Courses Courses Arts and Design Arts and Design Animation Graphic Arts Photography Web Design Business Business Accounting Administrative Communication Finance Marketing and Sales Operations Project Management Small Business Soft Skills Career Online High School Career Online High School Online High School Diploma Computer Applications Computer Applications Autodesk Microsoft QuickBooks Windows Computer Programming Computer Programming Programming Classes Construction and Trades Construction and Trades Construction Environmental and Energy Trades Health and Fitness Health and Fitness Alternative Medicine Dental Fitness Medical Veterinary Wellness Hospitality Hospitality Hospitality Service Information Technology Information Technology Cloud Computing Networking Other Security Language Language Languages Legal Legal Legal Studies Math and Science Math and Science Mathematics and Science Teacher Professional Development Teacher Professional Development Child Development Classroom Technology Math and Science Reading and Writing Test Prep Test Prep Exam Prep Writing Writing Writing and Editing Skill Map How It Works How It Works About ed2go Externship Programs Financial Assistance Corporate Training Find a School Student Blog Military

CONTACT US

(855) 520-6806

See all results for ""

See All Courses

ed2go Information Technology Information Technology Forensic Computer Examiner
Return to Information Technology
computer-forensics

Forensic Computer Examiner

As criminal defense attorneys and civil attorneys encountered law-enforcement examiners, the need for qualified civilian forensic computer examiners grew. Currently, there’s a huge demand for certified, qualified forensic computer examiners. Some trained examiners have started their own businesses, some work for large companies, such as Deloitte and Touche, and others work for law-enforcement agencies. 

This comprehensive online course prepares you for a career in this emerging field. You’ll learn not only to thoroughly examine digital media, but also to clearly document, control, prepare, and present examination results that will stand up in a court of law. You’ll be able to identify where and how data is stored and how to recover and interpret data and draw appropriate conclusions based on the data. Education on the ethics of computer forensics is also included. This course is hands-on and emphasizes learning by doing. The primary certification for civilian forensic computer examiners is the Certified Computer Examiner (CCE) certification. The Forensic Computer Examiner Online Training course is an authorized ISFCE (International Society of Forensic Computer Examiners) training course that will thoroughly prepare you to take the CCE certification exam.

12 Months / 80 Course Hrs
Open enrollment

Offered in Partnership with your Preferred School

George Mason University

Why this school? It's been chosen based on your location or if you've visited this school's website. Change School

Learning Method

Instructor-led

Self-Paced. Study on your own schedule

Contact Us for additional information

Forensic Computer Examiner

Contact Us

Details + Objectives

Course Code: GES305

What You Will Learn
  • Know what a forensic examiner may expect to encounter during an examination
  • Understand software licensing and how it affects forensic examiners
  • Explore forensic ethical standards as they apply to forensic examiners
  • Determine when a legal opinion may be necessary to prevent privacy issues from interfering with the examination or causing a valid lawsuit
  • Understand how to properly establish and maintain the physical chain of custody of media and evidence
  • Know the significance of, location of, and how to recover data from swap files, temporary files, Internet cache files, Internet cookies, mail files, and Internet sites visited
  • Be able to prevent virus introduction and prevent activation of "booby traps"
  • Understand how to find and document data, including hidden data and password-protected data
  • Discover how to present recovered and evidence data to the client in a useful format
  • Understand how to present data in court or other proceedings
How the course is taught
  • Self-paced, online course
  • 12 months to complete
  • Open enrollment, begin anytime
  • 80 course hours
How you will benefit
  • Be fully prepared to sit for the CCE Certification testing through the International Society of Forensic Computer Examiners
  • Jump-start your career as a forensic computer examiner
  • Understand what types of data and information you’ll be privy to on the job
  • Set yourself apart from competitors by understanding the requirements and responsibilities of a forensic computer examiner

Outline

Expand All
Introduction to Computer Forensics

Understand the needs of a computer forensic examiner. Learn how to deal with clients and employers, ethics required for the role, and opportunities in the job market.

