to the program every time. We recommend that you have a word-processing program (Microsoft Word is best) and the latest version of Internet Explorer.
9. Can I use a Mac?
No, you must access this program with a PC or IBM-compatible computer.
10. How can I get more information about the program?
If you have questions that are not answered on our website, please feel free to contact us via LIVE chat (click the button toward the top of the page). If you are visiting us during non-business hours, please feel free to send us a question using the "Contact Us" form to the right. You may also call us at 1-855-520-6806
1-855-520-6806 FREE. We will answer your questions promptly.
11. When can I start the program?
Our programs are all open enrollment. You can register and start the program as soon as you are ready.
Please note: Once the program curriculum is accessed online or through submission of a material shipment confirmation, refunds cannot be issued.
12. What if I don't have enough time to complete my program within the time frame provided?
The
time allotted to complete your program has been calculated based on the
number of hours for each program, so don't worry too much about not
completing in time. If, after a concerted effort, you are still unable
to complete, your Student Advisor will help you work out a suitable
completion date. Please note that a fee will be charged for an
extension.
REVIEWS
“My facilitator Bill Taylor was first rate. He is a true subject matter expert with excellent customer service skills. He went above and beyond the call of duty to help resolve technical issues and answer all questions in a timely manner.
- D.C., Florida Institute of Technology