After successful completion of the Forensic Computer Examiner online program, students will:

  • Understand what makes an examiner a good examiner.
  • Be able to explain to clients why trained forensic examiners should be used.
  • Understand what a forensic examiner may expect to encounter during an examination.
  • Understand software licensing and how it affects forensic examiners.
  • Understand forensic ethical standards as they apply to forensic examiners.
  • Understand basic forensic examination procedures.
  • Be able to prepare and verify forensically sterile examination media.
  • Understand the importance and methodology of note taking and reports.
  • Understand basic PC hardware identification.
  • Have a basic understanding of the legal privacy issues relating to the examination of magnetic media.
  • Understand when a legal opinion may be necessary to prevent privacy issues from interfering with the examination or causing a valid lawsuit.
  • Have a basic understanding of how to properly acquire, collect, or seize magnetic media.
  • Understand how to properly establish and maintain the physical "chain of custody" of media and evidence.
  • Make exact forensic copies of original floppy-diskette media.
  • Use our FSUITE forensic utilities.
  • Understand the logical structures of DOS and Windows 95/98
  • Understand where the creation and modification dates and times are stored in a directory entry.
  • Understand the significance of the creation and modification dates and times.
  • Understand how to recover data from unallocated space.
  • Understand and explain how files are created.
  • Understand and explain what happens when a file is deleted.
  • Understand, explain and manually recover DOS legal single and multiple cluster deleted files.
  • Understand, explain and manually recover DOS legal multiple cluster fragmented deleted files.
  • Understand how to determine the Last Accessed Date and the Modification Date and Time, their significance and when they are modified.
  • Understand how Windows long file names are stored, what happens when they are deleted and how to restore long file names.
  • Understand how sub-directories are stored, what happens when they are deleted and how to recover deleted sub-directories.
  • Understand what happens when a diskette or hard-disk drive is formatted and how to recover files, sub-directories, and data from formatted disks.
  • Understand the NTFS partition table, boot record, and root directory.
  • Understand Bitmaps.
  • Understand the MFT.
  • Understand NTFS Headers and Attributes.
  • Understand Resident and Non-resident files.
  • Understand Run lists, etc.
  • Understand Alternate data streams.
  • Understand NTFS File storage.
  • Understand the various dates and times stored in attributes.
  • Understand File deletion and recovery.
  • Understand Directory storage.
  • Understand Tracing files/directories.
  • Understand the NTFS registry "hive."
  • Understand Examining NTFS drives.
  • Understand how to make a Windows 98 forensic boot disk.
  • Understand the basic imaging methods and how to make "exact copies" of media.
  • Understand the significance of, location of and how to recover data from swap files, temporary files, Internet cache files, Internet cookies, mail files and Internet sites visited.
  • Understand basic Internet issues such as, doing a basic "whois."
  • Understand how to preserve the original media.
  • Understand how to prevent inadvertent writes.
  • Understand how to prevent virus introduction and how to prevent activation of "booby traps."
  • Understand how to safely handle media.
  • Understand how to find and document normal data and graphical files.
  • Understand how people commonly try to hide data.
  • Understand how to find and document data in unallocated space.
  • Understand how to find hidden data.
  • Understand password protection schemes and how to lock and unlock many passwords.
  • Understand how to access MS Word metadata.
  • Understand the basic use of automated forensic suites (FTK).
  • Understand basic data formats and types.
  • Understand how to conduct basic data-format conversions.
  • Understand the basic issues in examining CDR media.
  • Understand how to present recovered and evidence data to the client in a useful format.
  • Understand how to manage data.
  • Understand how to present data in court or other proceedings in a clear and understandable manner.
  • Have conducted an examination of a hard disk drive that covers the full range of forensic issues found in this training course.


    • Course Overview/Description Course Objectives Course Outline Prerequisites/Audience PC Requirements/Materials Included Instructor Bio FAQs See a Demo
  •  
  • 3ds max
  • Administrative Professional with Microsoft Certified Application Specialist Training
  • Administrative Professional with Microsoft Office Specialist
  • ASP.NET Training
  • AutoCAD 2007
  • AutoCAD 2009
  • Cisco® CCENT™ Authorized Certification Training
  • Cisco® CCNA® Authorized Certification Training
  • CompTIA™ A+ Certification Training
  • CompTIA™ Linux+/LPI Level One Certification Training
  • CompTIA™ Network+/Server+ Certification Training
  • CompTIA™ Security+ Certification Training
  • eBusiness Certificate
  • English as a Second Language - Global English
  • Help Desk Analyst: Tier 1 Support Specialist
  • Microsoft Access 2007
  • Microsoft Certified Application Specialist Training (MCAS)
  • Microsoft Certified Database Administrator (MCDBA)
  • Microsoft Certified Desktop Support Technician (MCDST)
  • Microsoft Certified System Administrator 2003 (MCSA)
  • Microsoft Certified System Administrator Plus 2003 (MCSA+)
  • Microsoft Certified System Engineer 2003 (MCSE)
  • Microsoft Certified Technology Specialist: SQL Server 2005 (MCTS)
  • Microsoft Excel 2007
  • Microsoft Office Specialist 2003 (MOS)
  • Microsoft Outlook 2007
  • Microsoft PowerPoint 2007
  • Microsoft Vista Business
  • Microsoft Word 2007
  • Pay Per Click Marketing
  • RFID (Radio Frequency Identification) on the Web™
  • Search Engine Marketing
  • Search Engine Optimization
  • Web Database Developer
  • Webmaster