Imaging and Data Formats

Begin learning about recommended machine configurations, as well as imaging theory and processes. You’ll also learn how to identify files and data formats.

FAT and NTFS Filing Systems

Master the FAT and NTFS filing systems. Learn how to process directories, deal with unallocated space, and create and delete files.

Registry and Artifacts

Continue the course by learning the fundamentals of registries and artifacts. You’ll examine logical structures, data recovery techniques, and basic internet issues, amongst other things.

Forensic Policy

Explore the use of policy and checklists in forensic practice. Develop an understanding of the legal process, case report writing, and going to court.

Introduction to Mobile Data Exploitation

Complete the course by learning about the mobile phone extraction process including collection, isolation, interrogation, imaging, and analysis.

Details

Module 1- Introduction to Computer Forensics

  • Recommended Machine Configurations
  • What makes a good computer forensic examiner?
  • Computer Forensics vs. E Discovery
  • Dealing with clients or employers
    • Work Product
    • Client Contracts
    • Legal and privacy issues
  • Software Licensing
  • Ethical Conduct Issues
  • Cases that may include digital evidence
  • Forensic Examination Procedures
  • Determining Scope of Examinations
  • Hardware and Imaging Issues
  • Floppy Diskette, USB and Optical Media Examination
  • Limited Examinations
  • Forensically Sterile Examination Media
  • Examination Documentation and Reports
  • ASCII Table
  • General Overview of Boot Process and Operating Systems
  • Floppy Diskette Sides, FD Tracks, Hard Disk Drives
  • BIOS History
  • Networked Computers
  • Media Acquisition
  • Acquisition Documentation
  • Chain of Custody

Module 2 – Imaging

  • Recommended Machine Configurations
  • Imaging Theory and Process
  • Imaging Methods
  • Write Blocking
  • Imaging Flash Drives
  • Wiping, Hashing, Validation, Image Restoration, Cloning, Unallocated Space
  • Drive Partitioning
  • One (1) Student Lab Practical Exercise

Module 3 – File Signatures, Data Formats & Unallocated Space

  • File Identification
  • File Headers
  • General File Types
  • File Viewers
  • Examination of Compressed Files
  • Data Carving – Using Simple Carver
  • One (1) Student Lab Practical Exercise

Module 4 – FAT File System

  • Logical structures of DOS, Windows 95, Windows 98
  • Master Boot Record
  • File Allocation Table
    • 16 Bit FAT
    • 32 Bit FAT
  • Directory Entries
  • Clusters
  • Unallocated Space
  • Sub-Directories
  • FORMAT
  • Six (6) Student Lab Practical Exercises

Module 5 – NTFS File System

  • Introduction and Overview
  • Basic Terms
  • Basic Boot Record Information
  • Time Stamps
  • Root Directory
  • Recycle Bin
  • File Creation
  • File Deletion
  • Examining NTFS Drives
  • Two (2) Student Lab Practical Exercises

Module 6 – Registry & Artifacts

  • Creating an Examination Boot Disk
  • Data Recovery
  • Windows Swap and Page Files
  • Forensic Analysis of the Windows Registry
  • Internet Cache Files, Cookies and Internet Sites
  • Microsoft Outlook
  • MSMAIL
  • Logical Structures
  • Tracking User Specific Computer Use
  • Internet Explorer Cache Index
  • Basic Mail Issues
  • Basic Internet Issues
  • Common Situations Encountered during Examinations
  • Password Protection and Defeating Passwords
  • Compound Documents
  • Examining CDR Media
  • FTK
  • Three (3) Student Lab Practical Exercises

Module 7 – Forensic Policy, Case Writing, Legal Process & Forensic Tool Kits

  • Use of Policy and Checklists in Forensic Practice
  • Data Presentation to Client
  • Case Report Writing
  • Legal Process
  • Expert Admission
  • Going to Court
  • Use of Forensic Tools and Software
  • One (1) Student Lab Practical Exercise – Hard drive examination

