|
|
|
Answers to Frequently Asked Questions $995 Live On-line Examiner Course Available in 2008
In addition to conventional classroom
instruction, in which the student is trained in university computer
laboratories, computer forensics examiner courses are also available
on-line. Unlike traditional correspondence courses, our on-line training is
live. That is, an instructor is available during each block of instruction
via Skype teleconferencing software. Lectures are augmented by
At course end, students having attended at least
70% of scheduled classes are issued a co-branded certificate of completion
from CompuForensics and the affiliated state university or college. Some students may have
the option of using universities computers; in such instances, university
laboratory fees additionally apply. Class size is limited to nine students. Two decades ago, computer forensics examiners were relatively few. To the best of my memory, we were all federal agents. Many of us were initially trained as electronic counter measures (ECM) specialists at the Central Intelligence Agency. Those who weren't electrical engineers, like myself, attended several months of private tutoring in analog and digital electronics. Once we completed the lengthy ECM training, a few of us stayed on additional weeks to receive training in computer specific investigations. The theory at the time was that a competent examiner understood how the hardware and operating system worked. Concomitantly, the Government funded my attendance at numerous university based programming and computer analysis courses. All in all, the Government claimed to have spent in excess of $100,000 over a little less than two years, not counting my salary. While the extent of my training was probably greater than that of most other federal agent examiners, most everyone then received a fair amount of training. Unfortunately, beginning in the early 1990s, governments began to cut back on computer forensics training expenses. Still, most examiners were criminal investigators, if not federal agents. During the last decade or so, the number of folks calling themselves computer forensics examiners exploded. Some local law enforcement officers received little more than a two or three day course in how to operate an automated analysis program, thereafter claiming to be 'certified' [automated program] examiners. Worse yet, marginally computer literate civilians, lacking any credible background in criminal law, rules of evidence or courtroom procedures, took a week long course from non-law enforcement trained instructors and loosed themselves on the unsuspecting public. What ensued was the 'wild west' era of computer forensics; in the old west, you were likely as not to have your life threatening wound treated by a barber as a college trained medial doctor. Although it has taken a while, an increasing number of states are attempting to, so to speak, weed out the barbers. Most minimally require that examiners be private investigators. At least one state required two years of full-time law enforcement experience or a four year college degree in criminal justice. Nevertheless, in more states than not, standards for those calling themselves computer forensics examiners are non-existent. Some would argue that peer certification is the answer to the standard free mess we find ourselves in. If this is your solution, be prepared to do a fair amount of research into the qualifications of those granting and holding the certification. A boat load of certifications, many claiming to be the one you really need, presently exist with more being introduced every few months. In fact, for a while, almost every course outside of the government or university seemed to offer some sort of certification. Some peer certifications impress me as little more than marketing ploys; a way to get you to take 'their' course so you can pass 'their' test. Others appear to have some merit. I've even been solicited to endorse numerous such approaches over the years, although I never found one that I felt comfortable endorsing. The primary reason for my lack of enthusiasm for peer certification is that I've met what I believed to be competent and incompetent 'examiners' who held the same certification. I am tempted to conclude that if someone is competent before they become "certified", they continue to be competent. Conversely, the reverse also appears to be in evidence. This apparent problem may explain why no federal or state government to my knowledge recognizes any peer certification as a licensing requirement. So far as the future is concerned, my guess is that state licensing will be the norm within a few years. In the interim, when asked about the recommended criteria for a contract examiner, I fall back on my own experience of what I know works. A federal agent with several months of federal agency computer forensics training, coupled with at least five years of routinely working computer forensics intensive cases destined for criminal court, is a reasonably safe choice. Since federal agents tend to meet the same education and background standards required of military commissioned officers, they are more likely than most to at least appear professional. Advanced college degrees never hurt when the background of the examiner is being reviewed before the jury. If the degree is in computer science from a well known regionally accredited university, so much the better. While computer forensics degree programs tend, in my experience, to fall short of said federal agent forensics training and experience, they are probably not a bad fall back position. The bottom line is that you're likely to pay the same hourly rate whether the examiner is highly qualified or not; so why not get what you're paying for. At least, that's what I think.
