|
|
|
Answers to Frequently Asked Questions
Non-Use of Government Endorsements & Seals Although agents from most every major United States federal law enforcement and intelligence agency have attended our training, and our instructors are exclusively retired federal law enforcement agents, CompuForensics does not claim or infer the endorsement of any government agency. First, in over two decades of federal law enforcement service, I have never known a federal law enforcement agency to publicly endorse a commercial enterprise. To do so would presumably constitute a conflict of interest on the part of the recommending agency. Secondly, a reading of United State Criminal Code, 18 USC 1017, raises questions in my mind as to the prudence of affixing Government seals on non-Government websites. Government seals are also likely to be protected under federal copyright law. Admittedly, I am not an attorney and would defer questions as to the legality of affixing Government seals to commercial websites to the Office of the United States Attorney and/or criminal investigative arm of the affected Government agency. Although many of our corporate students have offered signed testimonials as to the quality of CompuForensics training, it is our policy not to associate names or corporations with endorsements posted to this website. We appreciate our corporate customers, which include some of the largest companies in America, and elect not to trade on their good name. Clarification of Software & Hardware Requirements Given the continuing depressed state of the American economy, it is understandable that most are anxious to avoid unnecessary expenses. CompuForensics courses are priced accordingly, manifesting a substantial reduction from pre-recession levels. Due to the length and university format of our computer forensics training, federal and state assistance may be available depending upon your location and economic circumstance. Additionally, our courses are designed to minimize or delay costs beyond university course tuition. For additional guidance concerning course hardware and software requirements, download the course syllabus. The only software required for the first day of the 75-hour on-line Examiner class is Internet Explorer 6+ and Skype 4+, both of which are free downloads. By the second week, students will require one of the following to restore initial and comprehensive images: Symantec Ghost (2001-2003 forensic versions); NTI SafeBack; or X-Ways Replica (free with purchase of WinHex Specialist and higher licenses). Older forensic copies of Ghost are normally available on eBay for about $50. SafeBack retails for nearly ten times as much. Those expecting to do computer forensics for hire upon completion of the course may want to purchase a WinHex Specialist license. Since WinHex is a German product marketed in Euros, the price is affected by the conversion rate of dollars to Euros. X-Ways offers an upgrade path for those needing the increased functionality of licenses beyond the Specialist. Trail ware versions of CrossOver, Win4Lin, Quick View Plus and decryption utilities, among others, may be suitably employed during the course. Win4Lin is installed shortly before the comprehensive exercise in order to retain its functionality during its 15 day authorized trail use window. The CrossOver and Quick View Plus trail expires after 30 days. Most decryption utilities are expensive and frequently updated; accordingly, their purchase should be delayed until needed. Since some key forensic utilities are not fully implemented in Windows 7 or Vista, a non-upgrade copy of Windows XP or 2000 is needed. The use of virtualization software on the communications computer in lieu of a physical exercise computer may be an option for some. Students electing to run SuSE Linux inside of Windows on the communications computer in lieu of a separate exercise computer should do so with the following understandings: classroom instruction is oriented to the use of a separate exercise computer and assistance in the use of virtualized systems is not provided; a separate forensics (exercise) computer is required to accomplish computer forensics for hire at the conclusion of the course; SuSE Linux running in a virtualized session within the communications computer must be able to directly access a 240 MB FAT 16 exercise partition; and virtualization use mandates the availability of increased hard disk, memory and processor resources on the communications computer. On-line Course Revisions in 2010 CompuForensics training has been revised and appended frequently since its inception over a decade ago. In addition to regular updating of current modules, the following specific changes have occurred. Replacement of Symantec Partition Magic 8, which has not been substantially upgraded for several years and has known compatibility issues with the Linux Grub 2 boot loader, has been succeeded by the enhanced Windows 7 disk management and/or SuSE partitioning utilities. The currently implemented Win4Lin 5.5 desktop, which only supports Windows 2000 and XP, has been retained due to stability issues found to exist in Sun's Virtual Box. Virtual Box, which additionally supports Windows 9.x through Windows 7, was found to run well on some multiple core systems and poorly on others. Our tests disclosed particular success running Windows XP and SuSE 11.2 under Windows 7 Ultimate on one Dell AMD quad-core; USB device and host folder sharing problems occurred under Windows 7 on a dual-core Dell notebook. Attempts to install Virtual Box under SuSE 11.2 on an Intel quad-core met with even less success. CodeWeavers CrossOver (Wine implementations not requiring Windows) was successfully installed to a variation of platforms running SuSE Linux and has been added to afford running of key Windows applications inside of Linux. Open SuSE 11.2 will replace Version 11.0 during the spring and fall semesters. Addition of a 40 hour legal issues course is scheduled for the fall 2010 semester. This new addition to CompuForensics training will be taught by a retired federal agent with hundreds of hours of courtroom experience in association with a practicing trial attorney. Areas of emphasis include: 4th Amendment issues; probable cause and preparation of search affidavits; pre-trial motions; courtroom testimony; and examiner ethics and state licensing. Department of Justice guidelines and National Institute of Justice resources will be employed. GoToMeeting on-line conferencing will be employed to afford classroom audio and video of the testifying student and examining attorney.
