The Computer Forensic and Electronic Discovery course is designed to train cyber crime investigators to furnish irrefutable burden of proof from a digital artifact.

In taking this course you will learn electronic discovery, advanced investigation techniques, seizure concepts, forensic examination and much more. This course will prepare you for the CDFE certification provided by Mile2.

Benefits

• Electronic discovery and advanced investigation techniques
  
• Essential to encountering digital evidence while conducting an investigation
  
• Recognize, seize, preserve and present digital evidence

Session 1

• Section A: Course Overview
  • Introduction
    
  • Disclaimers and Prerequisites
    
  • Using the Student Guide
    
  • Computer Forensics Defined
    
  • Digital Evidence
    
  • E-Discovery Process
    
  • CDFE Course Objectives
• Section B: Digital Forensics Incidents
  • Digital Incidents Overview
    
  • Charles Lund
    
  • Cybercrime.gov Web Site
    
  • Latest Press Releases
    
  • Computer Crime Cases
    
  • Legal Resources and Legislation
    
  • Computer Fraud and Abuse Act
    
  • Robert Morris
• Section C: Type of Investigations
  • Criminal Incidents
    
  • Council of Europe on Cybercrime
    
  • Dealing with Foreign Countries
    
  • Civil Incidents
    
  • Types of Criminal Incidents
    
  • Computer Fraud
    
  • CFO Takeover Case
    
  • Investigating Fraud
    
  • Items to Investigate
• Section D: Internal and External Threats
  • Internal Threats
    
  • Internal Threat Example
    
  • External Threats Defined
    
  • External Threat Types
    
  • Investigative Challenges
    
  • Media Volume
    
  • Using Forensics Tools
    
  • Attorneys vs. Investigators
• Section E: Understanding the Assessment
  • Digital Incident Responses
    
  • Digital Incident Assessment
    
  • Assessment Considerations
    
  • Incident Types
    
  • Parties Involved
    
  • Confidential Informants
    
  • Operational Security
• Section F: Assessment Equipment Needs
  • Incident/Equipment Location
    
  • Available Response Resources
    
  • Securing Digital Evidence
    
  • Proof of Secure Evidence
    
  • Chain of Custody
    
  • Incident Response Seizure Form
    
  • Chain of Custody Form
    
  • Evidence Placement
    
  • Kinds of Digital Evidence
• Section G: File Storage Concepts
  • File Storage Overview
    
  • -Based Operating Systems
    
  • Understanding FAT and NTFS
    
  • Storage Concepts
    
  • Directories Defined
    
  • File Saving Process
    
  • File Structure
    
  • Stream Explorer Demo
• Section H: Disk Storage Concepts
  • Understanding Disk Storage
    
  • Disk Read/Write Process
    
  • Hard Disk Breakdown
    
  • Master Boot Record
    
  • Slack Space
    
  • File Management
    
  • Word Size
    
  • Memory
    
  • Understanding File Formats
    
  • Quick View Plus

Session 2

• Section A: Acquisition and Authentication
  • Digital Acquisition Overview
    
  • Digital Acquisition
    
  • Copying vs. Duplicating
    
  • Authentication
    
  • Generic Hash Demo
    
  • Text to Hex Demo
    
  • Creating a Hash
    
  • View MD5 Hash Result
    
  • Hash Extraction Reasons
    
  • eXpress CheckSum Calculator
• Section B: Acquisition Procedures/Analysis Tools
  • Acquisition Procedures
    
  • On-Scene Acquisitions
    
  • ICS DriveLocks
    
  • RoadMASSter and ImageMASSter
    
  • Logicube and Paraben Duplicators
    
  • Laboratory Acquisitions
    
  • After Documentation
    
  • Logical Review
    
  • Acquisition Options
• Section C: Duplication Demo
  • Innovision USB Write Blocker
    
  • Write-Protecting a Device
    
  • Cloning Disks with WinHex
    
  • FTK Imager
    
  • Specify Evidence Information
    
  • Image Destination Considerations
    
  • Creating the Image
    
  • dd.exe Overview
    
  • Creating a dd.exe Image
    
  • FTK Imager Results
    
  • WinHex Physical Hash
    
  • View dd.exe Image Results
    
  • Compare FTK and WinHex Physical Hashes
• Section D: Investigation Analysis and Disk Cleaning
  • DC3 Operations
    
