Computer Forensics Training

CompuForensics for Computer Forensics Training
THIS SITE BEST VIEWED WITH MS INTERNET EXPLORER 7+

Computer Forensics Examiner 12-Week Course Live On-line	Court/Legal Issues 4-Week Laboratory Live On-line	Windows User Security & Privacy (on-site & live on-line)	Computer Forensics Introduction/Business (on-site & live on-line)
Length: 90 hours (9 CEUs) Tuition: $995 Included: Study materials/CD/DVD Requisite: A+ or equivalent Summary: Best of Basic and Advanced combined (analysis of Windows using Windows running inside SuSE Linux) courses. Prior Linux experience is not needed.	Length: 15 Hours (1.5 CEUs) Tuition: $398 Included: Notes Requisite: 90-hour Course Summary: Forensic legal issues and courtroom testimony in Examiner course are put to the test. Students are examined and cross examined by a practicing attorney.	Length: 1 Day (8 hours) Tuition: $195; Call for on-site Included: Notes/Software Download Requisite: MS Win. familiarity Summary: Data hiding/encryption, safe/private Internet browsing, data recovery/eradication, backup & restoration and legal issues	Length: 1 Day (8 hours) Tuition: $195; Call for on-site Included: Notes/Software Download Requisite: None Summary: Introduction to computer forensics as well as business issues courses are intended for managers and staff involved with computer forensics managers.

Computer forensics is a relatively new professional endeavor within the computer science field. Little more than two and one-half decades old, it has garnered increasing attention in recent years due to an unusually high earning potential that tends to be almost immune from overseas competition. Computer forensics is the process of acquiring computer based information for use in legal proceedings or formal debate through a detailed or careful search. Legal proceedings normally refer to criminal or civil court trials, which are local in nature and therefore more effectively served by local examiners. Computer forensics, which was initially restricted to law enforcement officers, has more recently been practiced by those without law enforcement training. As such, it is increasingly popular among other computer professionals whose job prospects have been adversely affected by global competition.

Once you’ve decided you’re ready to embark on a career in computer forensics, enroll in our 90-hour Forensic Examiner on-line course. Classes occur from 7-9 p.m. Central, Monday through Thursday. If you’ve completed our 90-hour computer forensics training, consider taking our new 15-Hour Court/Legal Issues on-line laboratory taught Tuesdays and Thursday evenings. In addition to decades of federal law enforcement experience and hundreds of hours of courtroom experience, the Court/Legal Issues course affords students the unique opportunity to experience courtroom examination and cross examination by a practicing attorney.

Finally, if you manage or support computer forensics examiners, our 8-hour Computer Forensics Business Issues course may be just what you’re looking for. Conversely, if you’d like to know just enough about computer forensics to protect yourself from on-line threats, Personal Computer Security and Privacy may better suit your current needs. Both courses are taught Tuesday and Thursday evenings or on-site by prior arrangement.

Established in 1998, CompuForensics has become increasingly popular among law enforcement, government intelligence and

corporate security professionals. Previously restricted to full-time government employees or a select group of corporate security investigators, this high quality computer forensics training is now available to the general American public through nationally renowned and regionally accredited state universities and colleges. The current Forensics Examiner course spans one semester (four nights a week for eleven weeks) in addition to at least six hours of additional comprehensive exercise group study. Those successfully completing at least 70% of scheduled classes, including a comprehensive forensics case study, are rewarded with a certificate signed by a dean or higher official. Although designed as a 9.0 CEU (Continuing Education Units) university course with Pass/Fail grading, a proctored written examination is available for those requiring a letter grade. Course graduates can also elect to have their contact and training information listed on the Analysis page of this website.

In January, 2008, the Computer Forensics Examiner Basic 8-week 48-hour and 7-week 42-hour Advanced live on-line courses were replaced with the 12-week 90-hour Forensics Examiner course. Containing essential and most popular components of the Basic and Advanced courses, the new updated live on-line course manifested a savings of nearly a thousand dollars to the student.

Depicted below is the user friendly web based video access interface on CompuForensics' password protected CompuPic.Net; for a current listing of course content, download a copy of the new course syllabus (available in mid-September). The student has access to this site for the entire 12-week period, including web compatible read-only videos. Each green button corresponds to a Power Point XML presentation augmenting live instruction via Skype VOIP (Voice Over Internet Protocol). In addition to live sessions, instructor audio recordings may be accessed via blue buttons. Audio recordings are routinely made upon notification that a student will not be present for the live session. Alternatively, students can attend live lecture sessions via a land-line or cellular telephone by prior arrangement. Telephone conference connections are facilitated via GoToMeeting.

