Computer Forensics Training

CompuForensics for
Computer Forensics Examiner Training

Computer Forensics Examiner 12-Week Course Live On-line	Court/Legal Issues 10-Week Course Live On-line	Windows User Security & Privacy (on-site & live on-line)	Computer Forensics Introduction/Business (on-site & live on-line)
Length: 75 hours Tuition: $995 Included: Notes/CD & DVDROM Requisite: Win. XP OS familiarity Summary: Best of Basic and Advanced combined (analysis of Windows using Windows running inside SuSE Linux) courses. Prior Linux experience is not needed.	Length: 40 Hours Tuition: $795 Included: Notes /NIJ DVD Requisite: 12-Week Course Summary: Forensic legal issues and courtroom testimony are discussed using NIJ and DOJ references. Students are examined and cross examined by a practicing attorney.	Length: 1 Days (8 hours) Tuition: $195; Call for on-site Included: Notes/Software Download Requisite: MS Win. familiarity Summary: Data hiding/encryption, safe/private Internet browsing, data recovery/eradication, backup & restoration and legal issues	Length: 1 day (8 hours) Tuition: $195; Call for on-site Included: Notes/Software Download Requisite: None Summary: Introduction to computer forensics as well as business issues courses are intended for managers and staff involved with computer forensics managers.

Computer forensics is a relatively new professional endeavor within the computer science field. Little more than two and one-half decades old, it has garnered increasing attention in recent years due to an unusually high earning potential that tends to be almost immune from overseas competition. Computer forensics is the process of acquiring computer based information for use in legal proceedings or formal debate through a detailed or careful search. Legal proceedings normally refer to criminal or civil court trials, which are local in nature and therefore more effectively served by local examiners. Computer forensics, which was initially restricted to law enforcement officers, has more recently been practiced by those without law enforcement training. As such, it is increasingly popular among other computer professionals whose job prospects have been adversely affected by global competition.

Once you’ve decided you’re ready to embark on a career in computer forensics, enroll in our 75-hour 12-week Forensic Examiner on-line course. Classes occur from 7-9 p.m. Central, Monday, Wednesday and Friday. If you’ve completed our 75-hour computer forensics training, consider taking taking our new 40-Hour 10-week Court/Legal Issues on-line course taught Tuesdays and Thursday evenings. In addition to decades of federal law enforcement experience and hundreds of hours of courtroom experience, the Court/Legal Issues course affords students the unique opportunity to experience courtroom examination and cross examination by a practicing attorney.

Finally, if you manage or support computer forensics examiners, our 8-hour Computer Forensics Business Issues course may be just what you’re looking for. Conversely, if you’d like to know just enough about computer forensics to protect yourself from on-line threats, Personal Computer Security and Privacy may better suit your current needs. Both courses are taught Tuesday and Thursday evenings.

Established in 1998, CompuForensics has become increasingly popular among law enforcement, government intelligence and corporate security professionals. Previously restricted to full-time government employees or a select group of corporate security investigators, this high quality computer forensics training is now available to the general American public through nationally renowned and regionally accredited state universities and colleges. The current Forensics Examiner course spans 12 weeks and 35 two-hour sessions in addition to five hours of additional comprehensive exercise group study. Those completing at least 70% of scheduled classes, including a comprehensive forensics case study, are rewarded with a certificate signed by a dean or higher. Although designed as a 7.5 CEU (Continuing Education Units) university course with Pass/Fail grading, a proctored written examination is available for those requiring a letter grade. Course graduates can also elect to have their contact and training information listed on the Analysis page of this website.

In January, 2008, the Computer Forensics Examiner Basic 8-week 48-hour and 7-week 42-hour Advanced live on-line courses were replaced with the 12-week 75-hour Forensics Examiner course. Containing essential and most popular components of the Basic and Advanced courses, the new updated live on-line course manifested a savings of nearly a thousand dollars to the student.

Depicted below is the user friendly web based video access interface on CompuForensics' password protected CompuPic.Net; for a current listing of course content, download a copy of the course syllabus. The student has access to this site for the entire 12-week period, including web compatible read-only videos. Each green button corresponds to a Power Point XML presentation augmenting live instruction via Skype VOIP (Voice Over Internet Protocol). In addition to live sessions, instructor audio recordings may be accessed via blue buttons. Audio recordings are routinely made upon notification that a student will not be present for the live session. Alternatively, students can attend live lecture sessions via a land-line or cellular telephone by prior arrangement. Skype and telephone conference connections are initiated by the instructor.

The live on-line 75-hour Examiner course is restricted to no more than nine students. Classes tend to be smaller still, affording an unparalleled student-teacher ratio. Although scripted exercises are designed for independent use, the instructor is available should the student require immediate assistance during scheduled laboratory exercises. The Court/Legal Issues course may be slightly larger, however, benefits from the improved interaction afforded by GoToMeeting.

The 12-Week Forensic Examiner course is designed to equip government and corporate investigators/analysts with the skills needed to safely locate and secure computer evidence at the search site as well as to conduct subsequent off-site analysis. Specific instruction focusing on hacker and child pornography Internet investigations is included. Linux, the world's most powerful operating system, is employed to to more safely and effectively analyze Windows systems, including Windows 9.x, ME, 2000, XP and Vista. This technique, increasingly used in the forensics community, was pioneered by the Department of Defense in the late 1990s. A comprehensive course syllabus, including student communications and exercise computer specifications, is available in Adobe Acrobat format by selecting the right adjacent document representation. Frequently asked questions and a sample video interface is available by selecting the Questions button at the top of this page. Prospective students are also invited to contact the instructor by telephone or email.