$995 Live On-line Examiner Course Available
In addition to conventional classroom
instruction, in which the student is trained in university computer
laboratories, computer forensics examiner courses are also available
on-line. Unlike traditional correspondence courses, our on-line training is
live. That is, an instructor is available during each block of instruction
via Skype teleconferencing software. Lectures are augmented by
At course end, students having attended at least
70% of scheduled classes are issued a co-branded certificate of completion
from CompuForensics and the affiliated state university or college. Some students may have
the option of using universities computers; in such instances, university
laboratory fees additionally apply. Class size is limited to nine students. Two decades ago, computer forensics examiners were relatively few. To the best of my memory, we were all federal agents. Many of us were initially trained as electronic counter measures (ECM) specialists at the Central Intelligence Agency. Those who weren't electrical engineers, like myself, attended several months of private tutoring in analog and digital electronics. Once we completed the lengthy ECM training, a few of us stayed on additional weeks to receive training in computer specific investigations. The theory at the time was that a competent examiner understood how the hardware and operating system worked. Concomitantly, the Government funded my attendance at numerous university based programming and computer analysis courses. All in all, the Government claimed to have spent in excess of $100,000 over a little less than two years, not counting my salary. While the extent of my training was probably greater than that of most other federal agent examiners, most everyone then received a fair amount of training. Unfortunately, beginning in the early 1990s, governments began to cut back on computer forensics training expenses. Still, most examiners were criminal investigators, if not federal agents. During the last decade or so, the number of folks calling themselves computer forensics examiners exploded. Some local law enforcement officers received little more than a two or three day course in how to operate an automated analysis program, thereafter claiming to be 'certified' [automated program] examiners. Worse yet, marginally computer literate civilians, lacking any credible background in criminal law, rules of evidence or courtroom procedures, took a week long course from non-law enforcement trained instructors and loosed themselves on the unsuspecting public. What ensued was the 'wild west' era of computer forensics; in the old west, you were likely as not to have your life threatening wound treated by a barber as a college trained medial doctor. Although it has taken a while, an increasing number of states are attempting to, so to speak, weed out the barbers. Most minimally require that examiners be private investigators. At least one state required two years of full-time law enforcement experience or a four year college degree in criminal justice. Nevertheless, in more states than not, standards for those calling themselves computer forensics examiners are non-existent. Some would argue that peer certification is the answer to the standard free mess we find ourselves in. If this is your solution, be prepared to do a fair amount of research into the qualifications of those granting and holding the certification. A boat load of certifications, many claiming to be the one you really need, presently exist with more being introduced every few months. In fact, for a while, almost every course outside of the government or university seemed to offer some sort of certification. Some peer certifications impress me as little more than marketing ploys; a way to get you to take 'their' course so you can pass 'their' test. Others appear to have some merit. I've even been solicited to endorse numerous such approaches over the years, although I never found one that I felt comfortable endorsing. The primary reason for my lack of enthusiasm for peer certification is that I've met what I believed to be competent and incompetent 'examiners' who held the same certification. I am tempted to conclude that if someone is competent before they become "certified", they continue to be competent. Conversely, the reverse also appears to be in evidence. This apparent problem may explain why no federal or state government to my knowledge recognizes any peer certification as a licensing requirement. So far as the future is concerned, my guess is that state licensing will be the norm within a few years. In the interim, when asked about the recommended criteria for a contract examiner, I fall back on my own experience of what I know works. A federal agent with several months of federal agency computer forensics training, coupled with at least five years of routinely working computer forensics intensive cases destined for criminal court, is a reasonably safe choice. Since federal agents tend to meet the same education and background standards required of military commissioned officers, they are more likely than most to at least appear professional. Advanced college degrees never hurt when the background of the examiner is being reviewed before the jury. If the degree is in computer science from a well known regionally accredited university, so much the better. While computer forensics degree programs tend, in my experience, to fall short of said federal agent forensics training and experience, they are probably not a bad fall back position. The bottom line is that you're likely to pay the same hourly rate whether the examiner is highly qualified or not; so why not get what you're paying for. At least, that's what I think.
