The benefits to law enforcement and the military are
obvious. On the other hand, corporate IT personnel will use
the skills gained to identify and remedy vulnerabilities
that have been exploited so as to eliminate the problem.
Additionally in many cases the techniques used may help
identify the perpetrator for referral to law enforcement for
prosecution. There are many job descriptions that will
benefit from this training depending on industry segment –
general network administration, law enforcement, insurance
investigations, litigation support and criminal defense to
name a few.
A 5-day DFED & ADFT bootcamp is also available.
Prerequisites
tudent should have experience conducting computer forensic
examinations or have completed the Computer Forensics &
Electronic Discovery Course.
The “Advanced Computer Forensic Techniques” Course is
specifically designed for corporate and government personnel
who in the performance of their duties may be asked to
conduct an advanced Computer Forensic investigation.
Students attending the “Advanced Computer Forensic
Techniques” Course must be certified graduates of the M2
Computer Forensics “Computer Forensics and Electronic
Discovery” Course or a similar course of instruction within
the past 24 months. Additionally, the student must possess
some sound knowledge of how to use e-mail, word-processing,
spreadsheet and MS PowerPoint® software programs as well as
the popular automated forensic software tools (EnCase™ and
Forensic Tool Kit™). A basic working knowledge of the Linux
operating system would also be helpful, but is not a
requirement. Upon completion of this Course, the student
will receive the knowledge necessary to properly conduct an
advanced Computer Forensic investigation and execute
advanced reporting procedures.
Certification
Upon completion of the Advanced Computer Forensic Techniques
course or the CFED/ACFT bootcamp, students will be able to
attempt the following exams:
General Public or Law Enforcement
Certified Computer Examiner (CCE)® through ISFCE - (This
Examination can be taken after the course as an option.)
Law Enforcement Only
External Certified Forensic Computer Examiner process (CFCE)
through the International Association of Computer
Investigative Specialists.
Student Materials
Students will receive the following items during the
training program:
A 350-page comprehensive computer forensic student guide and
investigative resource materials.
A CD-ROM containing GUI-based Windows data examination
software with a " live" casefile.
A CD-ROM containing GUI-based Linux data examination
software.
Upon passing practical and written examinations, a
Certificate of Completion
Our curriculum was developed by John A. Sgromolo, former
Course Director for the Computer Crime curriculum at the
Institute of Police Technology and Management at the
University of North Florida, located in Jacksonville. Mr.
Sgromolo, a pioneer in computer forensics, is a former
Special Agent with the Naval Criminal Investigative Service.
He was responsible for coordinating all computer crime
general investigations at the Norfolk Field Office. In his
capacity as Course Director for IPTM, Mr. Sgromolo was
responsible for teaching hundreds of law enforcement
officers nationwide the intricacies of computer crime
investigations.
Outline
The following lessons are covered during this course.
Electronic Discovery and Digital Evidence
An overview of different operating systems and file
structures that are encountered during a computer forensic
examination. Knowing the basics of the digital media you are
working on and recalling the fundamentals to help you
properly begin your forensic examination of the media.
Forensic Examination
This covers the advanced procedures necessary to conduct
an accurate and carefully documented computer forensic
examination. Advanced methods of computer forensic protocols
are implemented, including physical evidence recovery.
Hardware Utilities
Students are introduced to numerous innovative hardware
tools available for conducting a computer forensic
examination. Students will utilize these advanced tools
during practical application exercises to investigate
digital media.
Specialized Examination Tools
This is an introduction to a variety of “state of the
art” and unique software tools for use in a computer
forensic examination. Students utilize advanced software and
participate in practical exercises to gain a clear
understanding of the tools available to them. This is a
hands-on laboratory where innovation and knowledge play key
roles.
Advanced Artifact Recovery
This is a hands-on laboratory where students conduct an
advanced forensic examination of digital media. The focus of
this lesson is to utilize advanced automated tools for the
recovery of digital artifacts that are unattainable by
conventional methods. There are several practical exercises
that challenge even the senior cybercrime investigator.
Focus is placed on using the advanced tools and thinking
“outside the box” to try to discover incriminating digital
evidence on a live case file.
Crypto and Password Recovery
This covers digital encryption file structures and
password-protected data that an investigator may encounter
while conducting and examining. Students are exposed to
methods to decode and crack passwords that are used to
protect potential evidence. They also learn techniques for
gaining access to encrypted files that may reside within the
information.
Specialized Digital Media Analysis and Recovery
This covers state of the art software whereby students
are required to examine digital media in an attempt to
recover data pertaining to a civil or criminal offense. The
students will present their findings to the class during an
evidence presentation exercise. Students will compete to see
who completes the most thorough investigation. This exercise
is very in-depth and competitive.
Electronic Discovery and Recovery Lab
Students will conduct a proper “seizure and search” for
digital evidence. This is a hands-on, practical exercise
where students will use their newly attained skills to find
evidence that cannot be detected by normal computer forensic
investigative methods.
Documenting and Reporting Digital Evidence
This lesson reviews and analyzes the methods used to
document and report the results of a computer forensic
examination. Students will present their findings and
electronic discoveries in an exercise to demonstrate their
abilities to create an effective presentation.
Presentation of Digital Evidence
This is the final exercise where students are faced with
the challenge of presenting their findings in a low-tech
format whereby non-technical personnel are able to decipher
and understand the results. The students will physically
present their findings in “layman’s terms,” which is
critical during any investigation. Getting the audience to
gain a clear understanding of what occurred on a computer
system is sometimes the biggest hurdle in completing an
effective investigation.
Important
Intellectual Property Acknowledgments:
© Copyright – 2005, Mile2 UK,
Ltd. – CPTS, CPTE & Mile2 are trademarks of Mile2 mki,
Inc. All Rights Reserved.
Certified Pen Tester, Certified Penetration Tester,
Certified Pen Testing Specialist, Certified Pen Testing
Expert, Mile2, CPT and CPTE are trademarks of Mile2 mki,
Inc. All rights reserved
( file size: 9 mb)