Module 8 - Introduction to Mobile Data Exploitation

  • Mobile Phone Extraction Process
    • Collection
    • Isolation
    • Interrogation
    • Imaging
    • Analysis
  • Mobile Networks
  • International Mobile Subscriber Identity
  • Use of Forensic Tools and Software
  • One (1) Student Lab Practical Exercise
View All Sections

Instructors & Support

Bill Long

Bill Long is a retired law enforcement supervisor with the Oklahoma Office of the Inspector General. He is a CFCE and is owner and president of William J. Long & Associates LLC, a firm specializing in computer forensic examinations and data recovery.

John Fretts

John Fretts serves as Director of Investigations for New England-based a private firm. Prior, he was a Senior Special Agent with the Bureau of Alcohol, Tobacco, Firearms and Explosives for more than 30 years. In addition to conducting firearms and explosives investigations he specialized in computer forensic investigations.

William D. Taylor

William D. "Bill" Taylor is a retired Computer Investigative Specialist/Special Agent with the US Treasury Inspector General for Tax Administration in Nashville, Tennessee. He holds both Baccalaureate and Master's Degrees in Criminal Justice and a Associates Degree in Forensic Computer Science. He is also a graduate of the 152nd Session of the FBI National Academy. Bill had over 35 years of investigative law enforcement experience when he retired. 

Clifford Ellston

Clifford "Cliff" Ellston was a Senior Special Agent from the Bureau of Alcohol, Tobacco, Firearms and Explosives after 35 years of service. In addition to conducting firearms and explosives investigations, he specialized in computer forensic investigations. Ellston currently serves as a compliance officer for a retail corporation. He also assists local police in their effort to handle and examine electronic media evidence.

Show all Instructors & Support
Requirements

Prerequisites / Requirements

Prerequisites:

To enroll in this course, you’ll need to have basic computer skills, including the ability to work outside the Windows GUI interface. This is because forensic examiners often need data that can’t easily be accessed from within Windows. Being comfortable working within the DOS environment will be very helpful in this field.

A good measure of your readiness for this course is knowing that you can successfully complete the A+ certification through CompTIA. Note that the certification is by no means a prerequisite. However, the basic knowledge needed for success in this course typically requires that you have the A+ level of experience.

A forensic computer examiner will be required to work with the hardware of a computer on many occasions, so you’ll need to have the ability or desire to remove and replace hard-disk drives from computers and change jumper settings. These topics are briefly covered within our course, but you should have these skills prior to enrolling.

To work in this field, you must not have a criminal record. This includes any felony conviction where the individual could have received a sentence of one or more years of imprisonment. This also includes any criminal history of sexually related offenses, as many digital examinations include these topics, and an examiner with this type of history could be easily discredited.

Requirements:

Hardware Requirements: 

  • PC with the latest updates and BIOS (Mac computers may not be used)
  • You may use either a desktop or a laptop computer
  • Internet access
  • 1 GB (or more) memory
  • 10 GB or larger hard-disk drive for examination purposes
  • 2 (or more) open USB 2.0 ports

Software Requirements: 

  • PC: Windows XP or later.
  • Mac: OS X Snow Leopard 10.6 or later.
  • Browser: The latest version of Internet Explorer, Firefox, Chrome, or Safari (We recommend Firefox or Chrome).
  • Adobe Flash Player. Click here to download the Flash Player.
  • Adobe Acrobat Reader. Click here to download the Acrobat Reader.
  • Email capabilities and access to a personal email account.
  • Software must be installed and fully operational before the course begins.

