The CCE Bootcamp is a solid, foundational training class in digital forensics that prepares and qualifies students for the Certified Computer Examiner (CCE) examination process. The course now includes a mobile forensics module. Hands on instruction supplements detailed lecture and real world practical exercises. The practical exercises reinforce examination concepts and offer practice of practical skills in a controlled environment. Fictional, yet realistic case scenarios are used throughout the class, building upon each concept taught and concluding with a comprehensive hard disk drive examination.
Report writing skills are taught and reinforced through instructor review and critique. Course completion requires the submission of a minimum of three examination reports during class time or within the 6 weeks additional instructor support provided to every student at the conclusion of each training class. This additional instruction time ensures that every student has the opportunity to develop strong report writing skills. CCE Bootcamp instructors are highly qualified, experienced Certified Computer Examiners (CCE)®. Their hands on, dynamic approach makes the CCE Bootcamp training experience second to none. All instructors have impressive professional experience as digital forensics examiners, both civil and criminal.
The 5 day CCE Bootcamp consists of the following modules:
Module 1 – Introduction to Computer Forensics
- Recommended Machine Configurations
- What makes a good computer forensic examiner?
- Computer Forensics vs. E Discovery
- Dealing with clients or employers
- Work Product
- Client Contracts
- Legal and privacy issues
- Software Licensing
- Ethical Conduct Issues
- Cases that may include digital evidence
- Forensic Examination Procedures
- Determining Scope of Examinations
- Hardware and Imaging Issues
- USB and Optical Media Examination
- Limited Examinations
- Forensically Sterile Examination Media
- Examination Documentation and Reports
- ASCII Table
- General Overview of Boot Process and Operating Systems
- BIOS History
- Networked Computers
- Media Acquisition
- Acquisition Documentation
- Chain of Custody
Module 2 – Imaging
- Imaging Theory and Process
- Imaging Methods
- Write Blocking
- Imaging Flash Drives
- Wiping, Hashing, Validation, Image Restoration, Cloning, Unallocated Space
- Drive Partitioning
- One (1) Student Lab Practical Exercise
Module 3 – File Signatures, Data Formats & Unallocated Space
- File Identification
- File Headers
- General File Types
- File Viewers
- Examination of Compressed Files
- Data Carving
- One (1) Student Lab Practical Exercise
Module 4 – FAT File System
- Logical structures of DOS and the Windows Operating System
- Master Boot Record
- File Allocation Table
- Directory Entries
- Clusters
- Unallocated Space
- Sub-Directories
- FORMAT
- Six (6) Student Lab Practical Exercises
Why do we still teach the DOS FAT
file system?
A sound understanding of the FAT file system is essential, as it is still a very common file system widely used in portable devices such as USB thumb drives, digital camera flash cards and mobile phones. These types of portable media can often hold valuable forensic evidence. For this reason, understanding the FAT file system is an important part of becoming a qualified digital forensic examiner.
Module 5 – NTFS
- Introduction and Overview
- Basic Terms
- Basic Boot Record Information
- Time Stamps
- Root Directory
- Recycle Bin
- File Creation
- File Deletion
- Examining NTFS Drives
- Two (2) Student Lab Practical Exercises
Module 6 – Registry & Artifacts
- Creating an Examination Boot Disk
- Data Recovery
- Windows Swap and Page Files
- Forensic Analysis of the Windows Registry
- Internet Cache Files, Cookies and Internet Sites
- Microsoft Outlook
- MSMAIL
- Logical Structures
- Tracking User Specific Computer Use
- Internet Explorer Cache Index
- Basic Mail Issues
- Basic Internet Issues
- Common Situations Encountered during Examinations
- Password Protection and Defeating Passwords
- Compound Documents
- Examining CDR Media
- Three (3) Student Lab Practical Exercises
Module 7 – Forensic Policy, Case Writing, Legal Process & Forensic Tool Kits
- Use of Policy and Checklists in Forensic Practice
- Data Presentation to Client
- Case Report Writing
- Legal Process
- Expert Admission
- Going to Court
- Use of Forensic Tools and Software
- One (1) Student Lab Practical Exercise – Hard drive examination
Module 8 – Introduction to Mobile Data Exploitation
- Mobile Phone Extraction Process
- Collection
- Isolation
- Interrogation
- Imaging
- Analysis
- Mobile Networks
- International Mobile Subscriber Identity
- Use of Forensic Tools and Software
- One (1) Student Lab Practical Exercise
Approximately 40% of the CCE BootCamp® consists of hands-on, comprehensive practical exercises. Successful course completion requires the submission of at least three written reports based on the results of specific practical exercises. These reports may be submitted to the instructors during the training class or within the 6 weeks of additional instructor support provided at the conclusion of the training class.
Students must have strong computer skills, including the ability or desire to work outside the Windows GUI interface and work with computer hardware. The online multiple choice portion of the CCE certification test is administered at the end of each CCE BootCamp®.
Training materials are provided in advance of the training for student review prior to the start of the classroom training. Upon enrollment, students are subscribed to the CCE Bootcamp Student Listserv that provides both administrative, technical and training support between the ISFCE and all enrolled students. The forensic software necessary to complete this course and Certified Computer Examiner (CCE)® exam is provided with this training.
After successful completion of the CCE Bootcamp, students must contact the ISFCE to initiate the application and registration process for the CCE certification test (www.isfce.com)
Click here to see a list of the software provided with this training.
Click here
to be added to our mailing list for information on boot camp
training.