CompuForensics courses are modeled on computer forensics examiner training provided US federal agents. There exists no higher standard. Like federal law enforcement restricted examiner training, examiners are taught to approach each case as a criminal investigation, which normally exceeds coverage for civil court and personnel action remedies; this approach is particularly prudent where civil court or personnel actions are subsequently elevated to criminal prosecution. Other courses routinely fail to provide needed instruction in legal issues and evidence handling procedures set forth as minimum standards by emerging state licensing requirements for private examiners. Unlike abbreviated 3-5 day commercial courses, our examiner instruction is: (1) taught by retired supervisory federal agents, who are recognized national authorities in computer forensics as well as holders of advanced university degrees;
(2) comparable in length and content to
federal instruction (115 hours/11.5 Continuing Education Units); (4) 'live' on-line courses designed for working computer professionals (7-9 Central Time); and (5) exclusively available through state universities and colleges, widely assumed to hold higher academic standards than commercial training centers.
Unlike pseudo certification courses administered in less than a week with unsupervised examinations, our examiner courses emphasize hands-on reinforcement of the spoken and written word. Training is only available through accredited universities and colleges. Since neither CompuForensics nor hosting institutions produce software; students can rest assured that all forensics software was chosen based solely upon perceived merit, relative cost effectiveness and expected courtroom acceptance. The Forensic Examiner course is taught by a retired supervisory federal agent with over twenty years of criminal investigative experience and advanced degrees from 'regionally' accredited traditional universities. Moreover, as you might expect from university certificate courses offering continuing education credits, our training creates independent thinking manual forensic analysts with the knowledge to deal with the unusual as well as the ordinary. Conversely, those primarily trained in the use of an automated forensics analysis program restrict themselves to the limited capabilities of that program. While some automated programs are better than others, the weaknesses of all are well known to criminal elements seeking to hide or cleanse evidence. Even so-called law enforcement versions are effectively exploited by readily available evidence elimination software. Only through a knowledge of manual forensic analysis methodology, and the theory upon which it is based, can one hope to deal with perpetrators armed with the latest automated counter-measures. Concomitantly, mere program operators are easy prey for skilled manual forensic analysts testifying on behalf of opposing counsel. College Level Instruction and Certification Computer forensics is a relatively new field and is as yet not regulated by any credible centralized certification authority. Should such certification become available in the next few years, it will most likely be a state government responsibility following completion of a degree program at an accredited university or college. CompuForensics training is only available through accredited universities and colleges. Lead instructors possess doctoral or masters degrees as well as experience in the computer forensics field. Certificates signed by a Dean or Associate Provost are issued upon successful completion by the hosting university or college. Written examination scores are retained indefinitely by the hosting university or college. The course developer and supervising instructor is an internationally recognized computer forensics authority and sole contributor for a major federal law enforcement agency to the Federal Guidelines on Searching and Seizing Computers. Compare this with commercial and government courses using lesser trained and relatively inexperienced instructors. He has trained well over a thousand federal, state and local law enforcement investigators and recently retired with over a quarter century of federal law enforcement experience, culminating in the management of a national computer forensics program for a major federal law enforcement agency. Unless otherwise indicated, he will also be the on-site instructor. CompuForensics courses are designed to meet or exceed local requirements for college credit and government agency certification. Designed as a short version of the 2-month Seized Computer Evidence Recovery Specialist (SCERS) course given at the Federal Law Enforcement Training Center and restricted to law enforcement personnel, it is more than equal to the shorter 2-week SCERS training available to local law enforcement. It is not by chance that CompuForensics is chosen more than others to provide campus based training, where students receive credible certificates from well established universities and colleges. Some universities and colleges have indicated their intention to incorporate CompuForensics courses into a law enforcement/high technology undergraduate degree program. Forensics Examiners Vs. Automated Program Operators Our graduates are qualified as computer forensics examiners. Unlike automated program operators, examiners are competent to testify in criminal and civil court regarding theory as well as practice. Those only trained as automated program operators are ill equipped to testify as expert witnesses with regard to computer forensics. Concomitantly, even the best automated forensics programs will miss evidence likely to be found by a trained