Skip Ribbon Commands
Skip to main content
Version HistoryVersion History

Course ID

CDFE

Title

Certified Digital Forensics Examiner

Price

$3,395.00

Duration

5 Days

Audience

 

Level

 

Delivery Method

 

Software Assurance

 

Microsoft CPE

 

Course Audience

​Forensic Auditors

IT Auditors

Law Enforcement

Internal Auditors


Course Objectives

​Upon CompletionStudents will:

Have knowledge to perform digital forensic examinations.

Have knowledge to accurately report on their findings from examinations

Be ready to sit for the C)DFE Exam


Course Content

With 17 modules and 2 appendices, the C)DFE will bring you up to speed on digital forensics in a fast, effective way.


Follow-on Courses:

C)NFE: Network Forensics Examiner


Course Description

​Digital Forensics is the investigation and recovery of data contained in digital devices. This data is often the subject of investigations in litigation, proof of guilt, and corrective action in an organization. When the time comes that you need to investigate your organization, will you have the skill set necessary to gather the digital data that you need? The Certified Digital Forensics Examiner course will benefit organizations, individuals, government offices, and law enforcement agencies in performing these investigations and reporting their findings.

To illustrate, let’s say an employee needs to be terminated for a violation of computer usage rules. To do so the organization must furnish an irrefutable burden of proof based on digital evidence. If not irrefutable, an attorney knowledgeable about Digital Forensics could have the case thrown out of court. Government and investigative agencies need proper training to succeed in cases like the above as well as those including acts of fraud, computer misuse, illegal pornography, counterfeiting, and so forth. A C)DFE is aptly prepared to handle these types of situations.


Course Prerequisites

​C)SS: Security Sentinel

C)ISSO: Information Systems Security Officer

OR Equivalent Experience


Course Outline

​Introduction

Lesson Objectives

Introductions (Instructor)

Introductions (Students)

Disclaimers

Notice

Course Schedule

Student Guide (Layout)

Introduction to Computer Forensics

Course Objectives

Lesson Objectives

The Legal System

Criminal Incidents

Civil Incidents

Computer Fraud

Internal Threats

Investigative Challenges

Common Frame of Reference

Media Volume


Computer Forensic Incidents

Lesson Objectives

The Legal System

Criminal Incidents

Civil Incidents

Computer Fraud

Internal Threats

Investigative Challenges

Common Frame of Reference

Media Volume



Investigation Process

Lesson Objectives

Investigating Computer Crimes

Prior to the Investigation

Forensics Workstation

Building Your Team of Investigators

Who is involved in

Computer Forensics?

Decision Makers and Authorization

Risk Assessment

Forensic Investigation Toolkit

Investigation Methodology

Preparing for an Investigation

Search Warrant

Forensic Photography

Preliminary Information

First Responder

Collecting Physical Evidence

Collecting Electronic Evidence

Guideline for Acquiring Electronic Evidence

Securing the Evidence

Managing the Evidence

Chain of Custody

Duplicate the Data

Verify the Integrity of the Image

Recover Last Data

Data Analysis

Data Analysis Tools

Assessing the Evidence

Assessing the Case

Location Assessment

Best Practices

Documentation

Gathering and Organizing Information

Writing the Report

Expert Witness

Closing the Case



OS Disk Storage Concepts

Lesson Objectives

Disk Based Operating Systems

OS / File Storage Concepts

Disk Storage Concepts

Lesson Objectives

Digital Acquisition

Digital Acquisition Procedures

Digital Forensic Analysis Tools



Digital Acquisition and Analysis

Lesson Objectives

Digital Acquisition

Digital Acquisition Procedures

Digital Forensic Analysis Tools


Forensic Examination Protocols

Lesson Objectives

Forensic Examination Protocols

Forensic Examination



Digital Evidence Protocols

Lesson Objectives

Digital Evidence Concepts

Digital Evidence Categories

Digital Evidence: Admissibility

Lesson Objectives

Computer Forensic Investigative Theory

Lesson Objectives

Digital Evidence Presentation

Digital Evidence

Digital Evidence: Hearsay

Digital Evidence: Summary


CFI Theory

Lesson Objectives

Computer Forensic Investigative Theory


Digital Evidence Presentation

Lesson Objectives

Digital Evidence Presentation

Digital Evidence

Digital Evidence: Hearsay

Digital Evidence: Summary


Computer Forensics Lab Protocols

Lesson Objectives

Overview

Quality Assurance

Standard Operating Procedures

Reports

Peer Review

Who should review?

