• No results found

Of the programs offered by IACIS, the Basic Computer Forensic Examiner (BCFE) Training Program is at the forefront.

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Of the programs offered by IACIS, the Basic Computer Forensic Examiner (BCFE) Training Program is at the forefront."

Copied!
7
0
0

Loading.... (view fulltext now)

Download now ( 7 Page )

Full text

(1)

BCFE 2015

BASIC Certified Forensic Examiner Training Program Program Description and Syllabus

Contents

A. Program Overview B. Prerequisites

C. Automated Forensic Tools, Forensic Hardware, and Software D. Required Equipment and Supplies

E. Attendance and Program Conduct Requirements F. Course Schedule for Week 1 and Week 2

A. Program Overview

IACIS is an independent, non-profit, peer-review organization that has been recognized as a leader in computer forensics training since 1991. Each year IACIS offers several courses of study, at various locations worldwide, including a variety of advanced and specialized courses and programs that are specifically targeted to a particular topical focus or a particular sub-specialty within the field of computer forensics.

Of the programs offered by IACIS, the Basic Computer Forensic Examiner (BCFE) Training Program is at the forefront.

The IACIS BCFE Training Program is a 80-hour course of instruction this is offered over a period of two (2) consecutive weeks, and which is designed to provide students with the foundation knowledge necessary to enter the IACIS Certified Forensic Computer Examiner (CFCE) process. Through a combination of lectures, instructor-led and independent hands-on practical exercises, and independent laboratory activities students will learn the underlying principles of computer forensic examination and how to apply them in practice.

While this program might seem to be primarily for those students who are new to or just starting out in the field of computer forensics, it is in fact equally suitable for more advanced students and those who are long-time practitioners: IACIS espouses, and the BCFE program champions, a forensic tool-independent and forensic methodology-independent approach to learning computer forensics. This enables IACIS to provide students with a deeper exploration of underlying principles than might be afforded in other programs, which are designed to teach students how to use a particular forensic tool to complete a particular task.

Approximately 90% of what is needed for students to successfully complete the BCFE program and the subsequent certification process is provided during course program

(2)

lectures and practical exercises, and so students are expected to do additional outside reading and to perform additional independent research.

The program schedule includes substantial laboratory time (optional) for students who need or want additional assistance on particular topics.

B. Prerequisites

While there are no prerequisites for entry into the BCFE program beyond the applicable IACIS membership requirements, students are expected to be comfortable using a computer and working with electronic devices; and students should have an appropriate interest in the field of computer forensics generally.

And while students are also expected to be familiar with the Windows family of operating systems, no advanced level knowledge of the various Windows versions or editions is expected or required. That said, the student whose experience with Windows is limited to Windows XP versions and earlier may find the BCFE program very challenging.

Finally, while knowledge of and experience working within different operating system environments such as DOS, various versions of Apple/Mac/iOS, and various flavors of the Linux operating system can be helpful for students, such knowledge and experience are by no means required for successful completion of the BCFE program or the CFCE process.

It is important to note that the BCFE program does not distinguish between someone who has very basic computing skills and who is just starting out in the field of computer forensics, and one who has more advanced knowledge of computers or prior training in general information technology topics or in computer forensics.

Certainly one who has more extensive experience will initially be more comfortable with some of the foundational course material, but as the program advances whatever “knowledge gap” there might be at the start of the program will quickly close.

In the end, all students are considered at the same level, as it were; and individual courses are constructed with this in mind.

C. Automated Forensic Tools, Forensic Hardware, and Software

IACIS espouses a forensic tool-independent and forensic methodology-independent approach to teaching computer forensics. To this end, IACIS does not endorse or support any particular forensic software tool, forensic hardware device, or any particular software program generally.

Students are not required or expected to have any knowledge of any particular forensic software or automated tool suite; and in fact there is no expectation that students in the BCFE program be familiar with or have any experience using any particular software program.

(3)

forensic hardware device or component.

The above notwithstanding, automated and manual forensic software tools will be used during instructional modules to illustrate teaching points and to facilitate MANUAL study of data structures and data recovery by using a limited functionality of particular tool or suite of tools. Similarly, particular forensic hardware devices might also be used to teach students about particular forensic processes.

