Certified Digital Forensics Examiner
Certified Digital Forensics ExaminerACCREDITATIONSEXAM INFORMATIONThe Certified Digital Forensics Examiner exam is takenonline through Mile2’s Assessment and Certification System(“MACS”), which is accessible on your mile2.com account.The exam will take 2 hours and consist of 100 multiple-choice questions.COURSE CONTENTModule 1:Module 2:Module 3:Module 4:Module 5:Module 6:Module 7:Module 8:Module 9:IntroductionComputer Forensic IncidentsInvestigation ProcessDisk Storage ConceptsDigital Acquisition &AnalysisForensic ExaminationProtocolsDigital Evidence ProtocolsCFI TheoryDigital EvidencePresentationModule 10:Module 11:Module 12:Module 13:Module 14:Module 15:Module 16:Module 17:Computer ForensicLaboratory ProtocolsComputer ForensicProcessing TechniquesDigital Forensics ReportingSpecialized ArtifactRecoverye-Discovery and ESIMobile Device ForensicsUSB ForensicsIncident HandlingLAB OUTLINEMile2 - Lab 1: Preparing Forensic WorkstationAccessData FTK Imager InstallationAutopsy InstallationNational Software Reference Library (NSRL) for autopsy7z InstallationInstall Registry ViewerInstall Password Recovery Tool Kit (PRTK – 5.21)
Mile2 - Lab 2: Chain of CustodyChain of Custody Search and SeizureChain of Custody Forensic ImagingMile2 - Lab 3: Imaging Case Evidence / FTK ImagerMile2 - Lab 4: Create a new case for AutopsyCreating a Case in AutopsyMile2 - Lab 5: Reviewing Evidence / Autopsy (Case#1)User MTBG attempting to hack his/her previous employerReviewing Evidence in AutopsyCase Study scenario:The evidence you are required to discover (Challenge)Final Report for MTBG caseMile2 - Lab 6: Reviewing Evidence / Autopsy (Case#2)Greg Schardt caseCase Study Scenario:The evidence you are required to discover (Challenge)Final Report for Greg Schardt case2
COURSE OUTLINEModule 1 – Introduction Lesson ObjectivesIntroductions (Instructor)Introductions (Students)DisclaimersNoticeCourse ScheduleStudent Guide (Layout)Introduction to ComputerForensicsCourse ObjectivesModule 2 - ComputerForensic Incidents Lesson ObjectivesThe Legal SystemCriminal IncidentsCivil IncidentsComputer FraudInternal ThreatsInvestigative ChallengesCommon Frame of ReferenceMedia VolumeCDFE Module 3 –Investigation Process Lesson ObjectivesInvestigating Computer CrimesPrior to the InvestigationForensics WorkstationBuilding Your Team ofInvestigatorsWho is involved inComputer Forensics?Decision Makers andAuthorizationRisk AssessmentForensic Investigation Toolkit Investigation MethodologyPreparing for an InvestigationSearch WarrantForensic PhotographyPreliminary InformationFirst ResponderCollecting Physical EvidenceCollecting Electronic Evidence Guideline for Acquiring ElectronicEvidenceSecuring the EvidenceManaging the EvidenceChain of CustodyDuplicate the DataVerify the Integrity of the ImageRecover Last DataData AnalysisData Analysis ToolsAssessing the EvidenceAssessing the CaseLocation AssessmentBest PracticesDocumentationGathering and OrganizingInformationWriting the ReportExpert WitnessClosing the Case Module 4 - OS DiskStorage Concepts Lesson ObjectivesDisk Based OperatingSystemsOS / File Storage Concepts3
Disk Storage ConceptsModule 5- DigitalAcquisition and Analysis Lesson ObjectivesDigital AcquisitionDigital Acquisition ProceduresDigital Forensic Analysis ToolsModule 6 - ForensicExamination Protocols Lesson ObjectivesForensic Examination ProtocolsForensic ExaminationModule 7 - Digital EvidenceProtocols Lesson ObjectivesDigital Evidence ConceptsDigital Evidence CategoriesDigital Evidence: AdmissibilityModule 8 - CFI Theory Lesson ObjectivesComputer Forensic InvestigativeTheoryModule 9 - Digital EvidencePresentation Lesson ObjectivesDigital Evidence PresentationDigital EvidenceDigital Evidence: HearsayDigital Evidence: SummaryModule 10 ComputerForensics Lab Protocols Lesson ObjectivesOverviewQuality AssuranceStandard Operating ProceduresReportsPeer ReviewWho should review?Peer cePeer ReviewAnnual ReviewDeviationLab IntakeTrackingStorageDiscoveryModule 11 CF ProcessingTechniques Lesson ObjectivesComputer Forensic ProcessingTechniquesModule 12 - DigitalForensics Reporting Lesson ObjectivesAnalysis ReportDefinitionComputer SciencesTen Laws of Good ReportWriting4
Cover PageTable of ContentsExamination ReportBackgroundRequestSummary of FindingsForensic ExaminationToolsEvidenceItems of esModule 13 - SpecializedArtifact Recovery Lesson ObjectivesPrep System StageLesson ObjectivesBackgroundOverviewPrep System StageWindows File Date/Time StampsFile SignaturesImage File DatabasesThe Windows OSWindows RegistryAlternate Data StreamsWindows Unique ID NumbersDecode GUID's Historical FilesWindows Recycle BinCopy out INFO2 for AnalysisWeb E-mailModule 14 - eDiscovery andESI Lesson ObjectiveseDiscoveryDiscoverable ESI MaterialeDiscovery NotificationRequired DisclosureeDiscovery ConferencePreserving InformationeDiscovery LiaisoneDiscovery ProductsMetadataWhat is Metadata?Data Retention Architecture“Safe Harbor” Rule 37(f)eDiscovery SpoliationTools for eDiscoveryModule 15 - Cell PhoneForensics Lesson ObjectivesCell PhonesTypes of Cell NetworksWhat can a criminal do with CellPhones?Cell Phone ForensicsForensics Information in CellPhonesSubscriber Identity Module (SIM)Integrated Circuit CardIdentification (ICCID)International Mobile EquipmentIdentifier (IMEI)Electronic Seal Number (ESN)Helpful Hints for theInvestigationThings to Remember whenCollecting EvidenceAcquire Data from SIM Cards5