Win4Lin and CrossOver allow Windows XP and Windows forensic tools to run inside of SuSE Linux. Linux precludes inadvertent modification of evidentiary partitions by the Windows operating system and applications. Knoppix Live Debian Linux is employed to safely and efficiently conduct an on-site preliminary forensic analysis of Windows computers. Program Management and technical report writing instruction is included.

On-line Forensics Instructor

Pictured in casual attire suitable to his current semi-retirement in rural Tennessee, the instructor possesses professional training and experience second to none. Possessing bachelor and masters university degrees, the instructor additionally attended special agent academies for the Department of the Treasury, US Customs Service, Naval Criminal Investigative Service and USAF Office of Special Investigations. Applicable technical training was principally hosted by the Treasury Department and Central Intelligence Agency. A former field grade intelligence officer with the USAF and US Army, he is a decorated Vietnam air combat veteran. Retiring at age 53 with a quarter century of federal law enforcement experience, he served as field agent, agent supervisor and headquarters staff, including service as a national program manager for computer forensics. In addition to well over a decade of US Government computer forensics experience, he has taught computer forensics since 1999 at seven regionally accredited universities or colleges in the Midwest and South.

12-Week Forensics Examiner Student Background

All on-line students should be fluent in English. All lectures, laboratories and videos are provided solely in English. The on-line format does not lend itself well to those with hearing or sight disabilities.

Twelve week examiner students should minimally have prior experience in loading the Microsoft Windows XP operating system and applications, copying/moving/linking files using Windows Explorer, and be familiar with the use of classic menu options under XP. Prior use of basic Command Prompt utilities such as format, change directory, rename, delete and copy is also required. A+ or comparable computer hardware background is minimally desirable. Prior experience with Linux or computer forensics is not required.

12-Week Examiner Computer System Requirements

Audio Headset - Use of an ear phone with an integrated microphone is required to avoid background noise and echo effects. Suitable head phones with integrated microphones are widely available for as little as $20. Student microphones should be muted when not used for talking.

Audio/Video Computer - Notebook, desktop or tower computer running Microsoft Internet Explorer 6/7 and Skype is recommended. Use of non-Microsoft Windows XP/Vista/Windows 7 personal computers may preclude optimum use of the web based XML Power Point presentations. Skype teleconferencing software is available for Windows, Macintosh and Linux operating systems. Download a free copy of Skype from www.Skype.com.

Exercise Computer - Since the Examiner course involves some rebooting during on-line laboratory sessions, simultaneous use of a separate forensic exercise computer is needed. The exercise computer must be minimally equipped with a DVD-ROM bootable drive. In addition to the compatibility requirement to run Windows XP or 2000 Pro inside of SuSE Linux 11.x, the exercise computer should minimally be configured with a Pentium IV or equivalent processor running at 1.6 GHz or faster, 1 gigabyte of RAM (Random Access Memory) and 40 gigabytes of free hard disk capacity. While the exercise computer can be a notebook, use of a desktop or tower with at least one removable drive bay is preferred for those intending to use their exercise computer to do computer forensics analysis at the conclusion of the course. The exercise computer should contain Windows 2000 or XP (Vista or Windows 7 can be used with the understanding that some Windows forensic utilities may not be supported). Linux and Windows XP or 2000 Pro will be additionally installed during the initial weeks of the course. Students must possess a non-upgrade version of Windows XP or 2000 Pro that is compatible with Win4Lin (see Win4Lin.com).

Exercise Software - Required preliminary and comprehensive forensic exercise images are available in Ghost, Safeback and WinHex formats. If used, Norton Ghost should be 2001, 2002 or 2003 version; Ghost 10 is the last version to include Ghost 2003. Accordingly, Ghost, Safeback or WinHex (Specialist) is required. Possession of a specialist licensed version of WinHex disk editor is recommended, especially for those intending to do forensics after the course. A personal license copy will support most course requirements. The WinHex disk editor is available for purchase or evaluation download at www.WinHex.com. Students should additionally possess a bootable Knoppix 5.x CD-ROM, which may be downloaded free from www.Knoppix.net.

12-Week Examiner Course Resources

Students are provided illustrated loose-leaf study notebook inserts as well as a SuSE 11.x DVDROM and CompuForensics bootable CD-ROM (supporting DOS, Windows and Linux based analysis of Windows computers). Trial ware versions of Win4Lin, CrossOver and Quick View Plus are used.

At course end, students having attended at least 70% of scheduled classes and satisfactorily completing a case based comprehensive exercise are issued a college certificate of completion signed by a college dean or higher official. Successful completion also results in the award of 7.5 continuing education units. Some students may have the option of using the participating universities laboratory computers; in such instances, university laboratory fees are likely to apply. As in conventional classroom instruction, registration and tuition is handled by the hosting university.

The Forensics Examiner course syllabus includes essential and most popular components of previously offered 6-day Examiner Basic and 5-day Examiner Advanced courses. Although only a few hours less than the replaced Basic and Advanced courses combined, course tuition is a quarter that of replaced on-campus courses; $2995 Savings.

CompuForensics Computer Forensics Course Schedule

Monday, Mar 1 thru Monday, May 24, 2010	75-hr. 12-week Forensics Examiner live on-line course Enrollment Open-50% (Mon, Wed & Fri 7-9 PM Central Time) Observed holiday: Good Friday
Wednesday, Sep 1 thru Wednesday, Nov 24, 2010	75-hr. 12-week Forensics Examiner live on-line course Enrollment Open (Mon, Wed & Fri 7-9 PM Central Time) Observed holiday: Labor Day
Tuesday, Mar 1 thru Thursday, Nov 18, 2010	40-hr. 10-week Court/Legal Issues live on-line course Enrollment Open (Tue & Thu 7-9 PM Central Time) Observed holiday: None