After successful completion of the Forensic Computer Examiner online program, students will:
• Understand what makes an examiner a good examiner.
• Be able to explain to clients why trained forensic examiners should be used.
• Understand what a forensic examiner may expect to encounter during an examination.
• Understand software licensing and how it affects forensic examiners.
• Understand forensic ethical standards as they apply to forensic examiners.
• Understand basic forensic examination procedures.
• Be able to prepare and verify forensically sterile examination media.
• Understand the importance and methodology of note taking and reports.
• Understand basic PC hardware identification.
• Have a basic understanding of the legal privacy issues relating to the examination of magnetic media.
• Understand when a legal opinion may be necessary to prevent privacy issues from interfering with the examination or causing a valid lawsuit.
• Have a basic understanding of how to properly acquire, collect, or seize magnetic media.
• Understand how to properly establish and maintain the physical "chain of custody" of media and evidence.
• Make exact forensic copies of original floppy-diskette media.
• Understand the logical structures of DOS and Windows 95/98
• Understand where the creation and modification dates and times are stored in a directory entry.
• Understand the significance of the creation and modification dates and times.
• Understand how to recover data from unallocated space.
• Understand and explain how files are created.
• Understand and explain what happens when a file is deleted.
• Understand, explain and manually recover DOS legal single and multiple cluster deleted files.
• Understand, explain and manually recover DOS legal multiple cluster fragmented deleted files.
• Understand how to determine the Last Accessed Date and the Modification Date and Time, their significance and when they are modified.
• Understand how Windows long file names are stored, what happens when they are deleted and how to restore long file names.
• Understand how sub-directories are stored, what happens when they are deleted and how to recover deleted sub-directories.
• Understand what happens when a diskette or hard-disk drive is formatted and how to recover files, sub-directories, and data from formatted disks.
• Understand the NTFS partition table, boot record, and root directory.
• Understand Bitmaps.
• Understand the MFT.
• Understand NTFS Headers and Attributes.
• Understand Resident and Non-resident files.
• Understand Run lists, etc.
• Understand Alternate data streams.
• Understand NTFS File storage.
• Understand the various dates and times stored in attributes.
• Understand File deletion and recovery.
• Understand Directory storage.
• Understand Tracing files/directories.
• Understand the NTFS registry "hive."
• Understand Examining NTFS drives.
• Understand the basic imaging methods and how to make "exact copies" of media.
• Understand the significance of, location of and how to recover data from swap files, temporary files, Internet cache files, Internet cookies, mail files and Internet sites visited.
• Understand basic Internet issues such as, doing a basic "whois."
• Understand how to preserve the original media.
• Understand how to prevent inadvertent writes.
• Understand how to prevent virus introduction and how to prevent activation of "booby traps."
• Understand how to safely handle media.
• Understand how to find and document normal data and graphical files.
• Understand how people commonly try to hide data.
• Understand how to find and document data in unallocated space.
• Understand how to find hidden data.
• Understand password protection schemes and how to lock and unlock many passwords.
• Understand how to access MS Word metadata.
• Understand the basic use of automated forensic suites (FTK).
• Understand basic data formats and types.
• Understand how to conduct basic data-format conversions.
• Understand the basic issues in examining CDR media.
• Understand how to present recovered and evidence data to the client in a useful format.
• Understand how to manage data.
• Understand how to present data in court or other proceedings in a clear and understandable manner.
• Have conducted an examination of a hard disk drive that covers the full range of forensic issues found in this training course.
• Be fully prepared to sit for the CCE Certification testing through the International Society of Forensic Computer Examiners.
Forensic Computer Examiner
GES 305 -- 150 hours
Course Objectives
After successful completion of the Forensic Computer Examiner online program, students will:
• Understand what makes an examiner a good examiner.
• Be able to explain to clients why trained forensic examiners should be used.
• Understand what a forensic examiner may expect to encounter during an examination.
• Understand software licensing and how it affects forensic examiners.
• Understand forensic ethical standards as they apply to forensic examiners.
• Understand basic forensic examination procedures.
• Be able to prepare and verify forensically sterile examination media.
• Understand the importance and methodology of note taking and reports.
• Understand basic PC hardware identification.
• Have a basic understanding of the legal privacy issues relating to the examination of magnetic media.
• Understand when a legal opinion may be necessary to prevent privacy issues from interfering with the examination or causing a valid lawsuit.
• Have a basic understanding of how to properly acquire, collect, or seize magnetic media.
• Understand how to properly establish and maintain the physical "chain of custody" of media and evidence.
• Make exact forensic copies of original floppy-diskette media.
• Understand the logical structures of DOS and Windows 95/98
• Understand where the creation and modification dates and times are stored in a directory entry.
• Understand the significance of the creation and modification dates and times.
• Understand how to recover data from unallocated space.
• Understand and explain how files are created.
• Understand and explain what happens when a file is deleted.
• Understand, explain and manually recover DOS legal single and multiple cluster deleted files.
• Understand, explain and manually recover DOS legal multiple cluster fragmented deleted files.
• Understand how to determine the Last Accessed Date and the Modification Date and Time, their significance and when they are modified.
• Understand how Windows long file names are stored, what happens when they are deleted and how to restore long file names.
• Understand how sub-directories are stored, what happens when they are deleted and how to recover deleted sub-directories.
• Understand what happens when a diskette or hard-disk drive is formatted and how to recover files, sub-directories, and data from formatted disks.
• Understand the NTFS partition table, boot record, and root directory.
• Understand Bitmaps.
• Understand the MFT.
• Understand NTFS Headers and Attributes.
• Understand Resident and Non-resident files.
• Understand Run lists, etc.
• Understand Alternate data streams.
• Understand NTFS File storage.
• Understand the various dates and times stored in attributes.
• Understand File deletion and recovery.
• Understand Directory storage.
• Understand Tracing files/directories.
• Understand the NTFS registry "hive."
• Understand Examining NTFS drives.
• Understand the basic imaging methods and how to make "exact copies" of media.
• Understand the significance of, location of and how to recover data from swap files, temporary files, Internet cache files, Internet cookies, mail files and Internet sites visited.
• Understand basic Internet issues such as, doing a basic "whois."
• Understand how to preserve the original media.
• Understand how to prevent inadvertent writes.
• Understand how to prevent virus introduction and how to prevent activation of "booby traps."
• Understand how to safely handle media.
• Understand how to find and document normal data and graphical files.
• Understand how people commonly try to hide data.
• Understand how to find and document data in unallocated space.
• Understand how to find hidden data.
• Understand password protection schemes and how to lock and unlock many passwords.
• Understand how to access MS Word metadata.
• Understand the basic use of automated forensic suites (FTK).
• Understand basic data formats and types.
• Understand how to conduct basic data-format conversions.
• Understand the basic issues in examining CDR media.
• Understand how to present recovered and evidence data to the client in a useful format.
• Understand how to manage data.
• Understand how to present data in court or other proceedings in a clear and understandable manner.
• Have conducted an examination of a hard disk drive that covers the full range of forensic issues found in this training course.
• Be fully prepared to sit for the CCE Certification testing through the International Society of Forensic Computer Examiners.