In cases where use of any particular hardware item or software program of any type is required for an instructor-led activity, in-class practical exercise, or independent laboratory exercise, students will be provided access to the particular hardware item or software program, and there will be instruction as to the use of that particular hardware item or software program for the limited purpose of the activity at hand.

So there are no misunderstandings, regardless of what hardware item or software program might be used, the purpose of any instruction that might be provided with respect the item or program is intended solely for the immediate purpose of the instructional block at hand, and is not designed to provide specific training on that hardware item or software program.

D. Required Equipment and Supplies

Students will be supplied with all of the materials needed to successfully complete the BCFE program.

This includes a program manual that includes instructor-led practical and independent laboratory exercises, various hardware and software tools/items, and other items and resources that are needed for particular courses or that might be of benefit later, in the field.

Students are not required to bring a computer with them to the training program. With participation in the BCFE training event, IACIS is providing each student a laptop computer for their use during the event and also to take home with them and use. Along with the laptop, student will also receive a write-blocker amongst other equipment. The BCFE Training is contained in three (3) printed manuals. Students should be aware that they will be returning home with more baggage than they came with and should make arrangements for this.

In the past, IACIS has tried to get a package mailing company to stop by the hotel towards the end of the event so that students can ship extra equipment back to their homes or Agencies. This is at the students’ own cost. IACIS will try to find a similar vendor for 2015, but if that is not possible, there is a UPS store within walking distance from the hotel.

Students may bring a laptop computer or other digital device with them for personal use outside of the classroom. Students are not permitted to use their personal laptop computers, pad/tablet computing devices, cellular telephones, and other personal computing devices in the classroom.

(4)

E. Attendance and Program Conduct Requirements

The BCFE program provides approximately eighty (80) hours of instruction in various computer forensics courses. The program runs for two (2) consecutive weeks, Monday through Friday, from 8:00 AM to 5:00 PM daily each week, with a one (1) hour break for lunch from 12:00 noon to 1:00 PM each day. On the 2nd Friday of the program, the event will conclude by 5:00 PM after closing ceremonies, as noted below. Courses are timed using the traditional “50 minute hour” to allow for a short break near the top of each hour, whenever possible.

On the first day of the program, the first hour (from 8:00 AM to 9:00 AM) is used for administrative purposes such as staff introductions and providing students information about the programming to follow. That hour is considered part of the overall program due to the vital information provided.

The afternoon on the last day of the program (3:00 PM to 5:00 PM) is dedicated to various administrative and IACIS membership services topics. This includes a critical presentation on the Certified Forensic Computer Examiner (CFCE) process. At the conclusion of the presentations students who met all requirements for successful completion of the program will be issued certificates of completion for the BCFE program. So there is no misunderstanding, the certificate of completion awarded to students who successfully complete the 80-hour BCFE course of instruction and is not the IACIS Certified Computer Forensic Examiner certificate. The CFCE process is a process unto itself. The CFCE process will be addressed during the BCFE program.

Students are expected to attend all training sessions. Classes begin promptly at 8:00 AM, and students are expected to be prepared to begin the instructional day at that time. Classes will always continue until 5:00 PM on each class day. On the final day, the program will close by 5:00 PM.

It is important for students to understand that the presentations in the afternoon of the last day, are considered mandatory: The bulk of the afternoon consists of a lengthy session addressing the CFCE process, and it is during this time that all of the information regarding that process is presented to students. Moreover, vital information is provided on what IACIS services and resources are available to members; and instructions are provided on how these services and resources are accessed. Due to the important information being discussed towards the end of the training event, information that will help you during the CFCE process, please do not book return flights out of Orlando before 7:00 or 7:30 p.m. on Friday to allow for security clearances and traffic to the airport.

IACIS understands that unforeseen circumstances and emergency situations may arise, and so students are permitted to briefly leave the classroom to deal with such situations. That said, students who have prolonged absences from class may not be issued a certificate of completion at the end of the program, and may not qualify for entry into the CFCE process.

While students are encouraged to take notes during classes, activities, and laboratory sessions, students are not permitted to use their personal laptop computers or other

(5)

session.

Students are expected to dress professionally and appropriately for a “business casual” environment (collared shirt, slacks, etc.). Shorts, tank tops, sandals, flip-flops, and similar casual apparel will not be permitted in the classroom at any time.

