Course

Course Summary
Credit Type:
Course
ACE ID:
NCFI-0001
Organization's ID:
BCERT
Organization:
United States Secret Service National Computer Forensics Institute
Location:
Classroom-based
Length:
5 weeks, 196 hours
Dates Offered:
Credit Recommendation & Competencies
Level Credits (SH) Subject
Lower-Division Baccalaureate 4 Cyber Computer Forensics
Description

Objective:

BCERT is a five-week course designed to provide hands-on experience with computer hardware, device imaging solutions, forensic analysis tools, legal issues and report generation for law enforcement officers performing as cyber incident responders and digital evidence examiners. The course combines instructor-led discussions and practical exercises to teach methodologies and techniques used during investigations involving digital evidence.

Learning Outcomes:

  • Understand disk structures and file systems, and apply that knowledge as it relates to digital forensics
  • Understand why and how to sanitize media to receive forensic evidence, and apply that knowledge.
  • Understand why and how to image a hard drive and validate digital evidence, and apply that knowledge as it relates to digital forensics.
  • Demonstrate a knowledge of RAID HDD configurations, and explain their impact on digital forensic analysis and investigations.
  • Analyze digital evidence to complete digital forensic evidence exams.
  • Create digital forensic evidence reports on the findings of digital forensic exams.
  • Apply an understanding of digital numbering systems.
  • Evaluate a running computer system, and apply knowledge of digital forensics to complete a live triage of the system.
  • Complete physical data recovery using file headers and file signatures.
  • Demonstrate the ability to access, navigate and configure a computer BIOS.
  • Identify electronic evidence

General Topics:

  • Overview of forensic analysis Computer hardware BIOS, EFI & boot sequence Introduction to the forensics workstation Forensic workstation hardware tests Computer numbers Hashing Crime scene triage Physical disk structures RAID Data acquisition Volatile memory triage and collection On scene triage with industry standard tools Imaging with industry standard tools Write blocking with industry standard tools Data acquisition practical exercise FAT file system NTFS file system Windows registry artifacts Windows artifacts File headers and carving Keyword searching Internet & e-mail investigations Case processing Visualization Analysis with commercial forensic tools Encryption Memory Examinations Free Forensic Tools Reporting Legal Testimony Practical examination and review
Instruction & Assessment

Instructional Strategies:

  • Audio Visual Materials
  • Case Studies
  • Classroom Exercise
  • Computer Based Training
  • Laboratory
  • Lectures
  • Practical Exercises
  • Performance Rubrics (Checklists)

Methods of Assessment:

  • Examinations
  • Performance Rubrics (Checklists)

Minimum Passing Score:

70%
Supplemental Materials

Other offerings from United States Secret Service National Computer Forensics Institute

Mobile Device Examiner (MDE)
(NCFI-0003)
Network Intrusion Response Program (NITRO)
(NCFI-0002)
View All Courses