Autoplay
Autocomplete
Previous Lesson
Complete and Continue
Certified Digital Forensics Examiner (CDFE)
Module 1 - Computer Forensics Incidents
Computer Forensics Incidents (0:05)
Download Resources
Where are We? (0:10)
Overview (0:18)
Section 1: Origins of digital forensic science (0:06)
The Legal System (0:34)
The Legal System (1:22)
The Legal System (0:37)
The Legal System (1:02)
Section 2: Differences between criminal and civil incidents (0:14)
Criminal Incidents (0:32)
Criminal Incidents (0:54)
Criminal Incidents (1:41)
Criminal Incidents (0:53)
Criminal Incidents (0:59)
Criminal Incidents (0:37)
Criminal Incidents (0:45)
Civil Incidents (1:02)
Civil Incidents (0:43)
Civil Incidents (0:29)
Section 3: Types of computer fraud incidents (0:05)
Computer Fraud (0:50)
Computer Fraud (0:40)
Computer Fraud (0:51)
Computer Fraud (0:41)
Section 4: Internal and external threats (0:04)
Internal Threats (1:21)
Internal Threats (0:43)
External Threats (0:23)
External Threats (0:50)
External Threats (0:31)
External Threats (0:40)
Section 5: Investigative challenges (0:04)
Investigative Challenges (0:20)
Investigative Challenges (0:31)
Investigative Challenges (0:35)
Common Frame of Reference (0:34)
Media Volume (0:16)
Review (0:17)
Module 1 - Quiz
Module 2 - Incident Handling
Incident Handling (0:04)
Overview (0:08)
Section 1: What is an Incident? (0:06)
Incident Handling Defined (0:17)
What is a Security Event? (0:24)
Common Security Events of Interest (0:29)
What is a Security Incident? (0:16)
What is an Incident Response Plan? (0:28)
When does the Plan get Initiated? (0:57)
Common Goals of Incident Response Management (0:58)
Section 2: Incident Handling Steps (0:05)
Incident Handling Steps (0:15)
Phase 1: Preparation (0:04)
Goal (0:15)
Be Prepared (0:25)
The Incident Response Plan (0:28)
Incident Handling (0:44)
Incident Response Plan (0:53)
Incident Response Plan (0:41)
Incident Response Plan (0:24)
Roles of the Incident Response Team (0:49)
Incident Response Team Makeup (0:37)
Challenges of building an IRT (0:46)
Incident Response Training and Awareness (1:16)
Jump Kit (0:41)
Jump Kit (1:10)
Prepare Your Sites and Systems (1:12)
Prepare Your Sites and Systems (1:08)
Prepare Your Sites and Systems (1:07)
Prepare Your Sites and Systems (1:01)
Prepare Your Sites and Systems (1:07)
Prepare Your Sites and Systems (0:48)
Phase 2: Identification and Initial Response (0:06)
Goal (0:09)
Identification of an Incident (0:56)
Basic Incident Response Steps (1:15)
Proper Evidence Handling (1:25)
Phase 3: Containment (0:04)
Goal (0:08)
Containment (0:16)
Onsite Response (0:17)
Secure the Area (0:25)
Conduct Research (0:35)
Make Recommendations (0:23)
Establish Intervals (0:19)
Capture Digital Evidence (1:26)
Change Passwords (0:31)
Phase 4: Eradication (0:04)
Goal (0:11)
Determine Cause (0:45)
Defend Against Follow-on Attacks (0:47)
More Defenses (1:08)
Analyze Threat and Vulnerability (0:26)
Restore System(s) to Operation (0:56)
Phase 5: Recovery (0:04)
Goal (0:06)
Report Findings (0:11)
Restore System (0:12)
Verify (0:14)
Decide (0:10)
Monitor Systems (0:41)
Phase 6: Follow-up (0:04)
Goal (0:08)
Follow-up Report (0:44)
Follow-up Report (0:47)
Review (0:08)
Module 2 - Quiz
Module 3 - Computer Forensic Investigative Theory
Computer Forensic Investigative Theory (0:06)
Overview (0:14)