CompuForensics courses are modeled on computer forensics examiner training provided US federal agents. There exists no higher standard. Like federal law enforcement restricted examiner training, examiners are taught to approach each case as a criminal investigation, which normally exceeds coverage for civil court and personnel action remedies; this approach is particularly prudent where civil court or personnel actions are subsequently elevated to criminal prosecution. Other courses routinely fail to provide needed instruction in legal issues and evidence handling procedures set forth as minimum standards by emerging state licensing requirements for private examiners. Unlike abbreviated 3-5 day commercial courses, our examiner instruction is: (1) largely taught by retired supervisory federal agents, who are recognized national authorities in computer forensics as well as holders of advanced university degrees;
(2) comparable in length and content to
federal instruction (75 hours/7.5 Continuing Education Units); (4) 'live' on-line courses designed for working computer professionals (MWF 7-9 Central Time); and (5) exclusively available through state universities and colleges, widely assumed to hold higher academic standards than commercial training centers.
Unlike pseudo certification courses administered in less than a week with unsupervised examinations, our examiner courses emphasize hands-on reinforcement of the spoken and written word. Training is only available through accredited universities and colleges. Since neither CompuForensics nor hosting institutions produce software; students can rest assured that all forensics software was chosen based solely upon perceived merit, relative cost effectiveness and expected courtroom acceptance. The Forensic Examiner course is taught by a retired supervisory federal agent with over twenty years of criminal investigative experience and advanced degrees from 'regionally' accredited traditional universities. Moreover, as you might expect from university certificate courses offering continuing education credits, our training creates independent thinking manual forensic analysts with the knowledge to deal with the unusual as well as the ordinary. Conversely, those primarily trained in the use of an automated forensics analysis program restrict themselves to the limited capabilities of that program. While some automated programs are better than others, the weaknesses of all are well known to criminal elements seeking to hide or cleanse evidence. Even so-called law enforcement versions are effectively exploited by readily available evidence elimination software. Only through a knowledge of manual forensic analysis methodology, and the theory upon which it is based, can one hope to deal with perpetrators armed with the latest automated counter-measures. Concomitantly, mere program operators are easy prey for skilled manual forensic analysts testifying on behalf of opposing counsel. College Level Instruction and Certification Computer forensics is a relatively new field and is as yet not regulated by any credible centralized certification authority. Should such certification become available in the next few years, it will most likely be a state government responsibility following completion of a degree program at an accredited university or college. CompuForensics training is only available through accredited universities and colleges. Lead instructors possess doctoral or masters degrees as well as experience in the computer forensics field. Certificates signed by a Dean or Associate Provost are issued upon successful completion by the hosting university or college. Written examination scores are retained indefinitely by the hosting university or college. The course developer and supervising instructor is an internationally recognized computer forensics authority and sole contributor for a major federal law enforcement agency to the Federal Guidelines on Searching and Seizing Computers. Compare this with commercial and government courses using lesser trained and relatively inexperienced instructors. He has trained well over a thousand federal, state and local law enforcement investigators and recently retired with over a quarter century of federal law enforcement experience, culminating in the management of a national computer forensics program for a major federal law enforcement agency. Unless otherwise indicated, he will also be the on-site instructor. CompuForensics courses are designed to meet or exceed local requirements for college credit and government agency certification. Designed as a short version of the 2-month Seized Computer Evidence Recovery Specialist (SCERS) course given at the Federal Law Enforcement Training Center and restricted to law enforcement personnel, it is more than equal to the shorter 2-week SCERS training available to local law enforcement. It is not by chance that CompuForensics is chosen more than others to provide campus based training, where students receive credible certificates from well established universities and colleges. Some universities and colleges have indicated their intention to incorporate CompuForensics courses into a law enforcement/high technology undergraduate degree program. Computer Forensics Examiners Vs. Automated Program Operators Our graduates are qualified as computer forensics examiners. Unlike automated program operators, examiners are competent to testify in criminal and civil court regarding theory as well as practice. Those only trained as automated program operators are ill equipped to testify as expert witnesses with regard to computer forensics. Concomitantly, even the best automated forensics programs will miss evidence likely to be found by a trained examiner. Our two weeks of examiner training is only the beginning of your formal and informal education as a computer forensics examiner. Students are encouraged to pursue additional training in C programming (knowledge of how operating systems and applications work), Windows network administration and computer security. Some students have attended A+ Certification training; those who have not should possess comparable training prior to doing computer forensics. The bottom line is that competent forensics examiners are not made overnight, or in a few days for that matter. Our 75-hour Computer Forensics Examiner course is equivalent to government courses lasting much longer. Computer Forensics is a Growth but Increasingly Competitive Industry Computer forensics is among the fastest growing technical investigative and security specialties. Government investment in the field, an adjunct to computer crime, has seen impressive gains in the last two decades. Similar growth has also been manifested in the private sector during the last decade. While virtually no commercial field of endeavor is unaffected by global economic slumps, computer forensics has faired far better than most due to the continuing short supply of competent manual forensic analysts. Increasing numbers of computer industry professionals are pursuing computer forensics expertise as a hedge against widespread corporate downsizing. Others form their own computer forensics small businesses, attracted by the $150 to $250 per hour rates typical in many large metropolitan areas. That being said, marginally trained pseudo examiners and mere automated application operators are finding it increasingly difficult to compete as the legal system and prospective clients become more technically discriminating.