examiner. Our two weeks of examiner training is only the beginning of your formal and informal education as a computer forensics examiner. Students are encouraged to pursue additional training in C programming (knowledge of how operating systems and applications work), Windows network administration and computer security. Some students have attended A+ Certification training; those who have not should possess comparable training prior to doing computer forensics. The bottom line is that competent forensics examiners are not made overnight, or in a few days for that matter. Our 75-hour Computer Forensics Examiner course is equivalent to government courses lasting much longer. Forensics is a Growth but Increasingly Competitive Industry Computer forensics is among the fastest growing technical investigative and security specialties. Government investment in the field, an adjunct to computer crime, has seen impressive gains in the last two decades. Similar growth has also been manifested in the private sector during the last decade. While virtually no commercial field of endeavor is unaffected by global economic slumps, computer forensics has faired far better than most due to the continuing short supply of competent manual forensic analysts. Increasing numbers of computer industry professionals are pursuing computer forensics expertise as a hedge against widespread corporate downsizing. Others form their own computer forensics small businesses, attracted by the $150 to $250 per hour rates typical in many large metropolitan areas. That being said, marginally trained pseudo examiners and mere automated application operators are finding it increasingly difficult to compete as the legal system and prospective clients become more technically discriminating.
Since CompuForensics' establishment in 1998, competitors in the field of computer forensics training have come and gone, some large corporate efforts lasting only a few months. In fact, CompuForensics courses were initially provided through one of America's largest corporations. Some other surviving trainers have restricted themselves to niche markets, providing instruction in the use of a particular automated application and very little else. The secret to the survival of this Tennessee based small business is obvious to our students. Working through established universities and colleges, our instructors bring real world experience and in-depth technical knowledge to meet the needs of large and small concerns alike. Student comments like "the best course I've ever taken", "uniquely worth the money" and "looked forward to each class" are commonplace. The one often repeated complaint is they've taken all three courses and want more. In response to their requests, movement is afoot with some of our academic associates to not only expand CompuForensics offerings but to integrate them into law enforcement and technical degree programs. Even though computer forensics is a growth industry, we attempt to give our students an edge. We don't stop at teaching theory and application. Emphasis is placed upon applying what they've learned in the real world, whether it be a courtroom or a boardroom. Our students further receive guidance in effectively marketing their computer forensics skills, both within their organization and the open marketplace. Successful graduates are offered a free listing on the CompuForensics web site analysis page. Students having completed both the Basic and Advanced Examiner courses or the current 'live' on-line 12-week Forensics Examiner course are given log in access to a password protected computer forensics support forum. Student Eligibility and Course Prerequisites CompuForensics courses are available to the majority of government and private sector applicants. Attendees have included government personnel from as far away as Australia, India and South Africa. The tuition of most students is funded by government agencies and corporations, although an increasing number of students are self funded. Funding has also been available through federal/state administered employment, veterans and small business programs. While widely reputed to be the only course of it's kind available to the general public, some restrictions do apply. Government employees from countries widely characterized as closely affiliated with terrorist and/or criminal organizations, such as Iraq and Mexico respectively, are not eligible for attendance. US citizens with felony convictions are also excluded. Some off-campus customized sessions may be restricted to government personnel. Questions regarding eligibility of foreign applicants at any session should be referred to CompuForensics. Windows familiarity is required for the Computer Forensics Examiner course. While some students possess university degrees in computer science, most do not. If you are comfortable loading your own Windows operating system and applications, you meet the minimum prerequisites. Students are additionally expected to have some experience with command line operations (navigating the directory structure from the command prompt in text mode). While not required, attendance at an A+ or comparable hardware/software literacy course is recommended. The Forensics Examiner course does not require prior experience with Linux. While not required, attendance at a technical writing course is recommended for students without strong English grammar and composition skills. Open SuSE and Knoppix Live Distributions are used. Computer forensic examiners are also well served by follow-on associated technical training in computer programming (i.e., ANSI C or C++) and MS/Novell/Linux certification training. Non-technical training in law, behavioral and social psychology, and public speaking/drama/TV journalism can also contribute to an examiner's ability to testify effectively in court. Media Coverage of Past Classes