Section 1: Investigation Theory (0:05)
Computer Forensic Investigative Theory (0:43)
Computer Forensic Investigative Theory (0:41)
Computer Forensic Investigative Theory (0:30)
Computer Forensic Investigative Theory (0:19)
Computer Forensic Investigative Theory (0:22)
Computer Forensic Investigative Theory (0:27)
Section 2: Investigative Concepts (0:04)
Computer Forensic Investigative Theory (0:26)
Computer Forensic Investigative Theory (1:08)
Computer Forensic Investigative Theory (0:58)
Computer Forensic Investigative Theory (0:42)
Computer Forensic Investigative Theory (0:30)
Computer Forensic Investigative Theory (0:21)
Computer Forensic Investigative Theory (0:36)
Computer Forensic Investigative Theory (0:57)
Section 3: BEA & EFA (0:05)
Computer Forensic Investigative Theory (1:02)
Computer Forensic Investigative Theory (0:43)
Computer Forensic Investigative Theory (0:22)
Computer Forensic Investigative Theory (0:20)
Computer Forensic Investigative Theory (1:24)
Computer Forensic Investigative Theory (0:44)
Computer Forensic Investigative Theory (0:39)
Computer Forensic Investigative Theory (0:25)
Computer Forensic Investigative Theory (0:29)
Computer Forensic Investigative Theory (0:47)
Computer Forensic Investigative Theory (0:25)
Computer Forensic Investigative Theory (0:19)
McAfee Geotagging (1:22)
Review (0:15)
Module 3 - Quiz
Module 4 - Investigative Process
Investigative Process (0:05)
Overview (0:06)
Section 1: Investigation Prerequisites (0:05)
Prior to the Investigation (0:23)
Forensics Workstation (0:49)
Building Your Team of Investigators (0:51)
Who is involved in Computer Forensics? (0:32)
Who is involved in Computer Forensics? (0:49)
Approval Authority and Authorization (0:48)
Risk Assessment (0:39)
Forensic Investigation Toolkit (0:29)
Section 2: Investigation Process (0:05)
Investigating Computer Crimes (0:36)
Investigation Methodology (0:25)
Preparing for an Investigation (0:56)
Preparing for an Investigation (cont.) (0:38)
Preparing for an Investigation (cont.) (0:52)
Search Warrant (0:42)
Forensic Photography (0:42)
Preliminary Information (0:36)
First Responder (0:22)
Collecting Physical Evidence (0:44)
Collecting Electronic Evidence (1:16)
Collecting Electronic Evidence (0:53)
Collecting Electronic Evidence (cont.) (0:22)
Guideline for Acquiring Electronic Evidence (1:17)
Securing the Evidence (1:08)
Managing the Evidence (0:40)
Chain of Custody (0:57)
Duplicate the Data (1:15)
Verify the Integrity of the Image (1:03)
Recover Last Data (0:30)
Data Analysis (0:31)
Data Analysis Tools (0:26)
Assessing the Evidence (0:24)
Assessing the Case (0:37)
Assessing the Case (cont.) (1:28)
Location Assessment (0:46)
Best Practices (1:41)
Documentation (1:53)
Gathering and Organizing Information (0:38)
Writing the Report (1:22)
Writing the Report (cont.) (0:42)
Expert Witness (1:10)
Closing the Case (0:48)
Review (0:11)
Module 4 - Quiz
Module 5 - Digital Acquisition & Analysis Tools
Digital Acquisition & Analysis Tools (0:06)
Overview (0:09)
Section 1: Acquisition Procedures (0:05)
Digital Acquisition (0:42)
Digital Acquisition (1:00)
Digital Acquisition (0:19)
Digital Acquisition (1:04)
Digital Acquisition Procedures (0:57)
Digital Acquisition Procedures (2:24)
Digital Acquisition Procedures (0:42)
Digital Acquisition Procedures (0:27)
