Course Title: Forensic Computer Examiner
Hours required: 150
Price: $3,095
Length course offered: N/A
Instructor: John Mellon [Bio]
Description:
This nationally recognized forensic computer examiner online course and training program is for the aspiring forensic computer examiner. For many years, law enforcement officers have been the primary forensic computer examiners, however the need for qualified civilian forensic computer examiners is growing faster than ever. This online certificate program is offered in partnership with major colleges, universities, and other accredited education providers.
Goals:
After successful completion of the Forensic Computer Examiner online program, students will:
• Understand what makes an examiner a good examiner. • Be able to explain to clients why trained forensic examiners should be used. • Understand what a forensic examiner may expect to encounter during an examination. • Understand software licensing and how it affects forensic examiners. • Understand forensic ethical standards as they apply to forensic examiners.
• Understand basic forensic examination procedures. • Be able to prepare and verify forensically sterile examination media. • Understand the importance and methodology of note taking and reports. • Understand basic PC hardware identification. • Have a basic understanding of the legal privacy issues relating to the examination of magnetic media.
• Understand when a legal opinion may be necessary to prevent privacy issues from interfering with the examination or causing a valid lawsuit. • Have a basic understanding of how to properly acquire, collect, or seize magnetic media. • Understand how to properly establish and maintain the physical "chain of custody" of media and evidence. • Make exact forensic copies of original floppy-diskette media.
• Understand the logical structures of DOS and Windows 95/98 • Understand where the creation and modification dates and times are stored in a directory entry. • Understand the significance of the creation and modification dates and times. • Understand how to recover data from unallocated space. • Understand and explain how files are created.
• Understand and explain what happens when a file is deleted. • Understand, explain and manually recover DOS legal single and multiple cluster deleted files. • Understand, explain and manually recover DOS legal multiple cluster fragmented deleted files. • Understand how to determine the Last Accessed Date and the Modification Date and Time, their significance and when they are modified.
• Understand how Windows long file names are stored, what happens when they are deleted and how to restore long file names. • Understand how sub-directories are stored, what happens when they are deleted and how to recover deleted sub-directories. • Understand what happens when a diskette or hard-disk drive is formatted and how to recover files, sub-directories, and data from formatted disks.
• Understand the NTFS partition table, boot record, and root directory. • Understand Bitmaps. • Understand the MFT. • Understand NTFS Headers and Attributes. • Understand Resident and Non-resident files. • Understand Run lists, etc. • Understand Alternate data streams. • Understand NTFS File storage. • Understand the various dates and times stored in attributes. • Understand File deletion and recovery. • Understand Directory storage.
• Understand Tracing files/directories. • Understand the NTFS registry "hive." • Understand Examining NTFS drives. • Understand the basic imaging methods and how to make "exact copies" of media. • Understand the significance of, location of and how to recover data from swap files, temporary files, Internet cache files, Internet cookies, mail files and Internet sites visited.
• Understand basic Internet issues such as, doing a basic "whois." • Understand how to preserve the original media. • Understand how to prevent inadvertent writes. • Understand how to prevent virus introduction and how to prevent activation of "booby traps." • Understand how to safely handle media. • Understand how to find and document normal data and graphical files.
• Understand how people commonly try to hide data. • Understand how to find and document data in unallocated space. • Understand how to find hidden data. • Understand password protection schemes and how to lock and unlock many passwords. • Understand how to access MS Word metadata. • Understand the basic use of automated forensic suites (FTK). • Understand basic data formats and types. • Understand how to conduct basic data-format conversions.
• Understand the basic issues in examining CDR media. • Understand how to present recovered and evidence data to the client in a useful format. • Understand how to manage data. • Understand how to present data in court or other proceedings in a clear and understandable manner. • Have conducted an examination of a hard disk drive that covers the full range of forensic issues found in this training course. • Be fully prepared to sit for the CCE Certification testing through the International Society of Forensic Computer Examiners.
Grading System:
Confirmation of Completion awarded with passing score.
School Description:
Offered in connection with a college or university near you, our self-paced, online career courses are designed to launch you into your dream job.
Begin your course anytime. Textbooks are included, and you will have access to student support via phone, email, and chat 24 hours a day.
Click "Enroll Now" to find the partner school for the career course you want to take.
