Computer Forensics Training

CompuForensics for
Computer Forensics Examiner Training

Computer Forensics Examiner 12-Week Course Live On-line	Computer Forensics Examiner 8-Hour Modules Live On-line	Windows User Security & Privacy (on-site & live on-line)	Computer Forensics Introduction/Business (on-site & live on-line)
Length: 12 Week (75 hour) Tuition: $995 Included: See Course Syllabus Requisite: Win. XP OS familiarity Summary: Best of Basic and Advanced combined (analysis of Windows using Windows running inside SuSE Linux) courses. Prior Linux experience is not needed.	Length: 8 Hours Tuition: $150 Included: Notes/Software Download Requisite: MS Win. familiarity Summary: Selected modules are taken from the 12-week forensics examiner course and are intended to augment training for practicing examiners.	Length: 1 Days (8 hours) Tuition: $195; Call for on-site Included: Notes/Software Download Requisite: MS Win. familiarity Summary: The course discusses data hiding and encryption, safe and private Internet browsing, data recovery and eradication, OS backup & restoration and legal issues.	Length: 1 day (8 hours) Tuition: $195; Call for on-site Included: Notes/Software Download Requisite: None Summary: Introduction to computer forensics as well as business issues courses are intended for managers and staff involved with computer forensics managers.

Computer forensics is a relatively new professional endeavor within the computer science field. Little more than two decades old, it has garnered increasing attention in recent years due to an unusually high earning potential that tends to be almost immune from overseas competition. Computer forensics is the process of acquiring computer based information for use in legal proceedings or formal debate through a detailed or careful search. Legal proceedings normally refer to criminal or civil court trials, which are local in nature and therefore more effectively served by local examiners. Computer forensics, which was initially restricted to law enforcement officers, has more recently been practiced by those without law enforcement training. As such, it is increasingly popular among other computer professionals whose job prospects have been adversely affected by global competition.

If you’re still not sure computer forensics is for you, consider taking the 8-hour Introduction to Computer Forensics. Like all CompuForensics courses, it is taught in the evening when most busy professionals are able to attend. CompuForensics courses use a high speed Power Point video website to augment Skype audio teleconferencing. Students have the option of participating via telephone or cell phone when away from their computer. As a live course, the instructor, whose computer forensics credentials are second to none, is available to help even during scripted exercises.

Once you’ve decided you’re ready to embark on a career in computer forensics, enroll in our 75-hour 12-week Forensic Examiner course. Classes occur from 7-9 p.m. Central, Monday, Wednesday and Friday. If you’ve had computer forensics training and would like to refresh selected skills, consider taking one or more of the forensic examiner training modules taught Tuesdays and Thursday evenings.

Finally, if you manage or support computer forensics examiners, our 8-hour Computer Forensics Business Issues course may be just what you’re looking for. Conversely, if you’d like to know just enough about computer forensics to protect yourself from on-line threats, Personal Computer Security and Privacy may better suit your current needs. Both courses are taught Tuesday and Thursday evenings.

Established in 1998, CompuForensics has become increasingly popular among law enforcement, government intelligence and corporate security professionals. Previously restricted to full-time government employees or a select group of corporate security investigators, this high quality computer forensics training is now available to the general American public through nationally renowned and regionally accredited state universities and colleges. The current Forensics Examiner course spans 12 weeks and 35 two-hour sessions in addition to five hours of additional comprehensive exercise group study. Those completing at least 70% of scheduled classes, including a comprehensive forensics case study, are rewarded with a certificate signed by a dean or higher. Although designed as a 7.5 CEU (Continuing Education Units) university course with Pass/Fail grading, a proctored written examination is available for those requiring a letter grade. Course graduates can also elect to have their contact and training information listed on the Analysis page of this website.

In January, 2008, the Computer Forensics Examiner Basic 8-week 48-hour and 7-week 42-hour Advanced live on-line courses were replaced with the 12-week 75-hour Forensics Examiner course. Containing essential and most popular components of the Basic and Advanced courses, the new updated live on-line course manifested a savings of nearly a thousand dollars to the student. Included within the $995 tuition is a commercial copy of Win4Lin Desktop Version 3.5 or 4.0.

Depicted below is the user friendly web based video access interface on CompuForensics' password protected CompuPic.Net. The student has access to this site for the entire 12-week period, including web compatible read-only videos. Each green button corresponds to a Power Point XML presentation augmenting live instruction via Skype VOIP (Voice Over Internet Protocol). In addition to live sessions, instructor audio recordings may be accessed via blue buttons. Audio recordings are routinely made upon notification that a student will not be present for the live session. Alternatively, students can attend live lecture sessions via a land-line or cellular telephone by prior arrangement. Skype and telephone conference connections are initiated by the instructor.

Live on-line classes are restricted to no more than nine students. Classes tend to be smaller still, affording an unparalleled student-teacher ratio. Although scripted exercises are designed for independent use, the instructor is available should the student require immediate assistance during scheduled laboratory exercises.

The 12-Week Forensic Examiner course is designed to equip government and corporate investigators/analysts with the skills needed to safely locate and secure computer evidence at the search site as well as to conduct subsequent off-site analysis. Specific instruction focusing on hacker and child pornography Internet investigations is included. Linux, the world's most powerful operating system, is employed to to more safely and effectively analyze Windows systems, including Windows 9.x, ME, 2000, XP and Vista. This technique, increasingly used in the forensics community, was pioneered by the Department of Defense in the late 1990s. A comprehensive course syllabus, including student communications and exercise computer specifications, is available in Adobe Acrobat format by selecting the right adjacent document representation. Frequently asked questions and a sample video interface is available by selecting the Questions button at the top of this page. Prospective students are also invited to contact the instructor by telephone or email.

