eBusiness Process Solutions

Computer Forensic and Cyber Investigations Course

eBusiness Process Solutions
3140 Gold Camp Drive Suite 70
Rancho Cordova, CA 95670

Get Your 'Certified Cyber-Crime Expert (C3E)' Certification Now!!

Course Description

The time for Computer Forensic and Cyber Investigations training is now.  High-profile cases of corporate malfeasance and increased attention paid to cybercrime and cyberterrorism have elevated electronic evidence discovery to an indispensable component of any organization’s security plan.  This intensive instructor led course is designed to give a solid foundation in the theory and practice of essential computer forensic techniques. 

This course will help the incident response team be fully prepared to respond to many types of crisis situations by providing hands-on training and a strong incident response foundation.  The frontline incident handler will be equipped with the knowledge, tools, and hands-on experience needed to investigate and respond effectively to computer crime and other incidents within the organization. 

The course will focus on the role of computer forensics and the methods used in the investigation of computer crimes.  The course explains the need for proper investigation and illustrates the process of locating, handling, and processing computer evidence.  A detailed explanation of how to effectively manage a forensics investigation and how to preserve and present evidence will be covered.


4 Days


Attendees should be familiar with Windows-based computers. 


bulletOne-to-one student equipment ratio
bulletThe information learned in class will have an immediate impact upon return to work.
bulletUpon successful completion of the course and after passing a practical and written test the student will earn the Certified Cyber-Crime Expert (C3E) certification.


Our instructors are Certified Information Systems Security Professionals (CISSP) and have an average 15 years in the Security Industry (including Law Enforcement) and have trained thousands of Fortune 100 and DoD / Government attendees each. 

Who Should Attend

Anyone involved in the security of Information Assets including: Information Security Officers, Information Security Managers, Computer Crime Investigators, IT Auditors, Consultants, Systems and Network Administrators, Law Enforcement Investigators, lawyers, HR Managers, and others interested in information security are welcome.



Customized Course Content

This course can be presented on site at your facility and custom-tailored to fit the needs of your organization.  On-site courses provide flexibility for attendees and cost savings to an organization in the form of reduced travel expenses and multiple student discounts.


bulletComputer Crime
bulletBasic Forensic Principles
bulletGeneral Computing Principles
bulletLegal Challenges
bulletSearch and Seizure of Computers
bulletCollection of Evidence from a “Live” System
bulletForensic Imaging and Verification
bulletData Recovery and Analysis
bulletInvestigative Techniques
bulletReal World Case Studies
bulletCutting-Edge Vendor Tools Used in Course
bulletExtensive “Hands-On” Labs

Detailed Course Description

1.  Computer Crime

bulletWhat is a computer crime?
bulletTypes of evidence
bulletWhy collect evidence
bulletThe rules of evidence
bulletLocard’s Exchange Principle
bulletWhy is computer forensics necessary?
bulletComputer Forensics as part of an Incident Response Plan

 2.  Basic Forensic Principles

bulletThe forensics objective
bulletThe principles of evidential integrity and continuity
bulletChain of Custody
bulletComputer Forensics Methodology
bulletGeneral Evidence Processing Guidelines and Procedures

 3.  Legal Challenges

bulletIn-depth exploration of legal challenges to forensics
bulletDoJ Search and Seizure Manual in depth
bulletPrivacy issues
bulletConstitutional protections
bulletLegal statutes pertaining to computer seizure
bulletSteps for obtaining a Warrant
bulletElectronic Communication Privacy Act
bulletPen / Trap Statute
bulletWiretap Statute – Title III
bulletSpecific court references

 4.  General Computing Principles

bulletTypes of storage
bulletHard disks
bulletReview of disk geometry
bulletTables and file structure
bulletSectors and clusters
bulletFile storage
bulletUnallocated File Space
bulletSpool, Temporary, and Swap Files
bulletFloppy disks
bulletAllocated vs. Unallocated space
bulletDeleted files, File Slack
bulletComputer memory and RAM Slack
bulletBios control
bulletDevice drivers
bulletInitialization files
bulletThe Boot sequence
bulletGeneral overview of Networks

 5. Search and Seizure of Computers

bulletPreparation for the raid
bulletPreparing a Forensic Checklist
bulletTo seize or not to seize
bulletHow to handle a “live” computer
bulletUnderstanding the boot sequence for forensic control
bulletWhat to seize and where to look
bulletPhotographing and recording equipment layout
bulletBagging, tagging and removing equipment
bulletStorage of seized equipment

 6.  Collection of Evidence from a “Live” System

bulletBuild Forensic Response Toolkit
bulletTrusted Source Files
bulletBuilt-in Operating System Utilities
bulletSpecialized Windows tools
bulletAnalysis of Data
bulletLog Analysis and Correlation
bulletFile Access Times
bulletAbnormal Processes
bulletReviewing Relevant Files
bulletUnusual of Hidden Files

 7.  Forensic Imaging & Verification

bulletData Recovery and Analysis
bulletOverview of imaging systems
bulletPreparing and verifying forensically sterile examination media
bulletDoD Standard 5220.22-M
bulletMaking Bit Stream Image Duplications
bulletStoring images
bulletDemonstration of imaging using Image MASSter
bulletRestoring image copies

 8.  Data Recovery and Analysis

bulletOverview of analysis software
bulletDemonstration of analysis techniques
bulletKeyword searching
bulletGraphic searching
bulletProducing, viewing, and sorting file listings
bulletExtracting files
bulletUndeleting files
bulletInvestigating floppy disks
bulletUse the Forensics Toolkit

 9.  Investigative Techniques

bulletTheory of Investigation
bulletInformation overload problem
bulletMaintaining focus
bulletTechnical interviews
bulletInformation discovery
bulletEvaluating evidence
bulletTotality of the circumstances
bulletKnowing when to stop
bulletDocumenting an investigation
bulletRecord keeping
bulletPresenting evidence
bulletReport and exhibit presentation
bulletCourt testimony

 10.  Encryption

bulletUsing PGP
bulletSoftware security devices
bulletCracking password protected files

 Real World Case Studies

bulletTheft of Intellectual Property
bulletEmployment disputes
bulletDestruction / alteration of data
bulletE-mail misuse

 Extensive Hands-On Labs

bulletPreparing Forensically Sterile Media
bulletRecovering Data from Unallocated Space
bulletBuilding a Forensic Workstation Toolkit
bulletRecovering Data from a “Live System”
bulletUsing a Hex Editor to Recover Data
bulletRecovering Data from Unallocated Space
bulletRecovering Data from Formatted Disks
bulletUsing Quick View Plus to view files
bulletUsing MD5 Checksums to insure Data Integrity
bulletPerform Forensic Analysis on Floppy Discs
bulletPerform Forensic Analysis on Hard Drives
bulletUnlocking Password Protected Files
bulletProduce a Technically Correct Forensic Report

[Main] [Contact Us] [Directions] [Hotels] [Schedule] [Courses] [Distance Learning] [Search

Call Us



800-968-8648 in CA