C)DFE - Certified Digital Forensics Examiner
Home Courses Categories Digital Forensics

C)DFE – Certified Digital Forensics Examiner

Duration: 5 days
Format: Instructor-led classroom, Live Online Training, CBT – Pre-recorded Videos
Prerequisites: A minimum of 1 year in computers
CPEs: 40 Hours
Certification Exams: Mile2 C)DFE – Certified Digital Forensics Examiner
Student Materials: Student Workbook, Student Lab guide, Exam Prep guide
Who Should Attend: Security Officers, IS Managers, Agents/Police Officers, Attorneys, Data Owners, IT managers, IS Manager/Officers

Training Date:

  • October 8-12, 2017
Enroll Now & Pay 10 days prior to start of class
5 Days Instructor Lead Course
Hands on Pen-Test Lab
Enroll Now
Printed Material
Register & Pay 45 day or prior to start of class
Printed Course Material
5 Days Instructor Lead Course
Hands on Pen-Test Lab
Register Now
Request for Quotation
Special pricing & Discounts are available for government & large organizations.
Special pricing can be applied for public, private and customized training.
Request for Quotation

The Certified Digital Forensics Examiner vendor neutral certification is designed to train Cyber Crime and Fraud Investigators whereby students are taught electronic discovery and advanced investigation techniques. This course is essential to anyone encountering digital evidence while conducting an investigation.

Mile2’s Certified Digital Forensics Examiner training teaches the methodology for conducting a computer forensic examination. Students will learn to use forensically sound investigative techniques in order to evaluate the scene, collect and document all relevant information, interview appropriate personnel, maintain chain-of-custody, and write a findings report.

The Certified Digital Forensics Examiner course will benefit organizations, individuals, government offices, and law enforcement agencies interested in pursuing litigation, proof of guilt, or corrective action based on digital evidence.

Module 1 – Introduction

Lesson Objectives
Introductions (Instructor)
Introductions (Students)
Course Schedule
Student Guide (Layout)
Introduction to Computer Forensics
Course Objectives
Investigation Methodology
Preparing for an Investigation
Search Warrant
Forensic Photography
Preliminary Information
First Responder
Collecting Physical Evidence
Collecting Electronic Evidence

Module 2 – Computer Forensic Incidents

Lesson Objectives
The Legal System
Criminal Incidents
Civil Incidents
Computer Fraud
Internal Threats
Investigative Challenges
Common Frame of Reference
Media Volume
Guideline for Acquiring Electronic Evidence
Securing the Evidence
Managing the Evidence
Chain of Custody
Duplicate the Data
Verify the Integrity of the Image
Recover Last Data
Data Analysis
Data Analysis Tools
Assessing the Evidence
Assessing the Case
Location Assessment
Best Practices
Gathering and Organizing Information
Writing the Report
Expert Witness
Closing the Case

CDFE Module 3 – Investigation Process

Lesson Objectives
Investigating Computer Crimes
Prior to the Investigation
Forensics Workstation
Building Your Team of Investigators
Who is involved in Computer Forensics?
Decision Makers and Authorization
Risk Assessment
Forensic Investigation Toolkit

Module 4 – OS Disk Storage Concepts

Lesson Objectives
Disk Based Operating Systems
OS / File Storage Concepts

Module 5- Digital Acquisition and Analysis

Lesson Objectives
Digital Acquisition
Digital Acquisition Procedures
Digital Forensic Analysis Tools

Module 6 – Forensic Examination Protocols

Lesson Objectives
Forensic Examination Protocols
Forensic Examination

Module 7 – Digital Evidence Protocols

Lesson Objectives
Digital Evidence Concepts
Digital Evidence Categories
Digital Evidence: Admissibility

Module 8 – CFI Theory

Lesson Objectives
Computer Forensic Investigative Theory

Module 9 – Digital Evidence Presentation

Lesson Objectives
Digital Evidence Presentation
Digital Evidence
Digital Evidence: Hearsay
Digital Evidence: Summary