Win4Lin allows Windows XP and Windows forensic tools to run inside of SuSE Linux. Linux precludes inadvertent modification of evidentiary partitions by the Windows operating system and applications. Knoppix Live Debian Linux is employed to safely and efficiently conduct an on-site preliminary forensic analysis of Windows computers. Program Management and technical report writing instruction is included.

On-line Forensics Instructor

Pictured in casual attire suitable to his current semi-retirement in rural Tennessee, the instructor possesses professional training and experience second to none. Possessing bachelor and masters university degrees, the instructor additionally attended special agent academies for the Department of the Treasury, US Customs Service, Naval Criminal Investigative Service and USAF Office of Special Investigations. Applicable technical training was principally hosted by the Treasury Department and Central Intelligence Agency. A former field grade intelligence officer with the USAF and US Army, he is a decorated Vietnam air combat veteran. Retiring at age 53 with a quarter century of federal law enforcement experience, he served as field agent, agent supervisor and headquarters staff, including service as a national program manager for computer forensics. In addition to well over a decade of US Government computer forensics experience, he has taught computer forensics since 1999 at seven regionally accredited universities or colleges in the Midwest and South.

12-Week Forensics Examiner Student Background

All on-line students should be fluent in English. All lectures, laboratories and videos are provided solely in English. The on-line format does not lend itself well to those with hearing or sight disabilities.

Twelve week examiner students should minimally have prior experience in loading the Microsoft Windows XP operating system and applications, copying/moving/linking files using Windows Explorer, and be familiar with the use of classic menu options under XP. Prior use of basic Command Prompt utilities such as format, change directory, rename, delete and copy is also required. A+ or comparable computer hardware background is minimally desirable. Prior experience with Linux or computer forensics is not required.

12-Week Examiner Computer System Requirements

Audio Headset - Use of an ear phone with an integrated microphone is required to avoid background noise and echo effects. Suitable head phones with integrated microphones are widely available for as little as $20. Student microphones should be muted when not used for talking.

Audio/Video Computer - Notebook, desktop or tower computer running Microsoft Internet Explorer 6/7 and Skype is recommended. Use of non-Microsoft Windows XP or Vista personal computers may preclude optimum use of the web based XML Power Point presentations. Skype teleconferencing software is available for Windows, Macintosh and Linux operating systems. Download a free copy of Skype from www.Skype.com.

Exercise Computer - Since the Examiner course involves some rebooting during on-line laboratory sessions, simultaneous use of a separate forensic exercise computer is needed. The exercise computer must be minimally equipped with a DVD-ROM bootable drive. In addition to the compatibility requirement to run Windows XP or 2000 Pro inside of SuSE Linux 11.0, the exercise computer should minimally be configured with a Pentium IV or equivalent processor running at 1.6 GHz or faster, 1 gigabyte of RAM (Random Access Memory) and 20 gigabytes of free hard disk capacity. While the exercise computer can be a notebook, use of a desktop or tower with at least one removable drive bay is preferred for those intending to use their exercise computer to accomplish computer forensics analysis at the conclusion of the course. The exercise computer should contain Windows 2000 or XP (Vista can be used with the understanding that some Windows forensic utilities may not be supported). Linux and Windows XP or 2000 Pro will be additionally installed during the initial weeks of the course. Students must possess a non-upgrade version of Windows XP or 2000 Pro that is compatible with Win4Lin (see Win4Lin.com).

Exercise Software - Required preliminary and comprehensive forensic exercise images are available in Ghost, Safeback and WinHex formats. If used, Norton Ghost should be 2001 or later version, excluding Version 14 and Vista versions lacking backward compatibility with Ghost GHO images. Accordingly, Ghost, Safeback or WinHex (Specialist) is required. Possession of a specialist licensed version of WinHex disk editor is recommended, especially for those intending to do forensics after the course. A personal license copy will support most course requirements. The WinHex disk editor is available for purchase or evaluation download at www.WinHex.com. Symantec Partition Magic 8 is recommended for students who are not familiar with using Linux drive partitioning utilities. Students should additionally possess a bootable Knoppix 5.x CD-ROM, which may be downloaded free from www.Knoppix.net.

12-Week Examiner Course Resources

Students are provided illustrated loose-leaf study notebook inserts and cover page as well as a SuSE 11.0 DVDROM and CompuForensics bootable CD-ROM (supporting DOS, Windows and Linux based analysis of Windows computers). Students minimally receive a commercially licensed copy of Win4Lin 3.5 or 4.0.

At course end, students having attended at least 70% of scheduled classes and satisfactorily completing a case based comprehensive exercise are issued a college certificate of completion signed by a college dean or higher official. Successful completion also results in the award of 7.5 continuing education units. Some students may have the option of using the participating universities laboratory computers; in such instances, university laboratory fees are likely to apply. As in conventional classroom instruction, registration and tuition is handled by the hosting university.

The Forensics Examiner course syllabus includes essential and most popular components of previously offered 6-day Examiner Basic and 5-day Examiner Advanced courses. Although only a few hours less than the replaced Basic and Advanced courses combined, course tuition is a quarter that of replaced on-campus courses; $2995 Savings.

CompuForensics Computer Forensics Course Schedule

Monday, Apr 6 through Monday, Jun 29, 2009	75-hr. 12-week Forensics Examiner live on-line course Now Running (Mon, Wed & Fri 7-9 PM Central Time) Observed holiday: Memorial Day
Monday, Sep 14 through Friday, Dec 4, 2009	75-hr. 12-week Forensics Examiner live on-line course Enrollment Open (Mon, Wed & Fri 7-9 PM Central Time) Observed holiday: None