1. SKIP_MENU
  2. SKIP_CONTENT
  3. SKIP_FOOTER
Continental Conferences

Continental Conferences

  IICFIP Forensic Conference for Africa This will be training events bringing m...
Global Conferences

Global Conferences

The IICFIP shall organize global conferences two times a year in different continents ...
National Conferences

National Conferences

  The IICFIP National Networking Forums in every country shall organize at least one...
  • Continental Conferences

    Continental Conferences

  • Global Conferences

    Global Conferences

  • National Conferences

    National Conferences

CERTIFIED DIGITAL FORENSICS PROFESSIONAL (CDFP)

CERTIFIED DIGITAL FORENSICS PROFESSIONAL (CDFP)

A person who aspires to become a digital forensics expert that earns great income must go through this accrteditation training for at least 12 months.

Module – 1: INTRODUCTION TO DIGITAL FORENSICS
1.    Digital Forensics – definitions and taxonomy
2.    Traditional forensics vs. digital forensics
3.    “Live System” forensics – relevance and challenges
4.    SWGDE Best Practices 

Module – 2: LEGAL ASPECTS OF DIGITAL FORENSICS
1.    Foundations of computer crime law
2.    Basics of criminal justice system – relevance of digital forensics and digital evidence
3.    Rules relating to admissibility of evidence in the context of digital evidence – constitutional and statutory provisions in common law and civil law systems
4.    Search, seizure and chain of custody related issues in digital crime scenarios
5.    Search warrants and implications of time constraints
6.    What you can and cannot take as evidence – commingled data
7.    Hearsay law and exceptions to it
8.    Legality of techniques used in interviews during crime investigation
9.    Concept of MOM and its applicability in computer crime handling
10.    Good practices in preparing for and providing testimony in digital crime cases
11.    18 USC § 1029, 1030 and 2511 – key elements of American law on digital crimes
12.    UK Regulation of Investigatory Powers Act, 2000
13.    European Union Convention of Cyber Crimes, Council of Europe CTS 185
14.    Instructor to add a module on the local cyber laws depending on the place of delivery of the course

Module – 3: BASICS OF FORENSIC SCIENCE
1.    Role of forensics in crime investigation
2.    The principle of “scientific methods” and basics of forensic protocols
3.    Sound reporting practices and professional ethics
4.    Crime Scene investigation – generally accepted good practices

Module – 4: INTRODUCTION TO CYBER CRIMINOLOGY
1.    Applying principles of criminology to digital crimes
2.    Computer usage in crimes and unlawful / unethical conduct
3.    Forms of cyber crimes
4.    Technological and victimological perspectives of digital crimes
5.    Shifting preference for cyber crimes over other forms of crimes
6.    Paradigm shift in motivation to commit cyber crimes
7.    Profile of perpetrators and victims of cyber crimes
8.    Cyber dimension to traditional financial crimes
9.    Issue of volatility of digital crime scenes
10.    Forensic cycle as applied to digital crimes – identification, preservation, examination, analysis and reporting
11.    Imaging, restoration and validation of crime related data
12.    Formulating and testing a hypothesis about a possible digital crime or event
13.    Analysis platforms and genres of tools
14.    Digital forensic examination vis-à-vis those conducted by other forensic disciplines
15.    Preserving non-digital evidence during digital forensic process

Module – 5: OPERATING SYSTEMS – WINDOWS, UNIX, LINUX AND MAC
1.    Underlying components and functionality
2.    Basics and boot process internals
3.    Administrative capabilities and user features
4.    System requirements and interoperability
5.    Legacy and current versions – key differentiators
6.    Navigating file structures
7.    OS vulnerabilities
8.    OS resident malware
9.    Data hiding techniques specific to different OS

Module – 6: HARD DRIVES
1.    Internals
a.    Cylinder structure
b.    Power on routine
c.    Systems area
d.    Bad block tables – G-list and P-list
e.    Heads – R/W and GMR
f.    Platter structures
2.    Hard drive recovery techniques
a.    Replacing the heads
b.    Swapping the platters
c.    PCB swaps

Module – 7: PARTITIONS AND STORAGE
1.    Partitions & Volumes
a.    DOS
b.    Apple
c.    Removable media
d.    Servers – BSD and Solaris
e.    RAID
f.    Spanned Disks
2.    Recovering deleted partitions
3.    File Systems – definitions and taxonomy
4.    FAT
a.    Definition and examples
b.    File system and contents
c.    FAT structure
d.    Boot sector
e.    FAT32
f.    Naming convention
5.    NTFS
a.    Basic vs. dynamic discs
b.    MFT
c.    Recovery techniques
6.    ext2/ext3
a.    Definition and concept
b.    Architecture
i.    Superblock
ii.    Group descriptor tables
iii.    Links
7.    Ufs 1 and Ufs 2
a.    Definition and concept
b.    Architecture
i.    Superblock
ii.    Inodes