Recommended Configuration:

  • PC with the latest updates and BIOS
  • High-speed Internet access
  • 2 GB (or more) memory
  • 15 GB or larger hard-disk drive for examination purposes
  • Integrated PS/2 ports (not USB keyboard or mouse)
  • 4 open USB 2.0 ports
  • 1 open Firewire/IEEE 1394 port
  • Read/Write blocking device such as the FireFly Read/Write device made by Digital Intelligence

Notes:

  • If you plan to pursue the Certified Computer Examiner (CCE) credential, you must have attended a course through an ISFCE Authorized Training Center (such as this one), have documented experience in forensic computer examinations, OR be able to produce a well-documented self-study.
Instructional Materials

The instructional materials required for this course are included in enrollment and will be available online.

More About

This course is based on the concept of teaching computer forensics from a vendor-neutral perspective, and you’ll learn the low-level mechanics of commonly encountered file systems. If you can gain a solid understanding of one file system and how it functions at a low level, then you’ll be prepared to learn other file systems as well.

This course material also teaches low-level mechanics and functions of both the FAT file system and the New Technology File System (NTFS). Although the FAT file system is not available on new computers, it’s the default file system on floppy diskettes and USB devices. Many computer forensic incidents involve USB devices and will continue to involve these devices for years to come. Consequently, students studying to become successful forensic computer examiners must understand the FAT file.

Windows 98 and earlier versions are based on the FAT file system. A computer formatted with Windows 2000, XP, and Vista versions will typically be formatted with the NTFS file system.

The completion of several practical exercises is a requirement of this course. Some might include floppy diskettes. Although the floppy diskette is no longer commonly encountered in the field, keep in mind that it’s the exercise that is significant, and any action taken on a floppy diskette can be replicated on a hard drive.

About Certification

the-international-society-of-forensic-computer-examiners-isfce

The International Society of Forensic Computer Examiners (ISFCE) is an independent, private certifying body that administers fair, unbiased examinations with high ethical standards. Its Certified Computer Examiner (CCE) credential is internationally recognized and well-known to employers and instructors in the computer forensics industry. Through the CCE certification, ISFCE wishes to advance the science and research in the industry and provide a level of professionalism. You can demonstrate your knowledge and your professionalism when you enroll in a course certified by ISFCE.

Reviews

FAQs

Expand All
Can I register for a course if I am an international student?

Yes, ed2go courses are online, so you never have to actually travel to the school. Most schools offer telephone or online registration.

Does this course prepare for a certification?

No.

When can I start the course?

This course is open enrollment, so you can register and start the course as soon as you are ready. Access to your course can take 24-48 business hours.

How long does it take to complete this course?

This course is self-paced and open enrollment, so you can start when you want and finish at your own pace. When you register, you'll receive twelve (12) months to complete the course.

What if I don't have enough time to complete my course within the time frame provided?

The time allotted for course completion has been calculated based on the number of course hours. However, if you are unable to complete the course, contact your Student Advisor to help you work out a suitable completion date. Please note that an extension fee may be charged.

What kind of support will I receive?

You may be assigned with an instructor or team of industry experts for one-on-one course interaction. Your support will be available (via e-mail) to answer any questions you may have and to provide feedback on your performance. All of our instructors are successful working professionals in the fields in which they teach. You will be assigned to an Advisor for academic support.

What happens when I complete the course?

Upon successful completion of the course, you will be awarded a certificate of completion. You will also become eligible to sit for the CCE Certification testing through the ISFCE. Note: You will need to list this training while submitting your application for the Certification.

Am I guaranteed a job?

This course will provide you with the skills you need to obtain an entry-level position in most cases. Potential students should always do research on the job market in their area before registering.

Can I get financial assistance?

ed2go courses are non-credit, so they do not qualify for federal aid, FAFSA and Pell Grant. In some states, vocational rehab or workforce development boards will pay for qualified students to take our courses. Additionally, some students may qualify for financial assistance when they enroll, if they meet certain requirements. Financing is available from select schools. Learn more: https://www.ed2go.com/career/financial-assistance

How can I get more information about this course?

If you have questions that are not answered on our website, please feel free to contact us via LIVE CHAT or by calling us at (855) 520-6806. If you are visiting us during non-business hours, please feel free to send us a question using the Contact Us form.

Browse All