CCE BootCamp® Classroom Training

Click here to download brochure	Dates:	May 14-18, 2012
	Schedule:	5 Days, 8:30 am - 5:00 pm (Monday through Friday)
	Location:	Champlain College, Burlington, VT
	Costs:	CCE BootCamp®: $2,995 CCE BootCamp® with option for 3 college credits: $3,481 CCE BootCamp® for Law Enforcement, Government, Military & Educators: $2,795 CCE BootCamp® for Law Enforcement, Government, Military & Educators with option for 3 college credits: $3,281

Overview:

This is the traditional intensive five-day, face-to-face training. Lectures and hands-on activities prepare professionals who are engaged in detecting fraud for the CCE certification requirements. This program is an official certified CCE BootCamp® offered in partnership with the International Society of Forensic Computer Examiners (ISFCE), Champlain College's Center for Professional and Executive Development and the Center for Digital Investigation (C3DI).

Students:

Professionals from a wide variety of industries and organizations - including law firms, insurance companies, accounting firms, law enforcement, and the military - who are engaged in detecting fraud are invited to register.

Attendees Will Learn How To:

• Conduct thorough examinations using sound forensic test procedures
• Interpret and explain examination conclusions
• Establish and apply rigorous evidence handling procedures
• Ensure evidence admissibility in a court of law
• For all learning objectives, see Module Objectives below

Each Attendee Will Receive:

• Official examination
  
  • Being an ISFCE Authorized Training Center, all students will complete the first of the four part CCE Certification testing at the end of their training.
• Computer Tools
  • WinHex Specialist, PasswWare, FTK (demo), Simple carver Lite plus another dozen utilities are provided and are yours to keep.

PC Requirements

• Laptop computer running Windows 2000 or later
• Wireless networking capability
• CD drive with read/write capability
• At least one free USB port

Module Objectives:

MODULE 1

Upon completion of this module and the practical exercises, the student will be able to:

• Describe what makes an examiner a good examiner and the role of the trained computer forensics examiner
• Anticipate what a forensic examiner may expect to encounter during an examination
• Articulate software licensing and how it effects forensic examiners
• Discuss forensic ethical standards as they apply to forensic examiners
• Describe the basic forensic examination procedures
• Prepare and verify forensically sterile examination media
• Discuss the importance and methodology of note taking and reports
• Identify basic PC hardware components
• Describe basic legal privacy issues relating to the examination of magnetic media
• Describe how to properly acquire, collect, and seize magnetic media.
• Articulate how to properly establish and maintain the physical chain of custody and integrity of media and evidence
• Make exact forensic copies of original floppy diskette media
• Use basic functions of WinHex
• Describe the logical structures on disk drives, with particular focus on the FAT file system
• Recover data from unallocated space in a FAT file system
• Explain how files are created and deleted in the FAT file system
• Manually recover deleted files from a floppy disk

MODULE 2

Upon completion of this module and the practical exercises, the student will be able to:

• Recognize and recover fragmented files from a FAT drive
• Articulate the purpose and use of the MAC timestamps
• Describe how long file names are stored and recover a deleted LFN file
• Describe how subdirectories are structured and how they are deleted
• Determine whether a disk drive has been formatted

MODULE 3

Upon completion of this module and the practical exercises, the student will be able to:

• Compare and contrast the layout of an NTFS-formatted hard drive with a FAT-formatted hard drive
• Describe the role and format of the MFT
• Articulate the role of MFT attributes
• Describe the file times maintained by NTFS
• Demonstrate the differences between unnamed and alternate data streams
• Discuss EFS and how encrypted files are handled in NTFS
• Describe the structure of NTFS directories
• Describe the operation and contents of the recycler bin

MODULE 4

Upon completion of this module and the practical exercises, the student will be able to:

• Prepare a Windows 98 forensic boot disk
• Describe how to find and examine Windows system, temporary, and browser files
• Compare and contrast file typing using signatures vs. extensions
• Articulate basic components of a local area network and the Internet
• Explain the underlying concepts of TCP/IP
• Describe how to obtain basic information about an IP address, host name, or Internet domain
• Describe how passwords are used to protect files and methods that an examiner can use to bypass passwords
• Discuss methods with which to hide data and ways in which an examiner can detect and bypass data-hiding techniques
• Describe file meta data as it applies to forensics exams
• Articulate how CD-ROMs are formatted, can be booby-trapped, and can hide data from Windows
• Demonstrate use of FTK, an automated computer forensics tool

MODULE 5

Upon completion of this module and the practical exercises, the student will be able to:

• Describe some common data formats and types
• Explain disk compression algorithms and the special considerations for forensic exams
• Articulate ways in which to prepare the work product for delivery to the client
• Discuss issues related to presentation of evidence and testimony
• Demonstrate the ability to perform a digital forensics examination addressing all of the issues covered in this course

For more information, contact Cathy Brotzman, toll-free (866) 531-9666, or in VT (802) 865-5471 cped@champlain.edu

Home Page Sample Practical Exercise Sample Examination Test