Certified Digital Forensics Examiner (ST006)

Classroom Learning

Also available via

Who Needs to Attend

Those who work for government security agencies, as well as in companies and organizations intent on pursuing any corrective action, litigation, or proof of guilt based on digital evidence.

Prerequisites

Experience in using a computer

Follow-On Courses

There are no follow-ons for this course.

In this course, you will learn to pursue and effect corrective action, litigation, or proof of guilt based on digital evidence. A case in point could be the termination of an employee for a violation that may involve a digital artifact to support the allegation. In this event, you must furnish irrefutable burden of proof derived from the digital artifact. If not, then an attorney who is knowledgeable about Computer Forensics would have the case thrown out. Similarly, government or investigative agencies need to be able to successfully prosecute or defend cases such as terrorist activates, illegal pornography, acts of fraud, or counterfeiting, and so forth.

What You'll Learn

Pursuit of any corrective action, litigation, or proof of guilt based on digital evidence
Prosecute or defend cases such as terrorist activates, illegal pornography, acts of fraud, or counterfeiting

Course Outline

1. Introduction to Computer Crime

Origins of Computer Forensic Science
Criminal and Civil Incidents
Types of Computer Fraud Incidents
Internal and External Threats
Investigative Challenges

2. Disk Storage Concepts

Operating Systems and File Structures
Disk Storage Methodologies
OS Procedures Involving file & Directory Creation
Disk-based Media File Storage Concepts
"Slack Space" & the Recovery of Digital Evidence
"File Management" and "File Format" Concepts

3. Computer Forensics

Application of Scientific Methods
Three Major Categories of Digital Evidence
Four Cardinal Rules of Computer Forensics
"ALPHA 5" System
Best Practices - The 20 steps

4. Electronic Discovery and Digital Evidence

Digital Acquisition Process
Procedures Used in Digital Duplication
Digital Authentication Types
Identifying Types of Digital Evidence Attacks
Classifying and Comparing Digital Evidence
Identifying Types of Digital Evidence Clues
Identifying Aspects of a Computer Forensic Behavioral Analysis

5. Specialized Examination Tools

Forensic Tools (Hardware & Software) Available
Forensic Tool Kit
EnCase
WinHe

6. Seizure Concepts

Digital Incident Situation Assessment
Securing Digital Evidence
Establishing a "Chain Of Custody" and Submitting Items as "Digital Evidence"
Identifying Equipment Encountered During a Digital Incident Situation

7. Forensic Examination

Employing "Pre-exam" Analysis
Computer Forensic Duplication Types
Digital Evidence Processing Methods
Digital Data Extraction Techniques from Nontraditional Areas of Digital Media

8: Advanced Artifact Recovery

Conducting an Advanced Forensic Examination of Digital Media
Recovering Digital Artifacts Unattainable by Conventional Methods
Using the Advanced Tools and Thinking "outside the box" To Try To Discover Incriminating Digital Evidence on a Live Case File

9. Crypto and Password Recovery

Origins of Cryptology and Cryptography
Cryptography and Cryptanalysis
Steganography and Alternate Data Streams
Types of Encryption concepts
Principles of "Diffusion" and "Confusion"
Investigative Options Available To Crack Password-protected Files

10. Specialized Digital Media Analysis and Recovery

MAC Times and Image Metadata
Windows Registry
System Identifiers
Sources of Unique Identification within OS
Aspects of OS Data Files, To Include Index.dat and AOL System Files
"Recycle" Folder and Deleted Files

11. Cyber-terrorism and Internet Investigations

Defining Digital Evidence
Concepts and protocols Associated with Digital Evidence and "Levels of Proof"
Categories of Digital Evidence

12. Electronic Discovery, Acquisition, and Analysis Laboratory

Hands-on Case File
Live/Indexed Keyword Searching
Analysis and Identification of Relevant Digital Evidence
Quality Assurance and Documentation
Peer Review Process
Annual Review Procedures
Forensic Lab Deviation Policy
Long-Term Storage Options
Lab Items Subject to the Legal Discovery Process
Report Compilation and Presentation

13. Documenting and Reporting Digital Evidence

Reviewing and Analyzing the Methods Used To Document and Report the Results of a Computer Forensic Examination
Creating an Effective Presentation

14. Presentation of Digital Evidence

"Best Evidence" Concept
"Hearsay" Concept
"Authenticity" and "Alteration of Computer Records" Concepts
"Layman's Analogies" Available to the Computer Forensic Practitioner
Admissibility of Digital Evidence in a Court of Law

Labs

Lab 1. Computer Forensics

Detailed review of standard and advanced procedures and how to implement them
Advanced methods of computer forensic protocols

Lab 2. Electronic Discovery and Digital Evidence

Recovering digital artifacts from various file structures
Overview of different operating systems and file structures encountered
What to look for the various techniques for retrieving the information in a forensically sound manner

Lab 3. Specialized Examination Tools

Multiple software and hardware solutions
Availability of numerous tools in a vendor neutral environment
Understanding of what the tools do and how they work, in layman's terms

Lab 4. Seizure Concepts

Proper seizure of digital information
Handling of evidence

Lab 5. Forensic Examination

Conducting and documenting a computer forensic examination
Implementing advanced methods of computer forensic protocols, including physical evidence recovery

Lab 6. Crypto and Password Recovery

Digital encryption file structures and password-protected data that an investigator may encounter while conducting and examining
Decoding and cracking passwords
Gaining access to encrypted files that may reside within the information

Lab 7. Specialized Digital Media Analysis and Recovery

State of the art software
Examining digital media in an attempt to recover data pertaining to a civil or criminal offence
Presenting findings during an evidence presentation exercise
This exercise is very in-depth and competitive.

Lab 8. Cyber-terrorism and Internet Investigations

Possible threats to infrastructure
Effectively combat cyber-terrorism
Identifying digital Internet artifacts left by potential cyber-terrorists

Lab 9. Electronic Discovery, Acquisition, and Analysis Laboratory

Acquiring and analyzing digital evidence using specialized forensic tools
Conducting a proper "seizure and search" for digital evidence
Proper authentication and analysis using advanced forensic utilities and software tools

Lab 10. Review and Analysis

Analyzing the methods used to document and report the results of a computer forensic examination
Creating and presenting your finding and electronic discoveries

Lab 11. Presenting digital evidence in a courtroom environment

Creating and presenting the results of a cyber crime investigation to an administrative body or court of law
Examining civil and criminal incidents
Presenting findings in a low-tech format where non-technical personnel are able to decipher and understand the results
Mastering this critical skill

Classroom Dates and Locations

Date	Location
Sep 27 - Oct 1, 2010	Winnipeg, MB	Register
Sep 27 - Oct 1, 2010	Mississauga, ON	Register
Sep 27 - Oct 1, 2010	Kitchener, ON	Register
Nov 29 - Dec 3, 2010	Toronto, ON	Register
Nov 29 - Dec 3, 2010	Montreal, QC	Register
Nov 29 - Dec 3, 2010	Halifax, NS	Register
Jan 17 - 21, 2011	Victoria, BC	Register
Jan 17 - 21, 2011	Vancouver, BC	Register
Jan 17 - 21, 2011	Edmonton, AB	Register
Jan 17 - 21, 2011	Calgary, AB	Register
Mar 21 - 25, 2011	Winnipeg, MB	Register
Mar 21 - 25, 2011	Mississauga, ON	Register
Mar 21 - 25, 2011	Kitchener, ON	Register
May 9 - 13, 2011	Toronto, ON	Register
May 9 - 13, 2011	Montreal, QC	Register
May 9 - 13, 2011	Halifax, NS	Register