The live on-line 75-hour Examiner course is restricted to no more than nine students. Classes tend to be smaller still, affording an unparalleled student-teacher ratio. Although scripted exercises are designed for independent use, the instructor is available should the student require immediate assistance during scheduled laboratory exercises. The Court/Legal Issues course may be slightly larger, however, benefits from the improved interaction afforded by GoToMeeting.

The 12-Week Forensic Examiner course is designed to equip government and corporate

investigators/analysts with the skills needed to safely locate and secure computer evidence at the search site as well as to conduct subsequent off-site analysis. Specific instruction focusing on hacker and child pornography Internet investigations is included. Linux, the world's most powerful operating system, is employed to more safely and effectively analyze Windows systems, including Windows 9.x, ME, 2000, XP, Vista and Windows 7. This technique, increasingly used in the forensics community, was pioneered by the Department of Defense in the late 1990s. A comprehensive course syllabus, including student communications and exercise computer specifications, will soon be available in Adobe Acrobat format by selecting the right adjacent document representation. Frequently asked questions and a sample video interface is available by selecting the Questions button at the top of this page. Prospective students are also invited to

contact the instructor by telephone or email.

CodeWeaver's CrossOver for Linux allows many Windows applications and forensic tools to run inside of SuSE Linux. The adjacent screen capture depicts a VMWare Player 3.1.1 hosted OpenSuSE 11.1 session with Microsoft Office 2003, Media Player 6.4 and Adobe Photoshop 7. Linux blocks any inadvertent modification (writes) to evidentiary partitions by Windows applications. Knoppix Live Debian Linux is employed to safely and efficiently conduct an on-site preliminary forensic analysis of Windows computers. Use of hardware write blocks used to safely use Windows to analyze evidentiary partitions is simulated during the course. Computer forensics business management and technical report writing instruction is included.

On-line Forensics Instructor

Pictured in casual attire suitable to his current semi-retirement in rural Tennessee, the instructor possesses professional training and experience second to none. Possessing bachelor and masters university degrees, the instructor additionally attended special agent academies for the Department of the Treasury, US Customs Service, Naval Criminal Investigative Service and USAF Office of Special Investigations. Applicable technical training was principally hosted by the Treasury Department and Central Intelligence Agency. A former field grade intelligence officer with the USAF and US Army, he is a decorated Vietnam air combat veteran. Retiring at age 53 with a quarter century of federal law enforcement experience, he served as field agent, agent supervisor and headquarters staff, including service as a national program manager for computer forensics. In addition to well over a decade of US Government computer forensics experience, he has taught computer forensics since 1999 at seven regionally accredited universities or colleges in the Midwest and South.

12-Week Forensics Examiner Student Background

All on-line students should be fluent in English. All lectures, laboratories and videos are provided solely in English. The on-line format does not lend itself well to those with hearing or sight disabilities.

Eleven week examiner students should minimally have prior experience in loading the Microsoft Windows operating system and applications, copying/moving/linking files using Windows Explorer, and be familiar with the use of classic menu options. Prior use of basic Command Prompt utilities such as format, change directory, rename, delete and copy is also required. A+ or comparable computer hardware background is minimally desirable. Students should be familiar with Windows or third party drive partitioning software prior to beginning the course. Prior experience with Linux or computer forensics is not required.

12-Week Examiner Computer System Requirements

Audio Headset - Use of an ear phone with an integrated microphone is required to avoid background noise and echo effects. Suitable head phones with integrated microphones are widely available for as little as $20. Student microphones should be muted when not used for talking.

Audio/Video Communications Computer - Notebook, desktop or tower computer running Microsoft Internet Explorer 6/7/8 and Skype 4+ is recommended. Use of non-Microsoft Windows XP/Vista/Windows 7 personal computers may preclude optimum use of the web based Active-X Power Point presentations.

