Computer Forensics Boot Camp Training

Level: Intermediate

Learn how to investigate cybercrime! This boot camp goes in-depth into the tools, techniques and processes used by forensics examiners to find and extract evidence from computers.

Infosec’s Computer Forensics Boot Camp teaches you how to identify, preserve, extract, analyze, and report forensic evidence on computers. You will learn about the challenges of computer forensics, walk through the process of analysis and examination of operating systems, and gain a deep understanding of differences in evidence locations and examination techniques on Windows and Linux computers.

More than 30 hands-on labs simulating a real cybercrime investigation provide you with practical experience using commercial and open- source forensic tools. The boot camp also prepares you to become a Certified Computer Forensics Examiner (CCFE).

Key Features of this Computer Forensics Boot Camp Training:

  • Official InfoSec course curriculum
  • 30+ hands-on labs included
  • After-course instructor coaching included
  • Exam voucher included

You Will Learn How To:

  • Understand provisions of IT law
  • Understand complex technical forensics concepts
  • How to apply forensics concepts to forensic investigations
  • Handle evidence (procedures and rules)
  • Use a range of computer forensics tools
  • Acquire forensic evidence
  • Locate forensic artifacts in various operating systems
  • Analyze extracted evidence » Properly reporting findings
  • Track an offender on the internet
  • Work with law enforcement
  • Design an incident response strategy

Choose the Training Solution That Best Fits Your Individual Needs or Organizational Goals

LIVE, INSTRUCTOR-LED

In Class & Live, Online Training

  • 5-day instructor led training course
  • Computer forensics pre-study course
  • Infosec proprietary digital courseware
  • CCFE exam voucher
  • Tuition fee can be paid later by invoice -OR- at the time of checkout by credit card
View Course Details & Schedule

Standard $4451

RESERVE SEAT

PRODUCT #2075

TRAINING AT YOUR SITE

Team Training

  • Bring this or any training to your organization
  • Full - scale program development
  • Delivered when, where, and how you want it
  • Blended learning models
  • Tailored content
  • Expert team coaching

Customize Your Team Training Experience

CONTACT US

Save More On Training with FlexVouchers – A Unique Training Savings Account

Our FlexVouchers help you lock in your training budgets without having to commit to a traditional 1 voucher = 1 course classroom-only attendance. FlexVouchers expand your purchasing power to modern blended solutions and services that are completely customizable. For details, please call 888-843-8733 or chat live.

In Class & Live, Online Training

Time Zone Legend:
Eastern Time Zone Central Time Zone
Mountain Time Zone Pacific Time Zone

Note: This course runs for 5 Days *

*Events with the Partial Day Event clock icon run longer than normal but provide the convenience of half-day sessions.

  • Oct 12 - 16 9:00 AM - 5:00 PM EDT Online (AnyWare) Online (AnyWare) Reserve Your Seat

  • Oct 26 - 30 9:00 AM - 5:00 PM EDT Online (AnyWare) Online (AnyWare) Reserve Your Seat

  • Nov 16 - 20 9:00 AM - 5:00 PM EST Online (AnyWare) Online (AnyWare) Reserve Your Seat

Guaranteed to Run

When you see the "Guaranteed to Run" icon next to a course event, you can rest assured that your course event — date, time — will run. Guaranteed.

Partial Day Event

Learning Tree offers a flexible schedule program. If you cannot attend full day sessions, this option consists of four-hour sessions per day instead of the full-day session.

Important Computer Forensics Training Information

  • Prerequisites

    Students must have no criminal record. Basic computer skills, including the ability or desire to work outside the Windows GUI interface, are necessary. A+ certification and/or similar training and experience is not required, but recommended.

    This is a very in-depth training course and is not intended for individuals who have limited or no computer skills.

