Computer Forensic examiners need to establish an education path at the onset of their career decision. Examiners need to acquire the proper education to ensure their skills are sufficient to identify, seize and examine evidence. If you are law enforcement, government, or private industry, you need more than one course to become proficient. Acquiring certifications demonstrates that an examiner is competent with the tools being used to complete the tasks.
Below is the suggested career education path of courses offered by Syntricate.
The First Responder courses are broken down into two distinct audiences. The First Responder course is designed for the responding personnel. The first responder to the scene needs to identify that a computer crime occurred, and how to identify and secure digital evidence. In the absence of qualified digital forensic personnel, proper evidence collection and transportation is paramount. The First Responder – Triage course would benefit the digital forensic examiner in preparing triage devices that will greatly reduce time on scene and help collect volatile data that will be beneficial to the investigation. The course is also designed for probation and parole officers who can use triage tools to do a review of computer evidence while on scene to determine if targets have been complying with conditions of parole or probation.
The Basic Training Course – Forensic Fundamentals is designed for those just starting careers in Computer Forensics and have little or no knowledge on file systems, identifying and collecting evidence and imaging digital evidence.
|Class||Target Audience||Class Description|
Crime Scene Units
|This course addresses the types of computer crimes, incident detection, and response. Procedures for first responders on scene evidence identification, evidence collection, preservation, chain of custody.|
|First Responder – Triage||
|This training course provides the knowledge and skills necessary to install, configure, and effectively use Triage software tools. The software allows both forensic examiners and non-forensic personnel to review and/or acquire either all or specifically targeted hard drive data from a system.|
New Forensic Examiners
Evidence Imaging Specialists
|This course provides an introduction to computer forensics. Students will examine sources of electronic evidence, search and seizure issues, hard drive geometry and physical characteristics of storage media, imaging digital evidence, and validating image file integrity.|
The intermediate training courses are designed for examiners who need to be trained on the use of Computer Forensic software that is used by their organization. These training classes also prepare the examiner to become certified on the use of the software, which is crucial when it comes to examining evidence and testifying in any judicial process on their findings.
|AD Forensic Toolkit BootCamp||The AccessData BootCamp course provides the knowledge and skills necessary to install, configure and effectively use Forensic Toolkit (FTK), FTK Imager, Password Recovery Toolkit (PRTK), and Registry Viewer.|
|Windows Forensic – Core||This course follows up the AccessData BootCamp training. This training class provides the knowledge and skills necessary to use AccessData products to conduct forensic investigations on Microsoft Windows systems and learn where and how to locate system artifacts.|
|AccessData Forensics – 5 Day Course||This course encompasses the FTK BootCamp and Advanced FTK class whereas it provides the knowledge and skills necessary to install, configure and effectively use Forensic Toolkit (FTK), and FTK Imager Password Recovery Toolkit (PRTK).|
|AccessData Certified Examiner Examination||The ACE credential demonstrates proficiency with Forensic Toolkit technology. ACE candidates will benefit from taking the AccessData BootCamp and Windows Forensics – Core courses as a foundation or the Windows Forensic – 5 Day Course.|
The advanced moves the examiner from the basics of using the tools to the advance knowledge and skills for addressing the challenges of locating artifacts on different operating systems. The training also provides examiners with the skills necessary to attack encrypted data that could be found on systems.
|Advanced FTK Course||This course examines the advanced processing features in the AD Forensic Toolkit. This course focuses on the advanced processing options to examine evidence, examine Live and Index searching, including TR1 Regular Expressions. Utilize Cerberus to locate possible malware, use Visualization to get a graphic timeline view of files and Internet history, use Geolocation to identify where photos were taken, remote data preview and acquisition features, and obtaining live memory and volatile data from a target system and complete an analysis of the acquired data.|
|Windows Forensic – Registry||This advanced course provides the knowledge and skills necessary to conduct in-depth forensic investigations on the Microsoft Windows registry.|
|File System Courses (Any Order)|
|Windows 7 Forensics||This advanced course provides the knowledge and skills necessary to analyze Microsoft Windows 7 operating system artifacts and file system mechanics.|
|Windows 8 Forensics||This advanced course provides the knowledge and skills necessary to analyze the Microsoft Windows 8 operating system artifacts, user data and file system mechanics in Storage Spaces.|
|Macintosh Forensics||This advanced training course provides the knowledge and skills necessary to conduct forensic investigations on Macintosh computer systems.|
|Linux Forensics||This advanced training course provides the knowledge and skills necessary to conduct forensic investigations on Linux computer systems.|
|Internet Forensics||The Internet Forensics course provides the knowledge and skills necessary to recover forensic information from Internet trace evidence artifacts. Participants learn where and how to locate evidence from Internet browsers, Instant Messenger (IM) clients, and social network sites.|
|Applied Decryption||This advanced training course is an intensive, hands-on class that reviews current encryption technology and provides the knowledge and skills necessary to recover passwords using the AccessData Password Recovery Toolkit (PRTK) and Distributed Network Attack (DNA).|
Computer forensics labs of all sizes are facing an array of challenges to work more effectively. Labs handling massive data sets can add the power of having multiple forensic examiners, expanded distributed processing capabilities with a centralized processing farm, and a centralized database infrastructure with AccessData Lab.
|Collaborative Analysis with AD Lab||This advanced training course is an intensive, hands-on class that reviews current encryption technology and provides the knowledge and skills necessary to recover passwords using the AccessData Password Recovery Toolkit (PRTK) and Distributed Network Attack (DNA).This custom advanced workflow-based training provides knowledge and skills relative to the following AccessData Lab topics: Environment Considerations, Environment Administration, Case and User Management, Case Collaboration and Review.|
Syntricate can create a customized course for your organization. Syntricate will work with you to customize a training program for your organization that will meet your specific needs. You choose how many days you would like the program to be and which topics you would like us to cover, and we will put together a tailored curriculum.
You can also build your own custom computer forensics program by selecting individual modules from our detailed course catalog.