Peer Review

Consistency

Accuracy

Research

Validation

Relevance

Peer Review

Annual Review

Deviation

Lab Intake

Tracking

Storage

Discovery

CF Processing Techniques

Lesson Objectives

Computer Forensic Processing Techniques 

Digital Forensics Reporting

Lesson Objectives

Analysis Report

Definition

Computer Sciences

Ten Laws of Good Report Writing

Cover Page

Table of Contents

Examination Report

Background

Request

Summary of Findings

Forensic Examination

Tools

Evidence

Items of Evidence

Analysis

Findings

Conclusion

Exhibits

Signatures


Specialized Artifact Recovery

Lesson Objectives

Prep System Stage

Lesson Objectives

Background

Overview

Prep System Stage

Windows File Date/Time Stamps

File Signatures

Image File Databases

The Windows OS

Windows Registry

Alternate Data Streams

Windows Unique ID Numbers

Decode GUID's

Historical Files

Windows Recycle Bin

Copy out INFO2 for Analysis

Web E-mail


eDiscovery and ESI

Lesson Objectives

eDiscovery

Discoverable ESI Material

eDiscovery Notification

Required Disclosure

eDiscovery Conference

Preserving Information

eDiscovery Liaison

eDiscovery Products

Metadata

What is Metadata?

Data Retention Architecture

“Safe Harbor” Rule 37(f)

eDiscovery Spoliation

Tools for eDiscovery


Cell Phone Forensics

Lesson Objectives

Cell Phones

Types of Cell Networks

What can a criminal do with Cell Phones?

Cell Phone Forensics

Forensics Information in Cell Phones

Subscriber Identity< Moduel (SIM)

Integrated Circuit Card Identification (ICCID)

International Mobile Equipment Identifier (IMEI)

Electronic Seal Number (ESN)

Helpful Hints for the Investigation

Things to Remember when Collecting Evidence

Acquire Data from SIM Cards

SIM Cards

Cell Phone Memory

Analyze Information

Analyze

Cell Phone Forensic Tools

Device and SIM Card Seizure

Cell Phone Analyzer

Tools

Forensic Card Reader

ForensicSIM Tool

Forensic Challenges

Paraben Forensics Hardware

Paraben Forensics Hardware

Paraben: Remote Charger

Paraben: Device Seizure Toolbox

Paraben: Wireless Stronghold Tent

Paraben: Passport Stronghold Bag

Paraben: Project-a-phone

Paraben: Project-a-phone

Paraben: SATA Adapter

Paraben: Lockdown

Paraben: SIM Card Reader

Paraben: Sony Clie

Paraben: CSI Stick

Paraben: USB Serial DB9 Adapter

Paraben: P2 Commander


USB Forensics

Lesson Objectives

USB Components

USB Forensics

USB Forensics Investigation

Determine USB Device Connected

Tools for USB Imaging


Incident Handling

Lesson Objectives

Incident Handling Defined

What is a security event?

Common Security Events of Interest

What is a security incident?

What is an incident response plan?

When does the plan get initiated?

Common Goals of Incident Response Management

Incident Handling Steps

Goal

Be Prepared

The Incident Response Plan

Incident Handling

Incident Response Plan

Roles of the Incident Response Team

Incident Response Team Makeup

Challenges of building an IRT

Incident Response Training and Awareness

Jump Kit

Prepare Your Sites and Systems

Goal

Identification of an Incident

Basic Incident Response Steps

Proper Evidence Handling

Goal

Containment

Onsite Response

Secure the Area

Conduct Research

Make Recommendations

Establish Intervals

Capture Digital Evidence

Change Passwords

Goal

Determine Cause

Defend Against Follow-on Attacks

More Defenses

Analyze Threat and Vulnerability

Restore System(s) to Operation

Goal

Report Findings

Restore System

Verify

Decide

Monitor Systems

Goal

Follow-up Report


A1:  PDA Forensics

Lesson Objectives

Personal Digital Assistants

Characteristics

Palm OS

Palm OS Architecture

Pocket PC

Windows Mobile Architecture

Linux-based PDAs

Linux OS for PDAs-Architecture

Typical PDA State

Security Issues

ActiveSync and HotSync

PDA Forensic Steps

Tips for Conducting the Investigation

PDA Forensic Tools

Countermeasures


A2:  Investigating Harassment

Lesson Objectives

Sexual Harassment Overview

Examples of Sexual Harassment

What it is not?

Approach of General Investigation


Conduct Your Investigation

 


Preventative Action


Status

Active

Technology

CyberSecurity

Category

Cybersecurity

SubCategory

Security Forensics

Details

Certified Digital Forensics Examiner

Attachments

Version: 4.0
Created at 5/12/2015 3:29 PM by Cole
Last modified at 1/4/2016 3:54 PM by Steve Rosso