- The Certified Digital Forensics Examiner, C)DFE certification is designed to train Cyber Crime and Fraud Investigators. Students are taught electronic discovery and advanced investigation techniques. This course is essential to anyone encountering digital evidence while conducting an investigation. Mile2's Certified Digital Forensics Examiner training teaches the methodology for conducting a computer forensic examination. Students will learn to use forensically sound investigative techniques in order to evaluate the scene, collect and document all relevant information, interview appropriate personnel, maintain chain-of-custody, and write a findings report. Through the use of a risk-based approach, the C)DFE is able to implement and maintain cost-effective security controls that are closely aligned with both business and industry standards.
Who should attend
- Virtualization Admins, Cloud Security Officers, CIO, Virtualization and Cloud Auditors, Virtualization and Cloud Compliance Officers
Prerequisites
- 1 YR experience in computers
- Mile2’s C)SP course
- Mile2’s Foundational Course Pack"
Course Objectives
- Upon completion, Certified Digital Forensics Examiner students will be able to establish industry acceptable digital forensics standards with current best practices and policies. Students will also be prepared to competently take the C)DFE exam..
Course Content
- Module 1 – Computer Forensic Incidents
- Module 2 – Investigative Theory
- Module 3 – Investigative Process
- Module 4 – Digital Acquisition and Analysis Tools
- Module 5 – Disks and Storages
- Module 6 – Live Acquisitions
- Module 7 – Windows Forensics
- Module 8 – Linux Forensics
- Module 9 – Mac Forensics
- Module 10 – Examination Protocols
- Module 11 – Digital Evidence Protocols
- Module 12 – Digital Evidence Presentation
- Module 13 – Laboratory Protocols
- Module 14 – Artifact Recovery
- Module 15 – Advanced Search Strings
- Module 16 – eDiscovery and ESI
- Module 17 – Mobile Forensics
- Module 18 – Incident Handling
- Module 19 – Reporting
- Lab 1 – Chain of Custody
- Lab 2 – Identify Seized Evidences
- Lab 3 – Devices Acquisition Lab 4 – Memory Acquisition
- Lab 5 – Prepare the Case Evidence
- Lab 6 – Investigate the Acquired Evidence
- Lab 7 – Prepare the Case Evidence
- Lab 8 – Windows Event Logs Analysis
- Lab 9 – Linux Primary Info Retrieval
- Lab 10 – Investigate OSX Evidence
- Lab 11 – Finding Clues
- Lab 12 – Construct the Case Events
- Lab 13 -Evidence found from a Seized Android Device
- Lab 14 – Incident Response"
Comments
This course also prepares students for the exam ITF+ en CHFI