Since CompuForensics' establishment in 1998, competitors in the field of computer forensics training have come and gone, some large corporate efforts lasting only a few months. In fact, CompuForensics courses were initially provided through one of America's largest corporations. Some other surviving trainers have restricted themselves to niche markets, providing instruction in the use of a particular automated application and very little else. The secret to the survival of this Tennessee based small business is obvious to our students. Working through established universities and colleges, our instructors bring real world experience and in-depth technical knowledge to meet the needs of large and small concerns alike. Student comments like "the best course I've ever taken", "uniquely worth the money" and "looked forward to each class" are commonplace. The one often repeated complaint is they've taken all three courses and want more. In response to their requests, movement is afoot with some of our academic associates to not only expand CompuForensics offerings but to integrate them into law enforcement and technical degree programs. Even though computer forensics is a growth industry, we attempt to give our students an edge. We don't stop at teaching theory and application. Emphasis is placed upon applying what they've learned in the real world, whether it be a courtroom or a boardroom. Our students further receive guidance in effectively marketing their computer forensics skills, both within their organization and the open marketplace. Successful graduates are offered a free listing on the CompuForensics web site analysis page. Students having completed both the Basic and Advanced Examiner courses or the current 'live' on-line 12-week Forensics Examiner course are given log in access to a password protected computer forensics support forum. Student Eligibility and Course Prerequisites CompuForensics courses are available to the majority of government and private sector applicants. Attendees have included government personnel from as far away as Australia, India and South Africa. The tuition of most students is funded by government agencies and corporations, although an increasing number of students are self funded. Funding has also been available through federal/state administered employment, veterans and small business programs. While widely reputed to be the only course of it's kind available to the general public, some restrictions do apply. Government employees from countries widely characterized as closely affiliated with terrorist and/or criminal organizations, such as Iraq and Mexico respectively, are not eligible for attendance. US citizens with felony convictions are also excluded. Some off-campus customized sessions may be restricted to government personnel. Questions regarding eligibility of foreign applicants at any session should be referred to CompuForensics. Windows familiarity is required for the Computer Forensics Examiner course. While some students possess university degrees in computer science, most do not. If you are comfortable loading your own Windows operating system and applications, you meet the minimum prerequisites. Students are additionally expected to have some experience with command line operations (navigating the directory structure from the command prompt in text mode). While not required, attendance at an A+ or comparable hardware/software literacy course is recommended. The Forensics Examiner course does not require prior experience with Linux. While not required, attendance at a technical writing course is recommended for students without strong English grammar and composition skills. Open SuSE and Knoppix Live Distributions are used. Computer forensic examiners are also well served by follow-on associated technical training in computer programming (i.e., ANSI C or C++) and MS/Novell/Linux certification training. Non-technical training in law, behavioral and social psychology, and public speaking/drama/TV journalism can also contribute to an examiner's ability to testify effectively in court. Media Coverage of Past Classes
Paired
with major accredited universities and colleges, CompuForensics university
based training has not escaped