Instructor Bio: John Mellon
John Mellon Mr. Mellon is the primary author of this computer forensic examination course. He is a retired US Customs Senior Special Agent with 28 years investigative experience and over 17 years experience in computers. He is an IACIS certified forensic computer examiner. Mr. Mellon had Initial experience with the CP-M operating system in 1986. He had initial computer forensic training in 1991 by the International Association of Computer Investigative Specialists (IACIS). He has been an active member of IACIS and is a member of the Board of Directors. He is the past chairman of the IACIS DOS Seizure Certification Committee. He is the past chairman of the IACIS DOS/Windows Processing Certification Committee. He is the past chairman of the Certification Committee and the past Chairman of the IACIS Board of Directors. Mr. Mellon has been a lead instructor at IACIS training conferences. He has been involved in the training of hundreds of law enforcement officers world-wide in computer forensics since 1994. He has taught numerous highly technical subjects including DOS and Windows 95/98 file systems, architecture and the boot process, DOS and Windows 95/98 examination techniques and procedures, recovery of deleted files, recovery of Windows long file names, date and time stamp alterations, recovering formatted disks, the process and problems in making forensic copies of media, file type identification and the use of file viewing applications during examinations, the theory of archived files and compressed disks, examining archived and compressed disks and files, data format conversion, basic Novell theory and the methods for seizing and examining Novell networks, examination of Windows swap and related files and the new IACIS Examination Standards and Forensic Code of Ethics. He developed and implemented the IACIS Forensic Examination Standards, the IACIS Code of Ethics, the advanced Windows Processing Certification, the past IACIS Certified Forensic Computer Examiner (CFCE) problems containing numerous technical issues. These problems must be completed to attain the CFCE certification from IACIS. He continues to instruct civilians and law enforcement officers world-wide in computer forensic examinations. Mr. Mellon was the first computer forensic examiner for US Customs in Miami, Florida. In that connection he set up the forensic examination program in Miami in 1991 and forensically examined many computers between 1991 and 1993. He started Key Computer Service in 1993 and has continued to forensically examine computers for US Customs, DEA, local police agencies, attorneys, private companies and individuals. He has been cited as a computer forensic expert witness in courts and in affidavits in US District Court, Miami, Florida and in Atlanta, GA. John Fretts John Fretts retired from the Bureau of Alcohol, Tobacco, Firearms and Explosives in 2005, after a distinguished thirty-year career with the Department of Justice, Bureau of Alcohol, Tobacco & Firearms. Mr. Fretts began his ATF career as a Special Agent in the Washington, DC Field Division where he led numerous Federal investigations into violations of Federal firearms and explosive laws. In 1991, Mr. Fretts was promoted to the position of Project Manager at ATF Headquarters. In 1994, Mr. Fretts transferred to Connecticut with his appointment as Supervisor of ATF's Hartford Field Office. While in Connecticut, Mr. Fretts nurtured his technical interests, developing skills as a specialist in computer forensic investigations. He successfully completed the CIS 2000 Program, at the Federal Law Enforcement Training Center, in Brunswick, Georgia. He was also certified by the International Association of Computer Investigative Specialists as a Certified Forensic Computer Examiner (CFCE) in 2004. Because of his management experience and knowledge of computer investigations, John was named Regional Supervisor of ATF Computer Forensic Operations for the northeast United States. While with the ATF, Mr. Fretts testified in Federal Court and is qualified to appear as an expert in Computer Forensics and Data Recovery. Upon retirement from Federal service, Mr. Fretts accepted a position as Director of Investigations with Security Services of Connecticut (SSC), a regional firm specializing in a full range of investigative services, specializing in computer forensics. Mr. Fretts had oversight of SSC's computer forensic operation and was regularly called upon to lecture on the topic of computer forensics and data recovery as it relates to fraud and computer misuse. In his presentations to corporate clients and at trade shows, Mr. Fretts has an uncanny ability to explain the most complex aspects of computer forensics to those with the least understanding of the subject. With his law enforcement background, Mr. Fretts was adept at explaining the necessity to respond rapidly to an incident involving fraud or criminal activity involving computers and the need to preserve electronic evidence. In August of 2007, Mr. Fretts resigned from his position with SSC to concentrate his time and skills on computer forensics investigation and education. Mr. Fretts is a member of the University of New Haven, Criminal Justice curriculum, Student Advisory Board. He is a veteran of the United States Army, and has a Bachelors degree in Criminal Justice. Steve Wisenburg Mr. Wisenburg is a 14-year veteran of the City of Atlanta Police Department. He has been a Detective since 1999, where he started investigations in the physical abuse and sexual abuse of children. These investigations lead to child porn investigations as well as other exploited children on the Internet investigation. He is now assigned to the Cybercrime Unit where he is a full time computer forensic examiner. Mr. Wisenburg is the current president of the Atlanta Chapter of the High Technology Investigation Association (HTCIA). He holds the Certified Computer Examiner (CCE) certification. He also is one of the founding directors of the Cybercrime Summit, a training conference held in Metro Atlanta each year. Mr. Wisenburg has attended several training classes including the following: Computer forensics Boot Camp, Practical Data Forensics using Linux, Access Data Forensic Boot Camp, EnCase Intermediate analysis and reporting, Basic Data Recovery and Analysis, Advanced Data recovery and analysis ILook, Maresware Software Training, etc. Dave Good Mr. Good has served the U.S Dept. of Treasury and the U.S. Dept. of Justice for the past 18 years. He has over 21 years experience in the management, design and implementation of mainframe systems, local area networks, and virtual private networks. Mr. Good's experience includes: Electronic Data Systems, Camphill PA, Philadelphia PA, Seattle WA, Dallas TX, Washington D.C. 1984 - 1988 Computer Operations, Network Operations Network Solutions, Herndon VA, 1988 - 1989 Network Operations Automation Research Systems, Alexandria VA, 1989 - 1992 Local Area Network Installation and Management Washington D.C. 1992 - Present Local Area Network Installation and Management, Enterprise Systems Architecture Program Management Computer Forensics Mr. Good completed the first seat based Enterprise Systems Architecture for the Federal Government where 300 sites were outfitted with new desktops, laptops, servers, and implemented the conversion of a packet switched network to a frame relay network for all sites. He is currently serving as a Digital Investigator and Program Manager of the Computer Forensics Branch for a National Law Enforcement Agency. He has been cited as a computer forensic expert witness in US District Court, Charlotte, NC. Mr. Good is a active member of the National Technical Investigators Association, The High Technology Crime Investigation Association, and the International Society of Forensic Computer Examiners. Mr. Good holds the following certifications: Novell Master Certified Network Engineer (MCNE) CCE Comptia A+ Comptia Net+ Comptia IT Project+ Phil Harrold Mr. Harrold was employed by the Odessa, Texas Police Department from 1979-1988. His assignments included patrol, narcotics and crimes against property. From 1989 until 2000 Mr. Harrold was employed by the Monroe County, Florida Sheriff's Office. His assignments with that agency included patrol, general investigations, homicide investigations and he was a bomb technician. Mr. Harrold has been employed from 2000 to the present by the State Attorney's Office, 16th Judicial Circuit, and State of Florida as an Investigator. He specializes in computer related investigations and performs forensic examinations for local, state and federal agencies. Mr. Harrold's education includes: 1982-AAS in Law Enforcement from Odessa College 1985-Bachelor of Arts in Criminal Justice from the University of Texas of the Permian Basin 1997-Master of Science Degree in Management from Troy State University Mr. Harrold's specialized training includes: US Army/FBI Hazardous Devices School, Redstone Arsenal Alabama US Army/FBI Weapons of Mass Destruction School IACIS Basic Computer Crime Investigation Basic Data Recovery and Analysis Advanced Analysis of Microsoft NTFS Advanced Analysis of Email Microsoft Access On-line investigations Access Data-Intermediate Forensic Boot Camp Homicide Investigation Hostage Negotiation Multi-Disciplinary Investigation of Computer Facilitated Child Sexual Exploitation Racketeering Investigations Mr. Harrold's certifications include: Certified Computer Examiner (CCE) Electronic Evidence Collection Specialist (IACIS) Mr. Harrold's professional affiliations include: International Association of Computer Investigative Specialists High Technology Crime Investigation Association High Tech Crime Consortium International Society of Forensic Computer Examiners Keith Barger Keith Barger is a Director in KPMG's Forensic practice in Houston, Texas. Keith specializes in electronic data discovery and investigative services in support of civil litigation and provides advisory services regarding technology related matters. Keith joined KPMG in 2006 after six years as a Special Agent and Digital Forensics Western Regional Coordinator with the Department of Justice, Bureau of Alcohol, Tobacco, Firearms and Explosives (ATF). Keith has extensive experience in digital forensic investigations, forensic methodologies, computer evidence recovery, and data analysis. Keith has investigated and provided oversight for domestic investigations violating Federal, State, and local laws. These investigations often included testimonies before grand juries, inquests, trials, and other hearings. Keith is responsible for the National direction and oversight with regards to KPMG's Hold Order Management System. He leads a national team responsible for the collection of litigation preservation requests on behalf of KPMG and its clients and collaborates with others on his team in the identification of custodians, automation of the collection process and the production of litigation requests to relevant parties. Additionally he is responsible for the assessment and review of network infrastructures and related record management systems recommending improvements and overseeing the implementation of those improvements. William D. Taylor Bill Taylor is a Computer Investigative Specialist/ Special Agent with a federal law enforcement agency in Nashville, Tennessee. He has served as a full time forensic computer examiner since 1994. Mr. Taylor is a Certified Forensic Computer Examiner (International Association of Computer Investigative Specialists), a Certified Fraud Examiner, (Association of Certified Fraud Examiners) and holds an Associate Degree in Forensic Computer Science. In addition he holds both Baccalaureate and Master's Degrees in Criminal Justice and is a graduate of the FBI National Academy. Mr. Taylor has over 24 years investigative law enforcement experience at the state local and federal level. He served on the IACIS Board of Directors for six years, Vice-President for 1 year and as President and CEO for nearly 3 years.
