The Computer Forensics and Electronic Discovery (CFED) training course was designed to train “digital investigators” to properly conduct a computer forensics examination and give them an understanding of the process of electronic discovery. Unlike other training courses in computer forensics, our training is “vendor neutral” and takes an in-depth approach to manually conducting a digital investigation. The students will learn the skills and techniques necessary to conduct a thorough examination. The training will also teach the students they cannot rely solely on automated software to conduct an effective investigation. The environment is extremely hands-on and interactive, and the students will work with the most widely accepted “tools of the trade” in addition to manually examining digital evidence. Some of the modules covered in Basic Computer Forensics Techniques include:
History of Computer Crime
This brief introduction to the history of computer crime will show why most of the standard techniques we use today originated. Computer crimes have evolved significantly over the past few decades and knowing the reasons for the processes we use helps to protect a digital investigator from putting themselves in a liable situation. Although this is not meant to be a complete history lesson, it will cover the most significant changes and landmark decisions that affect the legal aspects of the way we do must do things today.
Disk Storage Concepts
This lesson will cover everything from the anatomy of a hard disk to the way data is stored on the drive. Most end users do not have a clear understanding of the way Microsoft operating systems store information in different environments. This is an in-depth look of how files are actually tracked and stored in both FAT and NTFS environments. Students will gain an understanding of the FAT table, the MFT file structure, and how to locate and recover digital artifacts in slack and unallocated space on the drive. Even though information may not be physically visible on the drive, there are techniques to recover information that did exist on the drive at some point. Having a clear understanding of how data is stored will give the investigator the knowledge necessary to overcome these hurdles.
Basic Forensic Principles
This lesson will define computer forensics and teach students the protocols that have become the accepted methodology used by computer forensic examiners and laboratories throughout the United States. The guidelines taught in this section adhere to the standards, protocols and procedures set forth by the U.S. Department of Justice, the International Association of Computer Investigative Specialists (IACIS®), the National Institute of Justice and The Scientific and Technical Working Groups on Digital Evidence. These are the proven techniques that have been the most effective since the inception of computer crime. This section will define the different types of digital evidence, to include residual data, electronic mail and user data. Students will learn the considerations to account for when acquiring electronic evidence on stand alone and laptop computers, as well as computers in a complex or networked environment. Proper forensically sound acquisition methods are covered, including documentation, packaging, transportation and storage.
With email being as prevalent as it is in today’s society, understanding how to properly trace the origin or authenticity of an email can be an important factor in any investigation. Students will learn how to read the complete header of an email message to determine the original source, and will also learn techniques to track down forged email headers.
Introduction to Electronic Discovery
Students will learn to properly read and prepare electronic discovery requests and the importance of the information available. This section will cover the necessary steps for both the producing and the requesting party in the document discovery process. The history of digital evidence in litigation will show how the prominence of electronic discovery and document retention are necessary today. This section will expose the students to developing laws and the cost factors involved.
Digital Investigation Techniques
This is a 2 day series of hands-on exercises that will teach the students how to properly conduct a forensically sound investigation. The entire process from acquisition to presenting your findings is covered. Students will learn the strengths and weaknesses of the automated tools that have been accepted by the computer forensics community. Students will also gain a clear understanding of how the tools work, and how to manually examine digital evidence to conduct the most through examination possible. This section teaches the students the importance of automated software, but also how relying on it alone may cause them to miss crucial evidence that can be detrimental to an investigation.
Seating is limited and classes fill quickly.
So contact a GDF training specialist today at 1-800-868-8189 for more information.