Exercise Computer - Since the Examiner course involves some rebooting during on-line laboratory sessions, simultaneous use of a separate forensic exercise computer is recommended. The exercise computer must be minimally equipped with a DVD-ROM bootable drive. The exercise computer should minimally be configured with a Pentium IV or equivalent processor running at 1.6 GHz or faster, 512MB of RAM (Random Access Memory) and 20 gigabytes of free hard disk capacity on a single drive. While the exercise computer can be a notebook, use of a desktop or tower with at least one removable drive bay is preferred for those intending to use their exercise computer to do computer forensics analysis at the conclusion of the course. The exercise computer should contain Windows XP (Vista or Windows 7 can be used with the understanding that some Windows forensic utilities may not be fully supported). Linux will be additionally installed during the initial weeks of the course. Use of a virtual exercise computer using VMWare Workstation/Player or Sun VirtualBox is a viable alternative for students who do not anticipate doing computer forensics soon after the course has concluded. The virtual machine alternative is not ideal, even for classroom use. Consult Questions for a more complete discussion of virtual machine use.

Exercise Software - Required preliminary and comprehensive forensic exercise images are available in Ghost, SafeBack, WinHex and Active@ DiskImage (version 2 for DOS) formats. If used, Norton Ghost should be the 2001, 2002 or 2003 version; Ghost 10 is the last version to include Ghost 2003. Accordingly, Ghost, Safeback, WinHex (Specialist or higher) or DiskImage is required. Active@ DiskImage is a free download, which, although not routinely used for forensics, is instructive in the use of forensic imaging utilities. Possession of a specialist licensed version or higher of WinHex disk editor is recommended, especially for those intending to do forensics after the course. A free personal license copy of Winhex will support most course requirements. The WinHex disk editor is available for purchase or evaluation download at www.WinHex.com. Students should additionally possess a bootable Knoppix 5.1 CD-ROM, which may be downloaded free from www.Knoppix.net. Since only Explorer 7+ is needed for the first week of class, students may find it prudent to ask questions regarding software purchases during the first day of class. A trial ware version of Access Data's Forensic Toolkit (FFK) is used during the course.

12-Week Examiner Course Resources

Students are provided study materials on-line in Adobe Acrobat format. A copy of the National Institute of Justice (NIJ), "Using and Presenting Digital Evidence in the Courtroom: Mock Trial DVD", if available from NIJ, will be provided by mail. Links for the download of Knoppix 5.1, SuSE 11.3 (current stable) and SuSE 11.1 (last stable version with KDE 3.5 install option) are provided. A CompuForensics bootable CD-ROM (supporting DOS, Windows and Linux based analysis of Windows computers) will be provided by mail or online as an ISO image. Trial ware versions of CodeWeaver's CrossOver, Access Data's Forensic Toolkit, Advantstar's Quick View Plus, Passware's Password Recovery Kit, as well as some other utilities, are used.

At course end, students having attended at least 70% of scheduled classes and satisfactorily completing a case based comprehensive exercise are issued a college certificate of completion signed by a college dean or higher official. Successful completion also results in the award of 9.0 continuing education units. Some students may have the option of using the participating universities laboratory computers; in such instances, university laboratory fees are likely to apply. As in conventional classroom instruction, registration and tuition is handled by the hosting university or college.

The Forensics Examiner course syllabus includes essential and most popular components of previously offered 6-day Examiner Basic and 5-day Examiner Advanced courses. Although only a few hours less than the replaced Basic and Advanced courses combined, course tuition is a quarter that of replaced on-campus courses; $2995 Savings.

Scheduled CompuForensics Computer Forensics Courses

Tuesday, Jan. 18 thru Thursday, Apr. 7, 2011	90-hr. 12-week Forensics Examiner live on-line course Enrollment Open (Mon-Thu, 7-9 PM Central Time) Observed holiday: None
Tuesday, (spring semester start date to be announced)	15-hr. 4-week Court/Legal Issues live on-line Laboratory Enrollment Open (Tue & Thu 7-9 PM Central Time) Observed holiday: TBA
Thursday, Sep. 1 thru Wednesday, Nov. 23, 2011	90-hr. 12-week Forensics Examiner live on-line course Enrollment Open (Mon-Thu, 7-9 PM Central Time) Observed holiday: None
Tuesday, (fall semester start date to be announced)	15-hr. 4-week Court/Legal Issues live on-line Laboratory Enrollment Open (Tue & Thu 7-9 PM Central Time) Observed holiday: TBA