This highly favorable coverage is particularly noteworthy given that CompuForensics does not engage in expensive media advertising. New training opportunities are being scheduled to meet the growing demand. Check this site frequently for updates. A High Value Leader with a Proven Track Record How can CompuForensics offer high quality training at a fraction of the cost normally charged? The answer is size and operating expense. As a small business, CompuForensics does not have the overhead associated with larger concerns. Except for university and college course listings, advertising is largely by word of mouth, uncompensated news coverage and the Internet. CompuForensics passes savings through to the student, issuing each with an illustrated multimedia (CD/floppy) student notebook and hundreds of dollars worth of commercial software. John Seither, proprietor of CompuForensics, has taught computer forensics to federal, state and local law enforcement officers for more than a decade. In additional to being a regular guest instructor at the Federal Law Enforcement Training Academy, he has in recent years provided interagency training in California, Florida, Georgia, Illinois, New York, Texas and Virginia. He was the founder and driving force behind the Houston Area Technical Support (HATS) interagency group, which reached a membership of over 800 law enforcement members from as far away as England and Australia. The now disbanded HATS organization provided the nucleus for the Houston chapter of the High Technology Crime Investigation Association. Following retirement in late 1998 after a quarter century as a senior and supervisory federal law enforcement agent, John Seither began work on computer forensics training in association with TASC, a subsidiary of the giant Litton Corporation. Litton/TASC computer forensics course offerings include a one-day course for managers and a one-week course for investigators. Both courses were developed by CompuForensics for TASC. The TASC Manager's course was initially prepared during the summer of 1999 and has been provided twice in Washington, DC and once in New York to law enforcement and corporate security managers. The TASC Investigator's course was initially prepared during the summer and fall of 1999 and provided in October 1999 at the United States Secret Service in New York City to law enforcement and corporate security investigators associated with the Economic Crimes Task Force. It was given at TASC in northern Virginia from March 27-30, 2000. During the spring of 2000, CompuForensics began work with Wright State University to develop computer forensics and Internet crime training for criminal and corporate investigators. Since then, CompuForensics training has expanded to five campuses in four states. |
| © CompuForensics Home Training Syllabus Analysis Links Rev. May 13, 2008 |
Power Point
multimedia presentations hosted by the CompuForensics password access
website (CompuPic.Net). On-line two hour classes occur on Monday, Wednesday
and Friday evenings beginning at 7:00 p.m., Central Time. Standard and
Daylight times apply. All on-line students minimally require a Windows XP computer with broadband Internet access (minimum 1 Mb download
rate recommended for course video content). Since the
Forensics Examiner course involves rebooting during the on-line training
session, simultaneous use of a separate forensic exercise computer is
recommended. While the computer required to run Skype and the Video
presentation should be an XP or Vista machine, the Windows computer used to accomplish
forensic exercises need not be. The exercise computer should have a floppy
disk drive and run any one of the following operating systems: Windows 98SE,
ME, 2000 Pro, XP or Vista. Use of head phones with an integrated microphone is
further recommended to avoid background noise and echo effects. Suitable
head phones are widely available for under $20. 
In
January 2008, on-line and on-campus Examiner Basic and Examiner Advanced
courses were replaced with a single 12-week 75-Hour Forensics Examiner course.
Whereas tuition for the replaced on-campus courses totaled $3990, the Forensics
Examiner course currently retails for $995. Students will need to
have their own licensed copy of Windows XP or Windows 2000 on CDROM for use
with the provided commercially licensed Win4Lin Desktop; supported Microsoft CDs are listed on
of random access memory (RAM). Computers with faster processors and 1GB or more of RAM are recommended for improved hosted Windows
session performance. Student computers must be
compatible with Open SuSE 10.2. Call or e-mail CompuForensics for
information not contained in the 
Like
computer forensics, the appeal of CompuForensics courses has grown
not only in popularity, but in availability as well. While courses continue to attract members of federal, state and local law
enforcement as well as the military and civilian intelligence
communities, our university
based training has also become popular with some of the largest
employers in America, such as financial institutions, heavy industry,
telecommunications and health providers. More recently, small
businesses and independent professionals have joined our classes.