SIM CardsCell Phone MemoryAnalyze InformationAnalyzeCell Phone Forensic ToolsDevice and SIM Card SeizureCell Phone AnalyzerToolsForensic Card ReaderForensicSIM ToolForensic ChallengesParaben Forensics HardwareParaben Forensics HardwareParaben: Remote ChargerParaben: Device SeizureToolboxParaben: Wireless StrongholdTentParaben: Passport StrongholdBagParaben: Project-a-phoneParaben: Project-a-phoneParaben: SATA AdapterParaben: LockdownParaben: SIM Card ReaderParaben: Sony ClieParaben: CSI StickParaben: USB Serial DB9AdapterParaben: P2 CommanderModule 16 - USB Forensics Lesson ObjectivesUSB ComponentsUSB ForensicsUSB Forensics InvestigationDetermine USB DeviceConnectedTools for USB ImagingModule 17 - IncidentHandling Lesson ObjectivesIncident Handling DefinedWhat is a security event?Common Security Events ofInterestWhat is a security incident?What is an incident responseplan?When does the plan get initiated?Common Goals of IncidentResponse ManagementIncident Handling StepsGoalBe PreparedThe Incident Response PlanIncident HandlingIncident Response PlanRoles of the Incident ResponseTeamIncident Response Team MakeupChallenges of building an IRTIncident Response Training andAwarenessJump KitPrepare Your Sites and SystemsGoalIdentification of an IncidentBasic Incident Response StepsProper Evidence HandlingGoalContainmentOnsite ResponseSecure the AreaConduct ResearchMake RecommendationsEstablish Intervals6
Capture Digital EvidenceChange PasswordsGoalDetermine CauseDefend Against Follow-onAttacksMore DefensesAnalyze Threat and VulnerabilityRestore System(s) to OperationGoalReport FindingsRestore SystemVerifyDecideMonitor SystemsGoalFollow-up Report7
Paraben: CSI Stick Paraben: USB Serial DB9 Adapter Paraben: P2 Commander Module 16 - USB Forensics Lesson Objectives USB Components USB Forensics USB Forensics Investigation Determine USB Device Connected Tools for USB Imaging Module 17 - Incident .
-- Computer forensics Computer forensics -- Network forensics Network forensics - Live forensics -- Software forensics Software forensics -- Mobile device forensics Mobile device forensics -- "Browser" forensics "Browser" forensics -- "Triage" forensics "Triage" forensics ¾Seizing computer evidence
digital forensics investigation is recommended. DIGITAL FORENSICS OFTEN STANDS ALONE We feel that it is important to mention that while digital forensics may be employed during an e-discovery effort, digital forensics often exists independently from e-discov-ery. Digital forensics can be used anytime there is a need to recover data or establish the
Mile2's Certified Digital Forensics Examiner training teaches the methodology for conducting a computer forensic -Recovery. Lab 1. . practices and policies. Students will also be prepared to competently take the C)DFE exam. . . Forensics Lab Standard Operating Procedures o Quality Assurance o Quality Control o Peer Review
Any device that can store data is potentially the subject of computer forensics. Obviously, that includes devices such as network servers, personal computers, and laptops. It must be noted that computer forensics has expanded. The topic now includes cell phone forensics, router forensics, global positioning system (GPS) device forensics, tablet .
The methods that digital forensics uses to handle digital evidence are very much grounded in the field's roots in the scientific method of forensic science. Every forensic science certification requires a code of conduct of an unbiased and ethical approach to examinations. Cybersecurity Digital Forensics BRIEF HISTORY OF DIGITAL FORENSICS
forensics taxonomy for the purpose of encapsulating within the domain of anti-forensics. Hyunji et.al [9] proposed a model for forensics investigation of cloud storage service due to malicious activities in cloud service and also analysed artiacts for windows, Macintosh Computer (MAC), (iphone operating system) IOS and
Disaster recovery - Uses Digital Forensics techniques to retrieve information their clients have lost Investigators often work as a team to make computers and networks secure in an organization Digital Forensics Versus Other Related Disciplines Guide to Computer Forensics and Investigations
- D6-51377 Chapter 4.1, Issue F and Test Method BSS 7230 Rauchdichte Test nach / Smoke Density Test in accordance with: - 14 CFR / JAR / CS Part 25 §25.853 (d) and Appendix F Part V(b), Amdt. 116 - ABD0031 Chapter 7.3.1, Issue F and Test Method AITM 2.0007A - D6-51377 Chapter 4.1, Issue F and Test Method BSS 7238 Toxizitäts Test nach / Toxicity Test in accordance with: - ABD0031 Chapter 7.4 .
