Computer Forensics and Electronic Discovery - CFED Training Course

Computer Forensics and Electronic Discovery (CFED) Training Package Includes

• 7 CD-ROMs featuring live instructor-led classroom sessions with full audio, video and demonstration components
• Printable Courseware
• Testing Modules to insure that you fully understand the subject matter

Course Introduction

The dramatic increase in computer-related crime requires corporate security personnel and law enforcement agents to understand how to legally obtain electronic evidence stored in computers. Electronic records such as computer network logs, e-mails, word processing files, and “.jpg” picture files increasingly provide the government and corporations with important (and sometimes essential) evidence in criminal and civil cases.

One of the purposes of CFED - Computer Forensics & Electronic Discovery is to provide law enforcement agents and corporate security personnel with systematic guidance that can help them understand some of the issues that arise when they seek electronic evidence in criminal and civil investigations.
 

PRESENTER - Kenneth Mayer Kenneth Mayer - Certified CEH Trainer (CCSI, MCT, CCNP, CCDA). Ken Mayer is a Microsoft Certified Trainer as well as a Certified Ethical Hacker Trainer and Security consultant. He started his career in computer technology in 1980s. He has offered a wide variety of IT training and high level consulting projects for Fortune 500 companies across the United States and Western Europe. He has achieved the Certified Cisco Systems Instructor certification. The CCSI certification involved a two-day lab and observation event held on Cisco in Paris, France Facility. This gave Ken the accreditation to be able to deliver Cisco Authorized Courses as a CCSI. He has taught the full line of Cisco CCNA, CCDA, CCNP, CCDP and CCIP course curriculums, including Cisco's security appliances such as PIX and IDS.

List of Course Features

Computer Forensics and Electronic Discovery (CFED) Course Contents
 

Module 1 - Computer Forensic Incidents

Computer Forensic Incidents
Introduction
The Legal System
Criminal Incidents
Civil Incidents
Computer Fraud
Internal Threats
External Threats
Investigative Challenges
Module 1 Review

Module 2 - Digital Incident Response

Digital Incident Response
Digital Incident Assessment
Initial Assessment
Type of Incident
Parties Involved
Incident / Equipment Location
Available Response Resources
Securing Digital Evidence
Chain of Custody
Potential Digital Evidence
Module 2 Review

Module 3 - OS / Disk Storage Concepts

OS / Disk Storage Concepts
Disk Based Operating Systems
OS / File Storage Concepts
Disk Storage Concepts 1
Demo - Creating a file and writing it to FAT/NTFS
Disk Storage Concepts 2
Slack Space
File Management
File Formats
Demo - Using Quick View Plus
Module 3 Review

Module 4 - Digital Acquisition & Analysis Tools

Digital Acquisition & Analysis Tools
Digital Acquisition
Terms Defined
Demo - Generic Hash Demo / CryptoDemo
Demo - Hashing a File
Digital Acquisition Procedures 1
Demo -Winhex Software
FTK Explorer / EnCase
Demo - EnCase Acquisition
Digital Acquisition Procedures 2
Digital Forensic Analysis Tools
Demo - FTK
Module 4 Review

Module 5 - Forensic Examination Protocols

Forensic Examination Protocols
What is Forensic Science?
Applying the Scientific Method
Cardinal Rules
Alpha “5”
Demo - Create Disk Images
Demo - Data Recovery Exercise
“The 20 Basic Steps”
Demo - File Carving Exercise
Module 5 Review

Module 6 - Digital Evidence Protocols

Digital Evidence Protocols
Digital Evidence Concepts
Data Files: Active Data
Data Files: Archival Data
Data Files: Backup Data
Data Files: Residual Data
Data Files: Electronic Mail (E-Mail)
Data Files: Background Data
Data Files: Metadata
Digital Evidence: Admissibility
Digital Evidence: In Summary
Demo - Viewing Metadata of a Graphic File
Demo - Detailed Lab Exam of Evidence
Module 6 Review

Module 7 - Digital Evidence Presentation

Digital Evidence Presentation
The Best Evidence Rule
Digital Evidence: Hearsay
Authenticity and Alteration
Layman’s Analogies
Module 7 Review
Course Closure