Module – 8: DIGITAL FORENSIC ANALYSIS – FIRST STEPS
1.    Understanding hard drive interfaces
a.    SCSI
b.    IDE
c.    SATA
d.    Fibre Channel
2.    Data integrity verification
a.    MD5
b.    SHA-1
c.    SHA-512
3.    Maintain data integrity
a.    Write blockers
i.    Hardware
ii.    Software
4.    Imaging
a.    Physical hard disk and validation of copy
b.    Logical drive and validation of copy
c.    Different digital storage devices and validation of copies
5.    Tools used for imaging
a.    Common characteristics
b.    Caveats in using tools
c.    Documentation of results obtained using tools

Module – 9: LAB EXERCISE – 1
         This lab exercise covers the contents of modules 6, 7 and 8
Candidates will be given scenarios covering the learning in the three earlier modules and hands-on exercise   will  be carried out by each candidate under the supervision of the instructor.

Module – 10: LAB EXERCISE – 2
Using the results obtained in Lab Exercise – 1, candidates will do the following:
1.    Identification and documentation of the evidence obtained
2.    Analysis and interpretation of the evidence obtained in the form in which it will be presented to the prosecutor or the court
3.    Complete a comprehensive forensic analysis report.  Candidates will be guided by the instructor in usage of correct legal terminology, focus on the issue at hand and relating the evidence to the crime being investigated or adjudicated.

Module – 11: Data hiding & recovery techniques
1.    Unallocated space in storage devices
a.    Fragmentation
b.    Obfuscating strings
2.    File binding and file wrappers
3.    Registry
4.    Object linking and embedding (OLE)
5.    Manipulation of file headers and extensions
6.    String search for information
a.    Signatures
b.    Segmentation
c.    Combining files
d.    String attributes
7.    Steganography
a.    Definition and limitations
b.    Differentiate from watermarking
c.    Steganalysis
8.    Password storage and recovery
9.    Deleted files and formatted storage devices
10.    Evidentiary data transferred to avoid seizure

Module – 12: LAB EXERCISE - 3
This lab exercise covers the contents of modules 11
 Candidates will be given scenarios covering the learning in the data hiding techniques and recovery.  Hands-on exercise will be carried out by each candidate under the supervision of the instructor.

Module – 13: E-Mail Forensics
1.    Commonly used mail clients and characteristics
2.    Analysing mail client settings
3.    E-mail policy for adoption by the users
4.    Forensic analysis of mail servers
a.    Access controls and privileges
b.    Archival of mails
c.    Access Logs
5.    Analysing e-mail headers
6.    Deleted e-mail recovery
7.    Deleted attachment recovery
8.    Mail headers analysis
9.    Tracing e-mails
10.    Tracing back web-based e-mails
11.    .pst files – default locations, integrity and extraction
12.    Fake mails and spams
13.    E-mails as evidence in a court
14.    Sending e-mails via Telnet

Module – 14: LAB EXERCISE - 4
This lab exercise covers the contents of modules 13. Candidates will be given scenarios covering the learning in e-mail forensics.  Hands-on exercise will be carried out by each candidate under the supervision of the instructor.

Module – 15: Web Forensics
1.    Analyzing Cookies, Spiders, Applets and Active-X
2.    Reconstructing web browser activities
3.    Tracing and analysing temporary files
4.    Recovering cleared histories
5.    Registry artefacts
6.    DNS analysis to detect spoofing
7.    Stored data – Pass View
8.    Auto completion of forms
9.    Investigating Cross-Site Scripting (XSS)
10.    Anatomy of CSRF Attack
11.    Pen-testing CSRF Validation Fields
12.    Investigating Code Injection Attack
13.    Investigating Cookie Poisoning Attack
14.    Investigating Buffer Overflow
15.    DMZ Protocol Attack, Zero Day Attack
16.    Tools for Locating IP Address
17.    Reconstructing browsing activity
18.    Recovering protected storage data in IE

Module – 16: LAB EXERCISE - 5
This lab exercise covers the contents of modules 15
Candidates will be given scenarios covering the learning in carrying out a forensic analysis on a web based application or on a web site.  Hands-on exercise will be carried out by each candidate under the supervision of the instructor.