Forensic Computer Examiner

GES 305 -- 150 hours

Course Objectives

    After successful completion of the Forensic Computer Examiner online program, students will:

    • Understand what makes an examiner a good examiner.
    • Be able to explain to clients why trained forensic examiners should be used.
    • Understand what a forensic examiner may expect to encounter during an examination.
    • Understand software licensing and how it affects forensic examiners.
    • Understand forensic ethical standards as they apply to forensic examiners.
    • Understand basic forensic examination procedures.
    • Be able to prepare and verify forensically sterile examination media.
    • Understand the importance and methodology of note taking and reports.
    • Understand basic PC hardware identification.
    • Have a basic understanding of the legal privacy issues relating to the examination of magnetic media.
    • Understand when a legal opinion may be necessary to prevent privacy issues from interfering with the examination or causing a valid lawsuit.
    • Have a basic understanding of how to properly acquire, collect, or seize magnetic media.
    • Understand how to properly establish and maintain the physical "chain of custody" of media and evidence.
    • Make exact forensic copies of original floppy-diskette media.
    • Use our FSUITE forensic utilities.
    • Understand the logical structures of DOS and Windows 95/98
    • Understand where the creation and modification dates and times are stored in a directory entry.
    • Understand the significance of the creation and modification dates and times.
    • Understand how to recover data from unallocated space.
    • Understand and explain how files are created.
    • Understand and explain what happens when a file is deleted.
    • Understand, explain and manually recover DOS legal single and multiple cluster deleted files.
    • Understand, explain and manually recover DOS legal multiple cluster fragmented deleted files.
    • Understand how to determine the Last Accessed Date and the Modification Date and Time, their significance and when they are modified.
    • Understand how Windows long file names are stored, what happens when they are deleted and how to restore long file names.
    • Understand how sub-directories are stored, what happens when they are deleted and how to recover deleted sub-directories.
    • Understand what happens when a diskette or hard-disk drive is formatted and how to recover files, sub-directories, and data from formatted disks.
    • Understand the NTFS partition table, boot record, and root directory.
    • Understand Bitmaps.
    • Understand the MFT.
    • Understand NTFS Headers and Attributes.
    • Understand Resident and Non-resident files.
    • Understand Run lists, etc.
    • Understand Alternate data streams.
    • Understand NTFS File storage.
    • Understand the various dates and times stored in attributes.
    • Understand File deletion and recovery.
    • Understand Directory storage.
    • Understand Tracing files/directories.
    • Understand the NTFS registry "hive."
    • Understand Examining NTFS drives.
    • Understand how to make a Windows 98 forensic boot disk.
    • Understand the basic imaging methods and how to make "exact copies" of media.
    • Understand the significance of, location of and how to recover data from swap files, temporary files, Internet cache files, Internet cookies, mail files and Internet sites visited.
    • Understand basic Internet issues such as, doing a basic "whois."
    • Understand how to preserve the original media.
    • Understand how to prevent inadvertent writes.
    • Understand how to prevent virus introduction and how to prevent activation of "booby traps."
    • Understand how to safely handle media.
    • Understand how to find and document normal data and graphical files.
    • Understand how people commonly try to hide data.
    • Understand how to find and document data in unallocated space.
    • Understand how to find hidden data.
    • Understand password protection schemes and how to lock and unlock many passwords.
    • Understand how to access MS Word metadata.
    • Understand the basic use of automated forensic suites (FTK).
    • Understand basic data formats and types.
    • Understand how to conduct basic data-format conversions.
    • Understand the basic issues in examining CDR media.
    • Understand how to present recovered and evidence data to the client in a useful format.
    • Understand how to manage data.
    • Understand how to present data in court or other proceedings in a clear and understandable manner.
    • Have conducted an examination of a hard disk drive that covers the full range of forensic issues found in this training course.


    Find a School