Computer Forensics Level 2
Security
Training
Provided by ProTrain Online
The Level II online program is designed for people interested in becoming Computer Forensics experts and have successfully completed Level I training. Students move at their own pace through all 3 levels (5 modules) and learn how to forensically Exam(s)ine and recover data from DOS, Windows 95 and Windows 98 operating systems. Students learn core forensic procedures for any operating or file system, and how to conduct forensically sound Examinations to preserve evidence for admission and use in legal proceedings. Each module requires an Exam(s) and completion of practical exercises before you can move to the next module. Additionally, this course will help prepare you for the upcoming Certified Computer Examiner (CCE) Examination. 12 Months Access, Mentor Supported
|
|
||||||||||||||||
Computer Forensics Level 2
o The DOS and Windows boot process.
o A continuation of how files are created and stored.
o How to recover more complex deleted files.
o The significance and determination of the creation date and time.
o The significance and determination of the last accessed date and the modification date and time.
o How Windows long file names are stored.
o What happens when Windows long file names are deleted.
o How to recover Windows long file names.
o How sub-directories are stored.
o What happens when sub-directories are deleted.
o How to recover a deleted sub-directory and its files.
o What happens when a diskette or hard disk drive is formatted.
o How to recover files, sub-directories and data from formatted disks.
o How to determine which files had been deleted prior to formatting.
o What file slack is and how to recover data from file slack.
o There are five practical exercises on the logical structure of FAT file systems, file storage and the recovery of fragmented deleted files, the recovery of long file names, the recovery of deleted sub directories and the recovery of formatted disks.
o A written examination regarding the material covered in this module.
Module 3
o An in-depth exploration of NTFS logical structures (nothing similar is available anywhere) , including:
The partition table
The boot record
Bitmaps
The root directory
The MFT
Headers
Attributes
Resident files
Non-resident files
Run lists, etc.
Alternate data streams
File storage
The various dates and times stored in attributes
File deletion
File recovery
Directory storage
Tracing files/directories
The NTFS registry "hive".
Examining NTFS drives
o A practical exercise involving the detailed exploration of the NTFS logical structures on a specially prepared NTFS dive.
o A written examination regarding the material covered in this module.
We will provide a detailed handout for each module covered. The handouts can be used as a reference manual. Sample reports, additional practical exercises, a DOS primer, Diskedit primer and other useful information and applications will be provided. You will be subscribed to our listservers that provide both administrative and technical information. Even after you complete the course, as material is updated, you will be able to download the new material from our web site.
We will provide some forensic software that was written specifically for forensic examiners, including:
o A fast and thorough wiping program
o A fast checksum program
o A fast program that documents files (including deleted files) on a drive
o A program that will allow examination of unallocated space
o A program that will make exact forensic copies of floppy diskettes
o An excellent forensic "carving" utility
o The Passware Kit from Lost Password.com
o See hardware and software requirements for details on the software provided.
You will be required to purchase:
o Norton Utilities
o Norton Ghost
o QuickView Plus (a viewing application) QuickView
o A good virus scanning utility
o You will be required to use your own USB drive for the examinations. We recommend a size no less than 32 MB
o A continuation of how files are created and stored.
o How to recover more complex deleted files.
o The significance and determination of the creation date and time.
o The significance and determination of the last accessed date and the modification date and time.
o How Windows long file names are stored.
o What happens when Windows long file names are deleted.
o How to recover Windows long file names.
o How sub-directories are stored.
o What happens when sub-directories are deleted.
o How to recover a deleted sub-directory and its files.
o What happens when a diskette or hard disk drive is formatted.
o How to recover files, sub-directories and data from formatted disks.
o How to determine which files had been deleted prior to formatting.
o What file slack is and how to recover data from file slack.
o There are five practical exercises on the logical structure of FAT file systems, file storage and the recovery of fragmented deleted files, the recovery of long file names, the recovery of deleted sub directories and the recovery of formatted disks.
o A written examination regarding the material covered in this module.
Module 3
o An in-depth exploration of NTFS logical structures (nothing similar is available anywhere) , including:
The partition table
The boot record
Bitmaps
The root directory
The MFT
Headers
Attributes
Resident files
Non-resident files
Run lists, etc.
Alternate data streams
File storage
The various dates and times stored in attributes
File deletion
File recovery
Directory storage
Tracing files/directories
The NTFS registry "hive".
Examining NTFS drives
o A practical exercise involving the detailed exploration of the NTFS logical structures on a specially prepared NTFS dive.
o A written examination regarding the material covered in this module.
We will provide a detailed handout for each module covered. The handouts can be used as a reference manual. Sample reports, additional practical exercises, a DOS primer, Diskedit primer and other useful information and applications will be provided. You will be subscribed to our listservers that provide both administrative and technical information. Even after you complete the course, as material is updated, you will be able to download the new material from our web site.
We will provide some forensic software that was written specifically for forensic examiners, including:
o A fast and thorough wiping program
o A fast checksum program
o A fast program that documents files (including deleted files) on a drive
o A program that will allow examination of unallocated space
o A program that will make exact forensic copies of floppy diskettes
o An excellent forensic "carving" utility
o The Passware Kit from Lost Password.com
o See hardware and software requirements for details on the software provided.
You will be required to purchase:
o Norton Utilities
o Norton Ghost
o QuickView Plus (a viewing application) QuickView
o A good virus scanning utility
o You will be required to use your own USB drive for the examinations. We recommend a size no less than 32 MB
About The Training Provider: ProTrain Online
ProTrain Online - In partnership with colleges and universities, ProTrain Online offers hundreds of non-credit online career certificate programs.
Online Program Features
- Most programs have 12-month online access
- Mentors available live online 24X7 to provide support in a variety of courses
- Hands-on exercises contained within courses
- Tests and quizzes within courses
- Receive a Certificate of...
