Forensic Computer Examiner GES 305 » 80 hours
Module 1- Introduction to Computer Forensics
- Recommended Machine Configurations
- What makes a good computer forensic examiner?
- Computer Forensics vs. E Discovery
- Dealing with clients or employers
- Work Product
- Client Contracts
- Legal and privacy issues
- Software Licensing
- Ethical Conduct Issues
- Cases that may include digital evidence
- Forensic Examination Procedures
- Determining Scope of Examinations
- Hardware and Imaging Issues
- Floppy Diskette, USB and Optical Media Examination
- Limited Examinations
- Forensically Sterile Examination Media
- Examination Documentation and Reports
- ASCII Table
- General Overview of Boot Process and Operating Systems
- Floppy Diskette Sides, FD Tracks, Hard Disk Drives
- BIOS History
- Networked Computers
- Media Acquisition
- Acquisition Documentation
- Chain of Custody
Module 2 – Imaging
- Recommended Machine Configurations
- Imaging Theory and Process
- Imaging Methods
- Write Blocking
- Imaging Flash Drives
- Wiping, Hashing, Validation, Image Restoration, Cloning, Unallocated Space
- Drive Partitioning
- One (1) Student Lab Practical Exercise
Module 3 – File Signatures, Data Formats & Unallocated Space
- File Identification
- File Headers
- General File Types
- File Viewers
- Examination of Compressed Files
- Data Carving – Using Simple Carver
- One (1) Student Lab Practical Exercise
Module 4 – FAT File System
- Logical structures of DOS, Windows 95, Windows 98
- Master Boot Record
- File Allocation Table
- 16 Bit FAT
- 32 Bit FAT
- Directory Entries
- Clusters
- Unallocated Space
- Sub-Directories
- FORMAT
- Six (6) Student Lab Practical Exercises
Module 5 – NTFS File System
- Introduction and Overview
- Basic Terms
- Basic Boot Record Information
- Time Stamps
- Root Directory
- Recycle Bin
- File Creation
- File Deletion
- Examining NTFS Drives
- Two (2) Student Lab Practical Exercises
Module 6 – Registry & Artifacts
- Creating an Examination Boot Disk
- Data Recovery
- Windows Swap and Page Files
- Forensic Analysis of the Windows Registry
- Internet Cache Files, Cookies and Internet Sites
- Microsoft Outlook
- MSMAIL
- Logical Structures
- Tracking User Specific Computer Use
- Internet Explorer Cache Index
- VISTA
- Basic Mail Issues
- Basic Internet Issues
- Common Situations Encountered during Examinations
- Password Protection and Defeating Passwords
- Compound Documents
- FTK
- Three (3) Student Lab Practical Exercises
Module 7 – Forensic Policy, Case Writing, Legal Process & Forensic Tool Kits
- Use of Policy and Checklists in Forensic Practice
- Data Presentation to Client
- Case Report Writing
- Legal Process
- Expert Admission
- Going to Court
- Use of Forensic Tools and Software
- One (1) Student Lab Practical Exercise – Hard drive examination