  • Who Should Attend this Course

    • Law enforcement professionals looking to expand into computer crime investigations
    • Legal professionals
    • IT and information security professionals being tasked with corporate forensics and incident handling
    • Anyone with a desire to learn about computer forensics and develop their skills

Computer Forensics Training Outline

  • Day 1

    Course introduction
    • Computer forensics and investigation as a profession
    • Define computer forensics
    • Describe how to prepare for computer investigations and explain the difference between law enforcement agency and corporate investigations
    • Explain the importance of maintaining professional conduct
    • Digital evidence — legal issues
    • Identifying digital evidence
    • Evidence admissibility
      • Federal rules of evidence
      • Daubert standard
    • Discovery
    • Warrants
      • What is seizure?
      • Consent issues
    • Expert witness
    • Roles and responsibilities
    • Ethics
    • (ISC)²
      • AAFS
      • ISO
    Investigations
    • Investigative process
    • Chain of custody
    • Incident response
    • E-discovery
    • Criminal vs. civil vs. administrative investigations
    • Intellectual property
      • Markman hearing
    • Reporting
    • Quality control
      • Lab and tool
      • Investigator
      • Examination
      • Standards
    • Evidence management
      • SOPS
      • Collection
      • Documentation
      • Preservation
      • Transport/tracking
      • Storage/access control
      • Disposition
    • Current computer forensics tools and hardware
      • Commercial
      • Free/open source
  • Day 2

    Forensic science fundamentals
    • Principles and methods
      • Locard’s Principle
      • Inman-Rudin Paradigm
      • Scientific method
      • Peer review
    • Forensic analysis process
    Hardware
    • Storage media
      • Hard disk geometry
      • Solid state drives
      • RAIDS
    • Operating system
      • Boot process
      • BIOS/CMOS
      • The Swap File
    File systems
    • File systems
      • NTFS file system
      • FAT file system
      • HFS+
      • Ext2/3/4
      • Embedded
    • Erased vs. deleted
    • Live forensics
  • Day 3

    File and operating system forensics
    • Keyword searching
    • Metadata
    • Timeline analysis
    • Hash analysis
    • File signatures
      • File filtering (KFF)
    • Volume Shadow Copies
    • Time zone issues
    • Link files
    • Print spool
    • Deleted files
      • Recycle bin forensics
    • File slack
    • Damaged media
      • Physical damage
      • Logical damage
      • File carving
    • Registry forensics
      • USB devices
      • HKLM
    • Multimedia files
      • EXIF data
    • Compound files
      • Compression
      • Ole
      • AD
      • Passwords
    Web and application forensics
    • Common web attack vectors
      • SQL injection
      • Cross-site scripting
      • Cookies
    • Browser artifacts
    • Email investigations
      • Email headers
      • Email files
    • Messaging forensics
    • Database forensics
    • Software forensics
      • Traces and application debris
    • Software analysis (hashes, code comparison techniques, etc.)
    • Malware analysis
    • Malware types and behaviors
    • Static vs. dynamic analysis
  • Day 4

    Network forensics
    • TCP/IP
      • IP addressing
      • Proxies
      • Ports and services
    • Types of attacks
    • Wired vs. wireless
    • Network devices forensics
      • Routers
      • Firewalls
      • Examining logs
    Packet analysis
    • OS utilities
      • Netstat
      • Net sessions
      • Openfles
    • Network monitoring tools
      • SNORT
      • Wireshark
      • NetworkMiner
    Anti-forensics
    • Hiding
    • Encryption
      • Symmetric
      • Asymmetric
      • TrueCrypt hidden partitions
    • Steganography
    • Packing
    • Hidden devices (NAS)
    • Tunneling/Onion routing
    • Destruction
      • Wiping/overwriting
      • Corruption/degaussing
    • Spoofing
      • Address spoofing
      • Data spoofing
      • Timestomping
    • Log tampering
    • Live operating systems
  • Day 5

    New & emerging technology
    • Legal issues (privacy, obtaining warrants)
    • Social networks forensics
    • Types of social networks
    • Types of evidence
    • Collecting data
    • Virtualization
    • Virtualization forensics
    • Use of virtualization in forensics
    • Cloud forensics
    • Types of cloud services
    • Challenges of cloud forensics
    • Big data
    • Control systems and IOT
    Mobile forensics introduction
    • Types of devices
    • GPS
    • Cell phones
    • Tablets
    • Vendor and carrier identification
    • Obtaining information from cellular provider
    • GSM vs. CDMA
    • Common tools and methodology

Team Training

Computer Forensics FAQs

  • Can I learn computer forensics online?

    Yes! We know your busy work schedule may prevent you from getting to one of our classrooms which is why we offer convenient online training to meet your needs wherever you want. This course is available in class and live online.

Online (AnyWare)
Online (AnyWare)
Online (AnyWare)
Preferred method of contact:
Chat Now

Please Choose a Language

Canada - English

Canada - Français