Module – 17: Windows Forensics
1.    Basics of Windows OS
a.    Memory dumps
b.    Registry
c.    Registry data and editing
d.    Backing up the complete registry
e.    Back up of system state
f.    Default processes in different versions of Windows
g.    Process monitoring
h.    Find and view hidden files
i.    NTFS streams – detection and understanding
j.    Rootkits
k.    Trojans and Back doors – detection and removal
l.    Windows Swap files – content and editing
2.    Basic Windows “Live” forensics: volatile data
a.    Network connections, ports and processes
b.    Open files and handles
c.    Routing table
d.    System memory
3.    Basic Windows “Live” forensics:  non-volatile data
a.    System version, time and date stamps
b.    Login history
c.    Registry contents
d.    Audit and logging policies
e.    Analysing event viewer
f.    Logparser – usage and querying

Module – 18: Advanced Windows forensics
1.    Understanding Windows internals
2.    Memory management
3.    Cache management
4.    System architecture
5.    Analyzing memory dumps
6.    Win32 Rootkits
7.    Trojan infected files and processes
8.    Descriptor table attacks

Module – 19: Unix / Linux “Live” forensics
1.    Volatile data analysis
a.    Network connections, ports and processes
b.    Open files and handles
c.    Routing table
d.    Kernal modules
e.    Mounts
2.    Non-volatile data analysis
a.    System version, time and date stamps
b.    Logs and history files

Module – 20: LAB EXERCISE - 6
This lab exercise covers the contents of modules 17-19
Candidates will be given scenarios covering the learning in carrying out forensic analysis of Windows and Linux / Unix systems.  Hands-on exercise will be carried out by each candidate under the supervision of the instructor.

Module – 21: Log Analysis
1.    Types of logs in computer systems
2.    Log and audit settings
3.    Securing local or host logs
4.    Setting up and securing remote logging systems
5.    Application, Event and Security logs
6.    Extended logging
7.    Monitoring logs for intrusion and  infractions
8.    Time synchronization
9.    Scripting and event log tools
10.    Principle of end-to-end forensic trace
11.    Correlation based on log analysis
12.    TCP dumps and analysis
13.    Automating log analysis
14.    Alerts based on log analysis

Module – 22: LAB EXERCISE - 7
This lab exercise covers the contents of modules 21
Candidates will be given scenarios covering the learning in log analysis and interpretation.  Hands-on exercise will be carried out by each candidate under the supervision of the instructor.

Module – 23: Passwords
1.    Password attacks
a.    Brute Force Attack
b.    Dictionary Attack
c.    Syllable Attack
d.    Rule-based Attack
e.    Hybrid Attack
f.    Password Guessing
g.    Rainbow Attack
2.    CMOS Level Password Cracking
3.    Pdf Password Crackers
4.    Password Cracking Tools

Module – 24: Network Forensics
1.    The OSI Model for Networks
2.    TCP/IP fundamentals and internals
3.    Protocol analysis
4.    Routing and Switching concepts relevant to forensic analysis
5.    Packet construction
6.    Layer wise vulnerabilities and forensics
7.    Capture and filter Packets
8.    Packet Analysis
9.    IP, ARP and DNS spoofing
10.    DHCP Configuration
11.    DHCP Logging
12.    Passive Evidence Acquisition
13.    Network Taps
14.    Filtering at the Byte and Bit Level
15.    Firewall Configuration
16.    Understanding ACLs
17.    Extracting and interpreting firewall configurations
18.    Firewall Log analysis
19.    Firewalls as data sources
20.    Modifying ACLs to provide evidence
21.    NIDS and HIDS
22.    Honey pots and honey nets
23.    Enticement and entrapment
24.    Keeping the attack system live for better evidence
25.    Anatomy of a typical hack on a network:
a.    Foot printing and information gathering
b.    Locating and tracing the target
c.    Scanning – purpose and methods
d.    Enumeration –
i.    identifying default state
ii.    establishing null session
iii.    SNMP enumeration
iv.    ADS enumeration
e.    Intruding into a network
i.    Password cracking
ii.    Social engineering
iii.    Understanding Kerberos authentication
iv.    Working on NTLM, LM and EFS
v.    Escalating privileges
vi.    Create impact on the information asset
f.    Exit without trace
i.    Clearing tracks
ii.    Disabling or clearing audit records
iii.    Clearing all temporary files
iv.    Manipulating or clearing logs

Module – 25: LAB EXERCISE - 8
This lab exercise covers the contents of modules 23 and 24
Candidates will be given scenarios covering the learning in network forensics.  Hands-on exercise will be carried out by each candidate under the supervision of the instructor.

The CDFPs can enrol for a Master of Science Degree in Cyber Forensics and Criminology. Those with other training on cyber forensics plus a bachelors degree in information technology and at least three years digital forensics experience can apply for CDFP straightaway.

 

Subscribe For Newsletter

IICFIP.ORGIICFIP.ORGIICFIP.ORG

We have 40 guests and no members online

The CFIP, CDFP, CFIE

the-cfip-cdfp-cacc-cmip The IICFIP confers a general professional accreditation in forensic investigation i.e. Certified Forensic Investigation Professional...

Find a CFIP

find-a-cfip   The find a CFIP facility enables firms and individuals desiring to connect with a forensic investigation professional from any country...

Find an Investigation Firm

italy1. CYBERA SRL,Security & Investigations,Digital Forensics LAB,Viale Indro Montanelli 102,00168 Rome...

Books & Manuals

books-manuals-short-courses Books and manuals are the tools for not only training but investigations. Quality and relevant books go a long way in assist certification students...