CALL NOW!
855.520.6806
  • TRAINING PROGRAMS
  • FINANCIAL ASSISTANCE
  • MILITARY
  • LOGIN

Forensic Computer Examiner

George Mason University

Enroll Now!

Have More Questions?
855.520.6806
Career Training Program
Program Code: GES305
Hours: 80
Fees: $3195.00 USD

Outline

Module 1- Introduction to Computer Forensics

  • Recommended Machine Configurations
  • What makes a good computer forensic examiner?
  • Computer Forensics vs. E Discovery
  • Dealing with clients or employers
    • Work Product
    • Client Contracts
    • Legal and privacy issues
  • Software Licensing
  • Ethical Conduct Issues
  • Cases that may include digital evidence
  • Forensic Examination Procedures
  • Determining Scope of Examinations
  • Hardware and Imaging Issues
  • Floppy Diskette, USB and Optical Media Examination
  • Limited Examinations
  • Forensically Sterile Examination Media
  • Examination Documentation and Reports
  • ASCII Table
  • General Overview of Boot Process and Operating Systems
  • Floppy Diskette Sides, FD Tracks, Hard Disk Drives
  • BIOS History
  • Networked Computers
  • Media Acquisition
  • Acquisition Documentation
  • Chain of Custody

Module 2 – Imaging

  • Recommended Machine Configurations
  • Imaging Theory and Process
  • Imaging Methods
  • Write Blocking
  • Imaging Flash Drives
  • Wiping, Hashing, Validation, Image Restoration, Cloning, Unallocated Space
  • Drive Partitioning
  • One (1) Student Lab Practical Exercise

Module 3 – File Signatures, Data Formats & Unallocated Space

  • File Identification
  • File Headers
  • General File Types
  • File Viewers
  • Examination of Compressed Files
  • Data Carving – Using Simple Carver
  • One (1) Student Lab Practical Exercise

Module 4 – FAT File System

  • Logical structures of DOS, Windows 95, Windows 98
  • Master Boot Record
  • File Allocation Table
    • 16 Bit FAT
    • 32 Bit FAT
  • Directory Entries
  • Clusters
  • Unallocated Space
  • Sub-Directories
  • FORMAT
  • Six (6) Student Lab Practical Exercises

Module 5 – NTFS File System

  • Introduction and Overview
  • Basic Terms
  • Basic Boot Record Information
  • Time Stamps
  • Root Directory
  • Recycle Bin
  • File Creation
  • File Deletion
  • Examining NTFS Drives
  • Two (2) Student Lab Practical Exercises

Module 6 – Registry & Artifacts

  • Creating an Examination Boot Disk
  • Data Recovery
  • Windows Swap and Page Files
  • Forensic Analysis of the Windows Registry
  • Internet Cache Files, Cookies and Internet Sites
  • Microsoft Outlook
  • MSMAIL
  • Logical Structures
  • Tracking User Specific Computer Use
  • Internet Explorer Cache Index
  • VISTA
  • Basic Mail Issues
  • Basic Internet Issues
  • Common Situations Encountered during Examinations
  • Password Protection and Defeating Passwords
  • Compound Documents
  • FTK
  • Three (3) Student Lab Practical Exercises

Module 7 – Forensic Policy, Case Writing, Legal Process & Forensic Tool Kits

  • Use of Policy and Checklists in Forensic Practice
  • Data Presentation to Client
  • Case Report Writing
  • Legal Process
  • Expert Admission
  • Going to Court
  • Use of Forensic Tools and Software
  • One (1) Student Lab Practical Exercise – Hard drive examination

Contact Us

Submit