Paired
with major accredited universities and colleges, CompuForensics university
based training has not escaped
This highly favorable coverage is particularly noteworthy given that CompuForensics does not engage in expensive media advertising. New training opportunities are being scheduled to meet the growing demand. Check this site frequently for updates. A High Value Leader with a Proven Track Record How can CompuForensics offer high quality training at a fraction of the cost normally charged? The answer is size and operating expense. As a small business, CompuForensics does not have the overhead associated with larger concerns. Except for university and college course listings, advertising is largely by word of mouth, uncompensated news coverage and the Internet. CompuForensics passes savings through to the student, issuing each with an illustrated multimedia (CD/floppy) student notebook and hundreds of dollars worth of commercial software. John Seither, proprietor of CompuForensics, has taught computer forensics to federal, state and local law enforcement officers for more than a decade. In additional to being a regular guest instructor at the Federal Law Enforcement Training Academy, he has in recent years provided interagency training in California, Florida, Georgia, Illinois, Nevada, New York, Ohio, South Carolina, Tennessee, Texas and Virginia. He was the founder and driving force behind the Houston Area Technical Support (HATS) interagency group, which reached a membership of over 800 law enforcement members from as far away as England and Australia. The now disbanded HATS organization provided the nucleus for the Houston chapter of the High Technology Crime Investigation Association. Following retirement in late 1998 after a quarter century as a senior and supervisory federal law enforcement agent, John Seither began work on computer forensics training in association with TASC, a subsidiary of the giant Litton Corporation. Litton/TASC computer forensics course offerings include a one-day course for managers and a one-week course for investigators. Both courses were developed by CompuForensics for TASC. The TASC Manager's course was initially prepared during the summer of 1999 and has been provided twice in Washington, DC and once in New York to law enforcement and corporate security managers. The TASC Investigator's course was initially prepared during the summer and fall of 1999 and provided in October 1999 at the United States Secret Service in New York City to law enforcement and corporate security investigators associated with the Economic Crimes Task Force. It was given at TASC in northern Virginia from March 27-30, 2000. During the spring of 2000, CompuForensics began work with Wright State University to develop computer forensics and Internet crime training for criminal and corporate investigators. Since then, CompuForensics training has expanded to four campuses in four states. |
| © CompuForensics Home Training Syllabus Analysis Links Rev. February 04, 2010 |
Power Point
multimedia presentations hosted by the CompuForensics password access
website (CompuPic.Net). On-line two hour classes occur on Monday, Wednesday
and Friday evenings beginning at 7:00 p.m., Central Time. Standard and
Daylight times apply. All on-line students minimally require a Windows XP computer with broadband Internet access (minimum 1 Mb download
rate recommended for course video content). Since the
Forensics Examiner course involves rebooting during the on-line training
session, simultaneous use of a separate forensic exercise computer is
required. While the computer required to run Skype and the Video
presentation should be an XP or Vista machine, the Windows computer used to accomplish
forensic exercises need not be. The exercise computer should have a bootable
DVD
disk drive and run any one of the following operating systems: Windows 2000 Pro
or Windows XP (use of Vista may preclude use of some forensic utilities). In
that the exercise computer will be running Open SuSE 11.x and Linux hosted
Windows XP, SuSE Linux and XP compatibility is required. Use of head phones with an integrated microphone is
further recommended to avoid background noise and echo effects. Suitable
head phones are widely available for under $20. 
In
January 2008, on-line and on-campus Examiner Basic and Examiner Advanced
courses were replaced with a single 12-week 75-Hour Forensics Examiner course.
Whereas tuition for the replaced on-campus courses totaled $3990, the Forensics
Examiner course currently retails for $995. Students will need to
have their own licensed copy of Windows XP or Windows 2000 on CDROM for use
with Win4Lin Desktop; supported Microsoft CDs are listed on
of random access memory (RAM). Computers with faster processors and
2GB or more of RAM are recommended for improved hosted Windows
session performance. Student exercise computers must be
compatible with Open SuSE 11. Call or e-mail CompuForensics for
information not contained in the 
Like
computer forensics, the appeal of CompuForensics courses has grown
not only in popularity, but in availability as well. While courses continue to attract members of federal, state and local law
enforcement as well as the military and civilian intelligence
communities, our university
based training has also become popular with some of the largest
employers in America, such as financial institutions, heavy industry,
telecommunications and health providers. More recently, small
businesses and independent professionals have joined our classes.