Digital Acquisition Procedures (0:58)
Digital Acquisition Procedures (0:27)
Digital Acquisition Procedures (0:29)
Digital Acquisition Procedures (0:17)
Digital Acquisition Procedures (0:24)
Digital Acquisition Procedures (1:01)
Digital Acquisition Procedures (0:19)
Digital Acquisition Procedures (0:32)
Digital Acquisition Procedures (0:53)
Section 2: Evidence Authentication (0:05)
Digital Acquisition Procedures (1:09)
Digital Acquisition (1:03)
Digital Acquisition Procedures (0:14)
Digital Acquisition Procedures (0:30)
Digital Acquisition Procedures (0:11)
Digital Acquisition Procedures (0:28)
Section 3: Tools (0:04)
Digital Acquisition Procedures (0:28)
Digital Forensic Analysis Tools (0:17)
Digital Forensic Analysis Tools (0:14)
Digital Forensic Analysis Tools (0:17)
Digital Forensic Analysis Tools (0:13)
Review (0:17)
Module 5 - Quiz
Module 6 - Disks and Storages
Disks and Storages (0:05)
Overview (0:13)
Section 1: Disk OS and FileSystems (0:06)
Disk Based Operating Systems (0:31)
Disk Based Operating Systems (1:56)
Disk Based Operating Systems (0:48)
Disk Based Operating Systems (0:22)
Disk Based Operating Systems (1:02)
OS / File Storage Concepts (0:41)
OS / File Storage Concepts (0:36)
OS / File Storage Concepts (0:49)
OS / File Storage Concepts (1:07)
OS / File Storage Concepts (0:51)
OS / File Storage Concepts (0:45)
Section 2: Spinning Disks Forensics (0:05)
Disk Storage Concepts (1:13)
Disk Storage Concepts (0:40)
Disk Storage Concepts (0:35)
Disk Storage Concepts (1:17)
Disk Storage Concepts (0:31)
Disk Storage Concepts (0:52)
Disk Storage Concepts (1:51)
Disk Storage Concepts (0:40)
Disk Storage Concepts (1:17)
File Carving (0:52)
Fragmentary Analysis (0:14)
Section 3: SSD Forensics (0:06)
Inside SSD (1:20)
Inside SSD (0:50)
TRIM (0:50)
Implications on Forensics (0:46)
Implications on Forensics (1:02)
Forensics vs Encryption (0:58)
Section 4: Files Management (0:05)
Disk Storage Concepts (0:42)
Disk Storage Concepts (0:40)
Disk Storage Concepts (0:41)
Disk Storage Concepts (1:00)
Disk Storage Concepts (0:44)
Disk Storage Concepts (0:50)
Disk Storage Concepts (0:42)
Quick View Plus (0:22)
Review (0:13)
Module 6 - Quiz
Module 7 - Forensic Examination Protocols
Forensic Examination Protocols (0:05)
Overview (0:11)
Section 1: Science Applied to Forensics (0:06)
Forensic Examination Protocols (0:25)
Forensic Examination Protocols (0:16)
Forensic Examination Protocols (0:50)
Forensic Examination Protocols (0:28)
Forensic Examination Protocols (0:48)
Section 2: Cardinal Rules & Alpha 5 (0:06)
Forensic Examination (0:53)
Forensic Examination (0:59)
Forensic Examination (0:45)
Forensic Examination (0:42)
Forensic Examination (0:18)
Forensic Examination (0:46)
Forensic Examination (0:53)
Forensic Examination (0:46)
Forensic Examination (0:25)
Section 3: The 20 Basic Steps of Forensics (0:06)
Forensic Examination (0:36)
Forensic Examination (0:35)
Forensic Examination (0:22)
Forensic Examination (0:23)
Forensic Examination (0:38)
Forensic Examination (0:44)
Forensic Examination (0:32)
Forensic Examination (0:33)
Forensic Examination (0:19)
Forensic Examination (0:53)
Forensic Examination (0:46)
Forensic Examination (0:59)
Forensic Examination (1:07)
Review (0:11)
Module 7 - Quiz
Module 8 - Digital Evidence Protocols
Digital Evidence Protocols (0:06)
Overview (0:07)