  • Analysis Phase
    
  • Disk Redactor and Disk Wipe
    
  • Cleaned Drive and Other Tools
    
  • FTK Overview
    
  • Case Log Options/Processes to Perform
    
  • Refining and Adding Evidence
    
  • Indexing Items
    
  • Alert Files and Bad Extensions
    
  • Encrypted, OLE, and Ignorable Files
    
  • Tab
    
  • Graphics and E-Mail Tabs
    
  • Search Tab
    
  • Bookmark Tab and Summary
  
  
• Section E: Assessment Rules
  
  
  • Assessment Overview
    
  • Forensic Science
    
  • Digital Forensics
    
  • Scientific Method
    
  • Cardinal Rules
    
  • The ALPHA 5 System
    
  • Examinations
    
  • ALPHA 5 Steps
• Section F: Assessment Details
  • Assessment
    
  • Acquisition
    
  • Authentication
    
  • Analysis and Reporting
    
  • Archive
    
  • The 20 Basic Steps
    
  • Steps 2 and 3
    
  • Steps 4 - 6
    
  • Steps 7 and 8
    
  • Boot Record Data with WinHex
    
  • Steps 9 - 14
    
  • Manual and FTK Data Carving
    
  • Steps 15 - 17
    
  • Steps 18 - 20
• Section G: Digital Evidence Protocols
  • Digital Evidence Overview
    
  • Digital Evidence Concepts
    
  • Levels of Proof
    
  • Court Example
    
  • Types of Data
    
  • Ntuser.dat Analysis
    
  • Residual Data - Free Space
    
  • Free Space
    
  • Residual Data - File Slack
    
  • File Slack - Partial Artifacts
    
  • File Slack - Results
    
  • Residual Data - RAM Slack
• Section H: Digital Evidence Protocols Continued
  • Swap Files
    
  • PageFile.sys
    
  • PageFile.sys Results and Searches
    
  • Residual Data - Temp Files
    
  • Residual Data - Unallocated Space
    
  • Electronic Mail
    
  • Background Data
    
  • Metadata
    
  • Viewing Photo Exifdata
    
  • Viewing File Metadata
    
  • Admissibility
    
  • Digital Evidence Summary

Session 3

• Section A: The Role of Evidence
  • Lesson Objectives
    
  • Evidence
    
  • Types of Evidence
    
  • Electronic Files
    
  • Documentation Process
    
  • Writings or Recordings
    
  • Best Evidence Rule
• Section B: Authenticity and Alteration
  • Authenticity and Alteration Decoded
    
  • Layman's Analogies
    
  • Forensic Report Template
    
  • Filling Out the Report
    
  • Common Assaults
• Section C: Theoretical Background
  • Forensic Theory Overview
    
  • Locard's Exchange Principle
    
  • Recovery
    
  • Classification
    
  • Reconstruction
    
  • Temporal Aspects
    
  • TimeStomp
    
  • Using TimeStomp
• Section D: Tracking Down the Suspect
  • Behavioral Evidence Analysis
    
  • Equivocal Forensic Analysis
    
  • Isiscan.com
    
  • Stages of Digital Evidence Examination
    
  • Victimology
    
  • Cybertrails
    
  • eMailTrackerPro
    
  • CentralOps.net
    
  • Questions on Cybertrails
    
  • Incident Scene Characteristics
• Section E: Laboratory Validation
  • QA Objectives
    
  • Protocols
    
  • Quality Assurance
    
  • Standard Operating Procedures
    
  • Reports
• Section F: Examination Review
  • Peer Review
    
  • Peer Review Details
    
  • Consistency
    
  • Accuracy
    
  • Research
    
  • Validation
    
  • Relevance
    
  • Liability and Legal Considerations
    
  • Peer Review Wrap-up
    
  • Annual Review
• Section G: Deviation Policies and Lab Intake
  • Deviation
    
  • Deviation Guidelines
    
  • Deviation Consultation
    
  • Lab In
    Have Questions?
    
    Contact Us For More Information
    Order:

    Computer Forensics And Electronic Discovery

    Price: $655.00

    Qty: