• NHIF Building, 2nd Floor, Upper Hill, Nairobi
  • info@lanetconsulting.com
PECB

Computer Lead Forensics Examiner

Mastering the Implementation and Management of Computer Forensics Processes

Summary

This five-day intensive course enables the participants to develop the necessary expertise in mastering the computer forensics processes as specified in CLFE certification. Participants will gain a thorough understanding of fundamental computer forensics, based on the best practices used to implement the forensics evidence recovery and analytical processes. The CLFE certification focuses on core skills required to collect and analyze data from Windows, Mac OS X, and Linux computer systems, as well as from mobile devices.


Who should attend?

Computer Forensic specialists.

Electronic data analysts.

Specialists in computer search and evidence recovery.

Professionals working or interested in law enforcement.

Professionals willing to advance their knowledge in computer forensic analysis.

Members of an information security team

Expert advisors in information technology.

Individuals responsible for examining media to extract and disclose data

Learning objectives

To ensure that the CLFE can protect him or herself against injury, threat to credibility and protect the integrity of the examined media throughout the computer forensics operation.

To ensure that the CLFE can conduct a complete computer forensics operation and determine the course of action to be followed in order to achieve the goal of the operation.

To ensure that the CLFE can safely handle computers, extract and install peripherals and components, relate the presence of certain ports to the actual or eventual presence of a media containing information to be examined.

To ensure that the CLFE has a clear knowledge where the information can be found on an electronic media or bit-stream image of a media, it would be operating the systems or user information, actual deleted or hidden information.

To ensure that the CLFE can conduct a forensically sound examination, extraction and preservation of evidence located on a network, in the cloud or in a virtual environment.

To ensure that the CLFE can conduct a basic, yet forensically sound examination of a cell phone or tablet.

To ensure that the CLFE can use efficiently the tools (software, hardware and supplies) of the field examination kit for a better goal achievement of the computer forensics operation.

To ensure that the CLFE can justify the way an artifact was acquired or left behind in an ordered, standard and forensically sound manner.

Course Agenda

Day 1: Introduction to scientific principles of Computer Forensics operations

Scientific principles of computer forensics.

Introduction to computer forensics process approach.

The analysis and implementation of the fundamental operations.

Preparation and execution of forensics procedures and operations.

Day 2: The computer and operating structure

Identification and selection of the characteristics of the computer structure.

Identification of peripherals and other components.

Understanding the operating systems.

Extraction and analysis of the file structure

Day 3: Forensics of networks and mobile devices

Understanding the network, cloud and virtual environments.

Generic methods for data examination in a virtual environment.

Examination of a cell phone or tablet.

Enumeration of cell phones and tablets needed for forensics examination.

Storage of information in mobile devices.

Day 4: Computer Forensics tools and methodologies

Enumeration and examination of the computer hardware and software.

Determination and testing of corrective measures.

Analysis and selection of the best procedures for computer forensics operation.

Discovery, documentation and return of the evidence on-site.

Analyzing and applying the contextual parameters.

Day 5: Certification Exam

Prerequisites
Knowledge of Computer Forensics is preferred.

Educational approach

This training is based on both, theory and practice:

Sessions of lectures illustrated with examples based on real cases.

Practical exercises.

Review exercises to assist the exam preparation.

Practice test similar to the certification exam.

To benefit from the practical exercises, the number of training participants is limited.

Examination and Certification

The “PECB Certified Lead Forensics Examiner” exam fully meets the requirements of the PECB Examination and Certification Program (ECP). The exam covers the following competence domains:

Domain 1: Scientific Principles of computer forensics.

Domain 2: Computer forensics operations fundamentals.

Domain 3: Forensics: computer hardware structure.

Domain 4: Forensics: operating systems and file structure.

Domain 5: Forensics of network, cloud and virtual environments.

Domain 6: Forensics of cell phones and tablets.

Domain 7: Computer Forensics operation tools and software.

Domain 8: Forensics: examination, acquisition and preservation of electronic evidence.

The “PECB Certified Lead Forensics Examiner” exam is available in different languages ( the complete list of languages can be found in the examination application form)

Duration: 1 hour

For more information, refer to the PECB section on "PECB Certified Lead Forensics Examiner Exam”.

A certificate will be issued to the participants who successfully pass the exam and comply with all the other requirements related to the selected credential.

General information

This training is based on both, theory and practice:

Exam and certification fees are included in the training price.

A student manual containing over 300 pages of information and practical examples will be distributed to the participants.

A participation certificate of 21 CPD (Continuing Professional Development) credits will be issued to the participants.

In case of failure of an exam, participants are allowed to retake the exam for free under certain conditions.

For more, please visit PECB.