Section 1: Digital Evidence Categories (0:05)
Digital Evidence Concepts (1:20)
Digital Evidence Concepts (1:27)
Digital Evidence Concepts (1:19)
Digital Evidence Categories (0:39)
Digital Evidence Categories (0:36)
Digital Evidence Categories (0:34)
Digital Evidence Categories (1:07)
Digital Evidence Categories (0:40)
Digital Evidence Categories (0:38)
Digital Evidence Categories (0:54)
Digital Evidence Categories (1:08)
Digital Evidence Categories (1:34)
Digital Evidence Categories (0:30)
Digital Evidence Categories (0:41)
Digital Evidence Categories (1:19)
Digital Evidence Categories (0:30)
Digital Evidence Categories (0:17)
Digital Evidence Categories (0:26)
Digital Evidence Categories (0:24)
Digital Evidence Categories (0:48)
Digital Evidence Categories (0:55)
Digital Evidence Categories (0:46)
Section 2: Evidence Admissibility (0:05)
Digital Evidence: Admissibility (1:22)
Digital Evidence: Admissibility (0:21)
Digital Evidence: Admissibility (0:57)
Review (0:08)
Module 8 - Quiz
Module 9 - Digital Evidence Presentation
Digital Evidence Presentation (0:06)
Overview (0:08)
Section 1: The Best Evidence Rule (0:05)
Digital Evidence Presentation (0:29)
Digital Evidence Presentation (1:31)
Digital Evidence Presentation (0:16)
Digital Evidence Presentation (0:56)
Digital Evidence Presentation (1:27)
Digital Evidence Presentation (0:39)
Digital Evidence Presentation (0:40)
Digital Evidence (0:36)
Digital Evidence (0:35)
Digital Evidence (0:44)
Digital Evidence (0:59)
Digital Evidence (0:16)
Section 2: Hearsay (0:04)
Digital Evidence: Hearsay (1:03)
Digital Evidence: Hearsay (0:58)
Digital Evidence: Hearsay (0:33)
Digital Evidence: Hearsay (0:47)
Section 3: Authenticity and Alteration (0:05)
Digital Evidence (1:11)
Digital Evidence (0:49)
Digital Evidence (0:34)
Digital Evidence (0:30)
Digital Evidence (0:36)
Digital Evidence (0:46)
Review (0:09)
Module 9 - Quiz
Module 10 - Computer Forensic Laboratory Protocols
Computer Forensic Laboratory Protocols (0:06)
Overview (0:07)
Overview (0:32)
Overview (0:38)
Quality Assurance (1:03)
Quality Assurance (0:12)
Standard Operating Procedures (0:49)
Reports (1:00)
Peer Review (1:27)
Who Should Review? (0:24)
Peer Review (0:18)
Consistency (0:31)
Accuracy (0:38)
Research (0:22)
Validation (0:26)
Relevance (0:25)
Peer Review (0:52)
Peer Review (0:12)
Annual Review (0:27)
Deviation (0:54)
Deviation (0:24)
Deviation (0:35)
Deviation (0:38)
Lab Intake (0:42)
Lab Intake (0:53)
Lab Intake (1:09)
Tracking (0:20)
Tracking (0:25)
Storage (0:38)
Storage (1:03)
Discovery (1:12)
Discovery (0:25)
Discovery (0:39)
Discovery (0:50)
Discovery (1:11)
Review (0:12)
Module 10 - Quiz
Module 11 - Computer Forensic Processing Techniques
Computer Forensic Processing Techniques (0:07)
Overview (0:06)
Computer Forensic Processing Techniques (1:06)
Computer Forensic Processing Techniques (0:38)
Computer Forensic Processing Techniques (0:22)
Computer Forensic Processing Techniques (1:06)
Computer Forensic Processing Techniques (0:28)
Computer Forensic Processing Techniques (1:06)
Computer Forensic Processing Techniques (0:25)
Computer Forensic Processing Techniques (0:43)
Computer Forensic Processing Techniques (0:27)
Computer Forensic Processing Techniques (1:04)
Computer Forensic Processing Techniques (1:46)
Computer Forensic Processing Techniques (0:33)
