Advanced Computer Forensic Techniques Training™
Instructor-led Course 3-day Course
Outline Updated October 30 2003

Overview
The Advanced Computer Forensic Techniques? (ACFT) course is designed to train law enforcement and corporate investigators in the advanced elements of computer forensics. ACFT is taught in a hands-on, interactive training environment where students gain a comprehensive understanding of advanced investigative techniques. This course is designed for the computer forensic-savvy investigator who wishes to take their skill set to the next level or a recent graduate of Mile2’s Computer Forensics and Electronic Discovery? (CFED) training course. Students attending this class must have a firm understanding of conducting a computer forensic examination. The following lessons are covered during this course of instruction:

Electronic Discovery and Digital Evidence
An overview of different operating systems and file structures that are encountered during a computer forensic examination. Knowing the basics of the digital media you are working on and recalling the fundamentals to help you properly begin your forensic exam of the media.

Forensic Examination
Covers the advanced procedures necessary to conduct an accurate and carefully documented computer forensic examination. Advanced methods of computer forensic protocols are implemented, including physical evidence recovery.

Hardware Utilities
Students are introduced to numerous innovative hardware tools available to conduct a computer forensic examination. Students will utilize these advanced tools during practical application exercises to investigate digital media.

Specialized Examination Tools
An introduction to a variety of “state of the art” and unique software tools for use in a computer forensic examination. Students utilize advanced software and participate in practical exercises to gain a clear understanding of the tools available to them. This is a hands-on lab where innovation and knowledge play a key role.

Advanced Artifact Recovery
A hands-on lab where students conduct an advanced forensic examination of digital media. The focus of this lesson is to utilize advanced automated tools for the recovery of digital artifacts that are unattainable by conventional methods. There are several practical exercises that challenge even the senior cybercrime investigator. Focus is placed on using the advanced tools and thinking “outside the box” to try to discover incriminating digital evidence on a live case file.

Crypto and Password Recovery
Covers digital encryption file structures and password-protected data that an investigator may encounter while conducting and exam. Students are exposed to methods to decode and crack passwords that are used to protect potential evidence. They also learn techniques to gain access to encrypted files that may reside within the information.

Specialized Digital Media Analysis and Recovery
Covers state of the art software where students are required to examine digital media in an attempt to recover data pertaining to a civil or criminal offense. The students will present their findings to the class during an evidence presentation exercise. Students will compete to see who completed the most thorough investigation. This exercise is very in-depth and competitive.

Electronic Discovery and Recovery Labratory
Students will conduct a proper “seizure and search” for digital evidence. This is a hands-on, practical exercise where student will use their newly attained skills to find evidence that cannot be detected by normal computer forensic investigative methods.

Documenting and Reporting Digital Evidence
Reviews and analyzes the methods used to document and report the results of a computer forensic examination. Students will present their finding and electronic discoveries in an exercise to demonstrate their abilities to create an effective presentation.

Presentation of Digital Evidence
The final exercise where students are faced with the challenge of presenting their findings in a low-tech format where non-technical personnel are able to decipher and understand the results. The students will physically present their findings in “layman’s terms,” which is critical during any investigation. Getting the audience to gain a clear understanding of what occurred on a computer system is sometimes the biggest hurdle in completing an effective investigation.