Course Code: chfi
Duration: 35 hours
Prerequisites:

Overview:

The Certified Digital Forensics Examiner vendor neutral certification is designed to train Cyber Crime and Fraud Investigators whereby students are taught electronic discovery and advanced investigation techniques. This course is essential to anyone encountering digital evidence while conducting an investigation.

The Certified Digital Forensics Examiner training teaches the methodology for conducting a computer forensic examination.  Students will learn to use forensically sound investigative techniques in order to evaluate the scene, collect and document all relevant information, interview appropriate personnel, maintain chain-of-custody, and write a findings report.

The Certified Digital Forensics Examiner course will benefit organizations, individuals, government offices, and law enforcement agencies interested in pursuing litigation, proof of guilt, or corrective action based on digital evidence.

Course Outline:

Computer forensics enables the systematic and careful identification of evidence in computer related crime and abuse cases. This may range from tracing the tracks of a hacker through a client’s systems, to tracing the originator of defamatory emails, to recovering signs of fraud.

Module 1: Introduction

Module 2: Computer Forensic Incidents

Module 3: Investigation Process

Module 4: Disk Storage Concepts

Module 5: Digital Acquisition & Analysis

Module 6: Forensic Examination Protocols

Module 7: Digital Evidence Protocols

Module 8: CFI Theory

Module 9: Digital Evidence Presentation

Module 10: Computer Forensic Laboratory Protocols

Module 11: Computer Forensic Processing Techniques

Module 12: Digital Forensics Reporting

Module 13: Specialized Artifact Recovery

Module 14: e-Discovery and ESI

Module 15: Mobile Device Forensics

Module 16: USB Forensics

Module 17: Incident Handling

Mile2 - Lab 1: Preparing Forensic Workstation

  • AccessData FTK Imager Installation
  • Autopsy Installation
  • National Software Reference Library (NSRL) for autopsy
  • 7z Installation
  • Install Registry Viewer
  • Install Password Recovery Tool Kit (PRTK – 5.21)

Lab 2: Chain of Custody

  • Chain of Custody Search and Seizure
  • Chain of Custody Forensic Imaging

Lab 3: Imaging Case Evidence / FTK Imager

Lab 4: Create a new case for Autopsy

  • Creating a Case in Autopsy

Lab 5: Reviewing Evidence / Autopsy (Case #1)

  • User MTBG attempting to hack his/her previous employer
  • Reviewing Evidence in Autopsy

Case Study scenario:

  • The evidence you are required to discover (Challenge)

Final Report for MTBG case

Lab 6: Reviewing Evidence / Autopsy (Case #2)

  • Greg Schardt case

Case Study Scenario:

  • The evidence you are required to discover (Challenge)

Overview in Category: