This course is intended for computer forensic specialists/digital evidence examiners whose duties include the examination and analysis of digital evidence in high-technology crimes. It focuses on specific tool sets designed for rapid traversal of data and identification of evidential items of interest, both at the scene and later in a controlled environment. The course includes presentations and hands-on instruction on such topics as live machine and dead machine examinations, safe booting a GNU/Linux forensic platform, creating forensically-sound copies of digital media and mounting them for examination, conducting text and data searches, capturing volatile data (RAM imaging), obtaining user and computer information for use in the investigation, recovering certain passwords, identifying hidden data, and using hash algorithms.
The course was designed for students who already have a fundamental grasp of basic computer components and how to operate a computer using the Windows operating system. The student should come prepared with the prior knowledge and skills necessary to respond to an electronic crime scene and to safely and methodically collect and preserve items of evidential value that may be used in court proceedings. Basic computer skills and identifying/seizing electronic evidence will not be covered. The student is encouraged to explore preparatory training prior to class as he/she feels necessary. Suggested online training includes, but is not limited to, the following:
Basic Computer skills for Law Enforcement
NW3C = https://www.nw3c.org/online-training/online-course-detail/67
SEARCH = http://www.search.org/get-help/training/high-tech-crime-investigations/self-paced-training/basic-computer-skills-for-law-enforcement/
Identifying and Seizing Electronic Evidence
NW3C = https://www.nw3c.org/online-training/online-course-detail/52
- This class is 24 hours.
- Class hours are 8:00 a.m. to 5:00 p.m.
- This class is included in our membership program.