Summary This five-day intensive course enables the participants to develop the necessary expertise in mastering the computer forensics processes as specified in CLFE certification. Participants will gain a thorough understanding of fundamental computer forensics, based on the best practices used to implement the forensics evidence recovery and analytical processes. The CLFE certification focuses on core skills required to collect and analyze data from Windows, Mac OS X, Linux computer systems, as well as from mobile devices. Who should attend? Computer Forensic specialists Electronic data analysts Specialists in computer search and evidence recovery Professionals working or interested in law enforcement Professionals willing to advance their knowledge in computer forensic analysis Members of an information security team Expert advisors in information technology Individuals responsible for examining media to extract and disclose data Learning objectives To ensure that the CLFE can protect him or herself against injury, threat to credibility and protect the integrity of the examined media throughout the computer forensics operation To ensure that the CLFE can conduct a complete computer forensics operation and determine the course of action to be followed in order to achieve the goal of the operation To ensure that the CLFE can safely handle computers, extract and install peripherals and components, relate the presence of certain ports to the actual or eventual presence of a media containing information to be examined To ensure that the CLFE has a clear knowledge where the information can be found on an electronic media or bit-stream image of a media, it would be operating the systems or user information, actual deleted or hidden information To ensure that the CLFE can conduct a forensically sound examination, extraction and preservation of evidence located on a network, in the cloud or in a virtual environment To ensure that the CLFE can conduct a basic, yet forensically sound examination of a cell phone or tablet To ensure that the CLFE can use efficiently the tools (software, hardware and supplies) of the field examination kit for a better goal achievement of the computer forensics operation To ensure that the CLFE can justify the way an artifact was acquired or left behind in an ordered, standard and forensically sound manner Course Agenda Day 1: Introduction to scientific principles of Computer Forensics operations Scientific principles of computer forensics Introduction to computer forensics process approach The analysis and implementation of the fundamental operations Preparation and execution of forensics procedures and operations Day 2: The computer and operating structure Identification and selection of the characteristics of the computer structure Identification of peripherals and other components Understanding the operating systems Extraction and analysis of the file structure Day 3: Forensics of networks and mobile devices Understanding the network, cloud and virtual environments Generic methods for data examination in a virtual environment Examination of a cell phone or tablet Enumeration of cell phones and tablets needed for forensics examination Storage of information in mobile devices Day 4: Computer Forensics tools and methodologies Enumeration and examination of the computer hardware and software Determination and testing of corrective measures Analysis and selection of the best procedures for computer forensics operation Discovery, documentation and return of the evidence on-site Analyzing and applying the contextual parameters Day 5: Certification Exam Prerequisites Knowledge on Computer Forensics is preferred. Educational approach This training is based on both, theory and practice: Sessions of lectures illustrated with examples based on real cases Practical exercises Review exercises to assist the exam preparation Practice test similar to the certification exam To benefit from the practical exercises, the number of training participants is limited Examination and Certification The “PECB Certified Lead Forensics Examiner” exam fully meets the requirements of the PECB Examination and Certification Program (ECP). The exam covers the following competence domains: Domain 1: Scientific Principles of computer forensics Domain 2: Computer forensics operations fundamentals Domain 3: Forensics: computer hardware structure Domain 4: Forensics: operating systems and file structure Domain 5: Forensics of network, cloud and virtual environments Domain 6: Forensics of cell phones and tablets Domain 7: Computer Forensics operation tools and software Domain 8: Forensics: examination, acquisition and preservation of electronic evidence The “PECB Certified Lead Forensics Examiner” exam is available in different languages ( the complete list of languages can be found in the examination application form) Duration: 2 hours For more information about the exam, refer to the PECB section on “PECB Certified Lead Forensics Examiner” Exam A certificate will be issued to the participants who successfully pass the exam and comply with all the other requirements related to the selected credential General information Exam and certification fees are included in the training price A student manual containing over 300 pages of information and practical examples will be distributed to the participants A participation certificate of 21 CPD (Continuing Professional Development) credits will be issued to the participants In case of failure of an exam, participants are allowed to retake the exam for free under certain conditions