Computer Forensic Processing Techniques (0:16)
Computer Forensic Processing Techniques (0:48)
Computer Forensic Processing Techniques (0:32)
Computer Forensic Processing Techniques (0:15)
Computer Forensic Processing Techniques (0:34)
Computer Forensic Processing Techniques (0:24)
Computer Forensic Processing Techniques (0:20)
Computer Forensic Processing Techniques (0:09)
Computer Forensic Processing Techniques (0:44)
Computer Forensic Processing Techniques (1:01)
Computer Forensic Processing Techniques (0:54)
Computer Forensic Processing Techniques (0:30)
Computer Forensic Processing Techniques (0:17)
Computer Forensic Processing Techniques (0:24)
Computer Forensic Processing Techniques (0:37)
Computer Forensic Processing Techniques (1:11)
National Software Reference Library (NSRL) (0:25)
Computer Forensic Processing Techniques (0:54)
Computer Forensic Processing Techniques (0:41)
Computer Forensic Processing Techniques (0:27)
Computer Forensic Processing Techniques (0:37)
Computer Forensic Processing Techniques (0:46)
Computer Forensic Processing Techniques (0:46)
Computer Forensic Processing Techniques (0:39)
Computer Forensic Processing Techniques (1:17)
Computer Forensic Processing Techniques (0:16)
Computer Forensic Processing Techniques (0:54)
Computer Forensic Processing Techniques (0:19)
Computer Forensic Processing Techniques (0:22)
Computer Forensic Processing Techniques (0:25)
Computer Forensic Processing Techniques (0:32)
Review (0:25)
Module 11 - Quiz
Module 12 - Specialized Artifact Recovery
Specialized Artifact Recovery (0:06)
Overview (0:15)
Section 1: Forensics Workstation Prep (0:06)
Forensics Workstation Prep (0:49)
Forensics Workstation Prep (0:31)
Forensics Workstation Prep (0:34)
Forensics Workstation Prep (0:45)
Forensics Workstation Prep (1:05)
Settings For The Nodrivetypeautorun Registry Entry (0:22)
Prep System Stage (1:06)
Prep System Stage (1:18)
Prep System Stage (0:36)
Section 2: Windows Components with Investigative Interest (0:07)
Windows Components with Investigative Interest (1:28)
Types of Dates (0:39)
File Signatures (0:56)
File Signatures (0:22)
File Signatures (0:39)
File Signatures (0:37)
Image File Databases (0:41)
Image File Databases (0:36)
The Windows OS (0:42)
Windows Operating Environment (0:30)
Windows Registry (0:55)
Windows Registry (1:08)
Windows Registry Hives (0:49)
Windows Registry Hives (0:55)
Windows Registry Hives (0:11)
Windows Registry Hives (0:08)
Windows Registry Hives (0:10)
Windows NT/2000/XP Registry (0:25)
Windows Vista/Win7, 8, 10 Registry (0:18)
Windows Alternate Data Streams (1:00)
Windows Alternate Data Streams (1:12)
Windows Unique ID Numbers (1:19)
Windows Unique ID Numbers (1:37)
Other ID’s (0:39)
Section 3: Files Containing Historical Information (0:06)
Historical Files (0:19)
Historical Files (0:48)
Historical Files (0:39)
Historical Files (0:23)
Historical Files (0:50)
Splunk (0:33)
Historical Files (1:01)
Historical Files (0:18)
Event Viewer (1:11)
Historical Files (0:25)
Historical Files (0:17)
Historical Files (0:35)
Historical Files (0:28)
Historical Files (0:31)
Historical Files (0:52)
Historical Files (0:45)
Historical Files (0:25)
Historical Files (0:59)
Historical Files (0:37)
Historical Files (0:29)
Historical Files (0:32)
Historical Files (0:12)
Historical Files (0:59)
Outlook E-Mail (0:25)
