CIFI ---Computer Inforamation Forensics Investigator
This course is designed for student who planing to obtain ICTC Computer Information Forensics Investigation Certification.
It aims to provide student the ability in auditing, event handling, law, security management, evidence analysis, defense methods, it is not only a technical training, but also a full description for information and computer forensics investigation.
Examination Syllabus
1. Overview of Cybercrime
A. What is Cybercrime
B. Ordinary Crime vs Cybercrime
C. Brief history of Cybercrime
D. Categorizing Cybercrime
2. Understanding Computer Forensics and Investigation
A. What is Computer Forensics
B. Need for Computer Forensics
C. The Role of Computer Forensics Investigator
D. Corporate versus Law Enforcement Concerns
E. Maintaing Professional Conduct
3. Preparing and Planning a Computer Investigation
A. Process of Computer Investigation
B. Assessing the Case
C. Planning Your Investigation
D. Securing Your Evidence
E. Analyzing Your Digital Evidence
F. Report Your Investigation
G. Evaluate Your Investigation
4. Managing Investigator's Office and Laboratory
A. Overview of Computer Forensic Laboratory Requirement
B. Designing the layout of Computer Forensics Laboratory
C. Managing Laboratory Security
D. Setting Up Your Forensic Workstation
5. Overview of Computer Forensic Tools
A. Categoring Computer Forensic Tools
B. Evaluating Your Computer Forensics Need
C. Exploring Common Forensic tools
D. Validating Computer Forensics Tools
E. Building Your Forensic Boot Disk
6. Securing Computer System
A. Overview of Computer Security
B. Understanding Authentication Mechanism
C. Understanding common security components
D. Understanding audit
E. Methods of audit
7. Responding Computer Security Incidents
A. Importance of Incident Response
B. Classifying Incidents
C. Reporting Incidents
D. Handling Incidents
E. Organizing Security Incident Response Team
F. Importance of First Responder
G. Procedure of First Responder
8. Processing Crime and Incident Scenes
A. Processing Private-Sector Incident Scenes
B. Processing Law Enforcement Crime Scenes
C. Preparing Search and Seizure
D. Securing a Computer Incident or Crime Scene
E. Collecting Computer Evidence
9. Handling Computer Evidence
A. Identifying Computer Evidence
B. Understanding Evidence Rules
C. Cataloging Computer Evidence
D. Storing Computer Evidence
E. Evidence Admissibility in a Court Law
10. Overview of Disk Structure and Filesystem
A. Disk Drive Overview
B. Disk Partition Overview
C. Exploring FAT
D. Exploring NTFS
E. Exploring Unix/Linux Filesystem
F. Exploring Filesystem of Macinitosh
G. Exploring Disk Structure CD and DVD
H. Exploring the booting process of DOS, Windows, Unix/Linux and Macintosh
11. Acquiring Computer Evidence
A. Determining Order of Evidence Collection
B. Data Acquisition Format
C. Verifying Evidence File
D. Acquiring Data on common workstations
E. Acquiring Data on common servers
F. Acquiring Data on PDAs and Handheld Computers
G. Environmental Factor on Collecting Preserving
12. Extracting Evidence
A. Understanding Computer Forensic Analysis
B. Performing a Computer Forensic Analysis
C. Addressing Data Hiding Techniques
D. Carving Data
E. Understanding the Windows Recycle Bin
13. Recovering Graphical Image
A. Recognizing Graphical Image File
B. Understanding Graphical Image File Formats
C. Recovering Graphical Image File
D. Steganography in Image File
14. Recovering Encrypted Data
A. Overview of Cryptographic
B. Symmetric v.s. Asymmetric Encryption
C. Common Encryption Practices and Implementation
D. Understanding Strengths and Weaknesses of Encryption
E. Recovering Password
F. Handling Encrypted Data
15. Analyzing Logfile
A. Secure Audit Logging
B. Setting Up Remote Logging
C. Importance of Time Synchronization
D. Log Analysis and Correlation
E. Intrusion Detection Log
16. Investigating Network and Web Attack
A. Overview of Networking Models and Standards
B. Exploring common Network Components
C. Exploring common Network Application and Protocol
D. Exploring TCP/IP and Internet
E. Identify Network Attack
F. Monitoring Network Traffic
G. Identify Web Application Attack
H. Investigating DoS Attacks
I. Investigating Router Attacks
J. Tracing back IP Address
17. Investigating E-mail
A. Exploring E-mail system
B. Identifying E-mail Crimes and Violations
C. Exminging E-mail Messages
D. Tracing an E-mail
18. Understing Law
A. Overview of Computer and Crime
B. Overview of Jurisdiction and Legal Process
C. Overview of Internet Privacy Law and Privacy Policies
19. Writing Investigation Reports
A. Understanding the Importance of Reports
B. Type of Reports
C. Formal Report Format
D. Writing the Report
20. Testifying in Court
A. Preparing trail
B. Preparing Documentation and Evidence for Testimony
C. Understanding trial process
D. Understanding prosecutional misconduct
E. Presenting Your Testimony
F. Preparing for deposition
G. Dealing with media
H. Forming export opinion
