Computer Forensics & Electronic Discovery Training™
Instructor-Led Course 3 days

Overview
It is estimated that over 85% of all crimes committed today leave a trail of digital evidence. The Computer Forensics and Electronic Discovery (CFED) training course is designed to train “Cybercrime Investigators” in electronic discovery and the fundamentals of conducting an effective computer forensic examination. This course is essential to law enforcement and corporate personnel who encounter digital evidence while conducting an investigation. The training environment is interactive and the students work on case files in a hands-on environment. Upon completion of the course, students will have obtained the knowledge to immediately begin using their new skills to conduct a computer forensic examination. The following lessons will be covered during this course of instruction:

This page has been updated. Please follow this link.

Introduction to Computer Crime
An introduction to the field of computer forensics and the basis for gathering electronic digital artifacts. Students are introduced to the concepts, situations and personalities they may encounter while investigating a computer incident. The origins of computer crimes and how they are investigated set the stage for the following lessons.

Disk Storage Concepts
Having a clear understanding of how data is stored is having the upper hand during any investigation. Microsoft operating systems have a systematic way of storing data that is unknown to most end users here you will learn hard drive storage dynamics. Although information may not physically be visible, there are many different approaches to recovering or viewing the data that appears to be lost. DOS, Windows 3.x, 95/98/NT/2000/XP operating systems and file management are covered in this lesson.

Forensic Examination
Techniques and protocols utilized by U.S. computer forensic examiners and laboratories are covered. This is a detailed review of standard and advanced procedures and how you can effectively implement these procedures into your organization. These proven techniques have been the most effective since the inception of computer crimes.

Electronic Discovery and Digital Evidence
Students learn recovery methods of digital artifacts from various file structures. The footprints that are left behind with every keystroke are covered. Exercises detail what to look for, as well as the various techniques for retrieving the information in a forensically sound manner.

Tools of the Trade
Multiple software and hardware solutions are covered during this session. Students learn about the numerous tools available to them in a vendor neutral environment. A clear understanding of what the tools do and how they work is presented in layman’s terms. Gaining a clear understanding of what forensic tools do and how they work is a crucial part of any investigation, especially if it goes to trial.

Seizure Concepts
Proper seizure of digital media is the start of every computer investigation. During this lesson, students learn the correct protocol, as set by the U.S. Department of Justice, to assure proper “Chain of Custody” is followed from the beginning of the investigation. This crucial information can make or break a case. First responders–must properly handle evidence and start the correct chain of custody.

Cyber-terrorism and Internet Investigations
Students are exposed to possible threats to their infrastructure and learn to effectively combat cyber-terrorism. National and corporate infrastructures are a target for terrorism because of the effects they have on the economy. These are hands-on exercises where students learn how to identify digital Internet artifacts left by potential cyber-terrorists. Students also learn pro-active measures to counter the threat of cyber-terrorism and conduct Internet-based inquiries.

Electronic Discovery, Acquisition and Analysis Lab
Students acquire and analyze digital evidence using specialized forensic tools. Proper authentication and analysis skills are taught using advanced forensic utilities and software tools. This is a hands-on lab requiring students to utilize the proper tools and procedures to conduct a forensically sound examination of digital media. Students are required to properly authenticate and analyze digital evidence during this exercise.

Presentation of Digital Evidence
Students are introduced to aspects of presenting digital evidence in a courtroom environment. They are exposed to the specialized tools necessary to effectively create and present the results of a cybercrime investigation to an administrative body or court of law. Both civil and criminal incidents are covered during this lesson.