Module 10 Computer Forensics Lab Protocols

Lesson Objectives
Quality Assurance
Standard Operating Procedures
Peer Review
Who should review?
Peer Review
Peer Review
Annual Review
Lab Intake

Module 11 CF Processing Techniques

Lesson Objectives
Computer Forensic Processing Techniques

Module 12 – Digital Forensics Reporting

Lesson Objectives
Analysis Report
Computer Sciences
Ten Laws of Good Report Writing
Cover Page
Table of Contents
Examination Report
Summary of Findings
Forensic Examination
Items of Evidence

Module 13 – Specialized Artifact Recovery

Lesson Objectives
Prep System Stage
Lesson Objectives
Prep System Stage
Windows File Date/Time Stamps
File Signatures
Image File Databases
The Windows OS
Windows Registry
Alternate Data Streams
Windows Unique ID Numbers
Decode GUID’s
Historical Files
Windows Recycle Bin
Copy out INFO2 for Analysis
Web E-mail

Module 14 – eDiscovery and ESI

Lesson Objectives
Discoverable ESI Material
eDiscovery Notification
Required Disclosure
eDiscovery Conference
Preserving Information
eDiscovery Liaison
eDiscovery Products
What is Metadata?
Data Retention Architecture
“Safe Harbor” Rule 37(f)
eDiscovery Spoliation
Tools for eDiscovery

Module 15 – Cell Phone Forensics

Lesson Objectives
Cell Phones
Types of Cell Networks
What can a criminal do with Cell Phones?
Cell Phone Forensics
Forensics Information in Cell Phones
Subscriber Identity Module (SIM)
Integrated Circuit Card Identification (ICCID)
International Mobile Equipment Identifier (IMEI)
Electronic Seal Number (ESN)
Helpful Hints for the Investigation
Things to Remember when Collecting Evidence
Acquire Data from SIM Cards
SIM Cards
Cell Phone Memory
Analyze Information
Cell Phone Forensic Tools
Device and SIM Card Seizure
Cell Phone Analyzer
Forensic Card Reader
ForensicSIM Tool
Forensic Challenges
Paraben Forensics Hardware
Paraben Forensics Hardware
Paraben: Remote Charger
Paraben: Device Seizure Toolbox
Paraben: Wireless Stronghold Tent
Paraben: Passport Stronghold Bag
Paraben: Project-a-phone
Paraben: Project-a-phone
Paraben: SATA Adapter
Paraben: Lockdown
Paraben: SIM Card Reader
Paraben: Sony Clie
Paraben: CSI Stick
Paraben: USB Serial DB9 Adapter
Paraben: P2 Commander

Module 16 – USB Forensics

Lesson Objectives
USB Components
USB Forensics
USB Forensics Investigation
Determine USB Device Connected
Tools for USB Imaging
Capture Digital Evidence
Change Passwords
Determine Cause
Defend Against Follow-on Attacks
More Defenses
Analyze Threat and Vulnerability
Restore System(s) to Operation
Report Findings
Restore System
Monitor Systems
Follow-up Report

Module 17 – Incident Handling

Lesson Objectives
Incident Handling Defined
What is a security event?
Common Security Events of Interest
What is a security incident?
What is an incident response plan?
When does the plan get initiated?
Common Goals of Incident Response Management
Incident Handling Steps
Be Prepared
The Incident Response Plan
Incident Handling
Incident Response Plan
Roles of the Incident Response Team
Incident Response Team Makeup
Challenges of building an IRT
Incident Response Training and Awareness
Jump Kit
Prepare Your Sites and Systems
Identification of an Incident
Basic Incident Response Steps
Proper Evidence Handling
Onsite Response
Secure the Area
Conduct Research
Make Recommendations
Establish Intervals

Upon completion, Certified Digital Forensics Examiner students will be able to establish industry acceptable digital forensics standards with current best practices and policies. Students will also be prepared to competently take the C)DFE exam.

The Certified Digital Forensics Examiner exam is taken online through Mile2’s Assessment and Certification System (“MACS”), which is accessible on your mile2.com account. The exam will take 2 hours and consist of 100 multiple-choice questions. The cost is $400 USD and must be purchased from Mile2.com.