Outlook E-Mail (1:34)
Web E-Mail (0:28)
Section 4: Web Forensics (0:05)
Web Forensics (0:54)
Historical Files (0:37)
IE database location (0:40)
Mozilla Firefox SQLite database (0:22)
Google Chrome (0:20)
Microsoft Edge (0:26)
Understanding The Database Files (0:09)
Understanding The Database Files (1:37)
Investigating SQLite Files (0:14)
Investigating SQLite Files (0:55)
Investigating SQLite Files (1:05)
Tables Relation (2:02)
Tables Relation (0:07)
Viewing Visited Websites (0:32)
Review (0:15)
Module 12 - Quiz
Module 13 - Electronic Discovery and Electronically Stored Information
Electronic Discovery and Electronically Stored Information (0:08)
Overview (0:06)
eDiscovery (0:18)
eDiscovery (0:27)
Discoverable ESI Material (0:26)
Discoverable ESI Material (0:32)
eDiscovery Notification (0:29)
Required Disclosure (0:25)
eDiscovery Conference (0:38)
Preserving Information (1:06)
eDiscovery Liaison (0:48)
eDiscovery Products (0:36)
Metadata (0:20)
What is Metadata? (1:32)
Data Retention Architecture (0:46)
“Safe Harbor” Rule 37(f) (0:46)
eDiscovery Spoliation (0:40)
Tools for eDiscovery (1:07)
Review (0:06)
Module 13 - Quiz
Module 14 - Mobile Forensics
Mobile Forensics (0:05)
Overview (0:10)
Section 1: Cellular Network (0:05)
Mobile Devices (0:45)
Types of Cell Networks (1:19)
What can a criminal do with Cell Phones? (0:59)
Cell Phone Forensics (0:35)
Forensics Information in Cell Phones (1:27)
Subscriber Identity Module (SIM) (0:41)
Integrated Circuit Card Identification (ICCID) (0:41)
International Mobile Equipment Identifier (IMEI) (0:25)
Electronic Seal Number (ESN) (0:30)
Section 2: Forensic Process (0:05)
Device Seizure (1:14)
Device Seizure (1:02)
Device Seizure (1:04)
Acquisition (0:03)
Data Acquisition (0:54)
Acquire Data from SIM Cards (0:45)
SIM Cards (0:35)
Mobile Device Memory (0:28)
Data Analysis (0:04)
Reality (0:31)
Analyze Information (0:44)
Analyze (0:51)
Non-Invasive Forensics (0:23)
Non-Invasive Methods (1:53)
Invasive Methods (0:45)
Forensic Methods (0:11)
Section 3: Tools (0:05)
Cell Phone Forensic Tools (0:42)
Device and SIM Card Seizure (0:26)
Cell Phone Analyzer (0:35)
Tools (0:53)
Forensic Card Reader (1:10)
ForensicSIM Tool (0:37)
Forensic Challenges (0:51)
Section 4: Paraben Forensics (0:05)
Paraben Mobile Field Kit (0:44)
Paraben Forensics Hardware (0:38)
Paraben: Power Bank (0:27)
Paraben: Mobile Field Kit (0:29)
Paraben: Wireless Stronghold Tent (0:31)
Paraben: Passport Stronghold Bag (0:49)
Paraben: Project-a-phone (0:32)
Paraben: Project-a-phone (0:22)
Paraben: SIM Card Seizure (0:24)
Paraben: Sticks (0:32)
Paraben: P2C-P2 Commander (0:49)
Review (0:11)
Module 14 - Quiz
Module 15 - Digital Forensics Reporting
Digital Forensics Reporting (0:06)
Overview (0:06)
Analysis Report (0:36)
Definition (0:11)
Computer Sciences (2:02)
Ten Laws of Good Report Writing (0:49)
Cover Page (0:49)
Table of Contents (0:43)
Examination Report (0:37)
Background (0:29)
Request (0:24)
Summary of Findings (0:20)
Forensic Examination (0:30)
Tools (0:30)
Evidence (0:22)
Items of Evidence (0:50)
Analysis (0:20)
Findings (0:22)
Conclusion (0:23)
Exhibits (0:25)
Signatures (0:17)
Review (0:15)
Module 15 - Quiz
Guideline for Acquiring Electronic Evidence
Lesson content locked
If you're already enrolled,
you'll need to login
.
Enroll in Course to Unlock