Detailed CCE Course Information
Course Requirements
Students must have strong computer skills, including the ability or desire to work outside the Windows GUI interface. The ability or desire to work with computer hardware, including the removal of hard-disk drives and changing jumpers, is required. Certified Computer Examiner (CCE)® candidates must agree to abide by the ISFCE Code of Ethics and may be subject to a criminal background check. To take a pre-assessment test, click here.
Materials
Training materials are provided in advance of the boot camp for self-study. Sample reports, additional practical exercises, and other useful information will be provided. You will also be subscribed to our Student Listserv that provides both administrative and technical information.
All Emory Computer Forensics CCE Course students receive fully licensed copies of the following software:
All participants will continue to have access to these applications after the bootcamp.
We will provide all of the forensic software necessary for the course and Certified Computer Examiner (CCE)® testing.
Practical Exercises
The course contains a number of practical exercise problems in the form of specially prepared diskettes or a hard disk drive that must be examined. The practical exercises reinforce the material and teach "hands-on" skills.
Report-Writing
Clear, concise and accurate reports are an important factor in presenting the results of a forensic examination. Examinations completed in class will require detailed reports. We critically review your reports as if we were the opposing council in a court case and will help you develop excellent report-writing skills. You will then be able to use your final reports as "templates" for real examinations.
Final Exam
On the final day of the Computer Forensics CCE Course, the online portion of the CCE certification examination will be administered. Following this, all students will be required to contact the ISFCE for further instructions on moving forward in the certification process.
Course Curriculum
Module 1 – Introduction to Computer Forensics
- Recommended Machine Configurations
- What makes a good computer forensic examiner?
- Computer Forensics vs. E Discovery
- Dealing with clients or employers
- Work Product
- Client Contracts
- Legal and privacy issues
- Software Licensing
- Ethical Conduct Issues
- Cases that may include digital evidence
- Forensic Examination Procedures
- Determining Scope of Examinations
- Hardware and Imaging Issues
- Floppy Diskette, USB and Optical Media Examination
- Limited Examinations
- Forensically Sterile Examination Media
- Examination Documentation and Reports
- ASCII Table
- General Overview of Boot Process and Operating Systems
- Floppy Diskette Sides, FD Tracks, Hard Disk Drives
- BIOS History
- Networked Computers
- Media Acquisition
- Acquisition Documentation
- Chain of Custody
Module 2 – Imaging
- Imaging Theory and Process
- Imaging Methods
- Write Blocking
- Imaging Flash Drives
- Wiping, Hashing, Validation, Image Restoration, Cloning, Unallocated Space
- Drive Partitioning
- One (1) Student Lab Practical Exercise
Module 3 – File Signatures, Data Formats & Unallocated Space
- File Identification
- File Headers
- General File Types
- File Viewers
- Examination of Compressed Files
- Data Carving – Using Simple Carver
- One (1) Student Lab Practical Exercise
Module 4 – FAT File System
- Logical structures of DOS, Windows 95, Windows 98
- Master Boot Record
- File Allocation Table
- Directory Entries
- Clusters
- Unallocated Space
- Sub-Directories
- FORMAT
- Six (6) Student Lab Practical Exercises
Module 5 – NTFS
- Introduction and Overview
- Basic Terms
- Basic Boot Record Information
- Time Stamps
- Root Directory
- Recycle Bin
- File Creation
- File Deletion
- Examining NTFS Drives
- Two (2) Student Lab Practical Exercises
Module 6 – Registry & Artifacts
- Creating an Examination Boot Disk
- Data Recovery
- Windows Swap and Page Files
- Forensic Analysis of the Windows Registry
- Internet Cache Files, Cookies and Internet Sites
- Microsoft Outlook
- MSMAIL
- Logical Structures
- Tracking User Specific Computer Use
- Internet Explorer Cache Index
- VISTA
- Basic Mail Issues
- Basic Internet Issues
- Common Situations Encountered during Examinations
- Password Protection and Defeating Passwords
- Compound Documents
- Examining CDR Media
- FTK
- Three (3) Student Lab Practical Exercises
Module 7 – Forensic Policy, Case Writing, Legal Process & Forensic Tool Kits
- Use of Policy and Checklists in Forensic Practice
- Data Presentation to Client
- Case Report Writing
- Legal Process
- Expert Admission
- Going to Court
- Use of Forensic Tools and Software
- One (1) Student Lab Practical Exercise – Hard drive examination
Register for Emory's Computer Forensics - CCE Boot Camp! |