Something for students to consider is that the classroom is air conditioned, and the temperature is set lower than what one may typically expect to keep the room comfortable given the heat that can be generated by a large group people and over 200 computers. At times, however, when the computers are idle, the room can become too cold for some students, so one might consider bringing a sweater or light jacket to wear. Students must be mindful of the fact that the classroom is large, with approximately 200 students and staff. Even small distractions can make it difficult for others to hear or to remain focused on the instructor. So, then, students are asked to be courteous and aware of their fellow students.

During classes, students are expected to be attentive and fully engaged. Cell phones must be put on “vibrate” or “silent” mode, and students should step out of the classroom if it becomes necessary.

The training event takes place at the Marriott Lake Mary, 1501 International Parkway, Lake Mary Fl 32746, Phone 407-995-1100. The hotel is located about 40 miles from the Orlando International Airport (MCO). A taxi ride from MCO to the hotel can cost $80.00 (US) and up, based on traffic congestion at the time. Towards the start of the training event, you may be able to post to the IACIS Listserv to find cab-share for students.

There are many eating establishments within walking distance from the hotel including a supermarket, banks, and a cleaner. The hotel does have a coin-operated laundry facility.

(6)

F. BCFE Course Schedule – Week 1

Week 1 Monday Tuesday Wednesday Thursday Friday

8:00   Opening  Ceremonies  and  Administrative  Tasks   Structures  Disk   NTFS File System Identification Hardware Acquisition & Validation, Control 8:30    Admin  Task/Competencies      

08:50-­‐9:00   Break   Break   Break   Break   Break   9:00   Numbering Systems Structures  Disk   NTFS  File  System   First  Responder  I  -­‐  Planning  

Validation, Acquisition &

Control 9:50-­‐10:00   Break   Break   Break   Break   Break  

10:00   Numbering Systems FAT File System NTFS  File  System   First  Responder  II  -­‐  Crime  Scene   Acquisition & Validation, Control 10:50-­‐

11:00   Break   Break   Break   Break   Break   11:00   Introduction to WinHex FAT  File  

System  

NTFS  File   System  

First  Responder  II   -­‐  Crime  Scene  

Validation, Acquisition &

Control 11:50-­‐

13:00   LUNCH   LUNCH   LUNCH   LUNCH   LUNCH   13:00  

BIOS, Boot Sequence, and Boot

Environments

FAT  File  

System   NTFS  File  System  

Intro to Forensic Analysis & Practical Scenario Validation, Acquisition & Control 13:50-­‐

14:00   Break   Break   Break   Break   Break   14:00  

BIOS, Boot Sequence, and Boot

Environments

FAT  File  

System   NTFS  File  System   Legal/Ethics  

Forensic Acquisition Practical Exercise 14:50-­‐

15:00   Break   Break   Break   Break   Break   15:00  

BIOS, Boot Sequence, and Boot Environments FAT  File   System   NTFS File System Legal/Ethics Forensic Acquisition Practical Exercise 15:50-­‐

16:00   Break   Break   Break   Break   Break   16:00   Disk Structures FAT  File  System   NTFS File

System Hashing & Hash Sets Forensic Acquisition Practical Exercise 16:50-­‐

(7)

F. BCFE Course Schedule – Week 2

Week 2 Monday Tuesday Wednesday Thursday Friday

8:00 Active File Review Windows Registry File Metadata P2P Cloud Storage

08:50-9:00 Break Break Break Break Break

9:00 Windows Artifacts Windows Registry Compound Files P2P Strategies Search

9:50-10:00 Break Break Break Break Break

10:00 Windows Artifacts Windows Registry Internet Artifacts (Browsers)

Mac Triage Forensic Methodologies

10:50-11:00 Break Break Break Break Break

11:00 Windows Artifacts Encryption Artifacts Internet (Browsers)

Mac Triage Report Writing

11:50-13:00 LUNCH LUNCH LUNCH LUNCH LUNCH

13:00 Windows Artifacts Encryption Artifacts Internet (Browsers)

Mac Triage Courtroom Testimony

13:50-14:00 Break Break Break Break Break

14:00 Windows Artifacts File Headers and Carving Artifacts Internet (Browsers) Small Scale Devices Courtroom Testimony

14:50-15:00 Break Break Break Break Break

15:00 Windows Artifacts File Headers and Carving Artifacts (Social Internet Media)

Small Scale

Devices Administrative / eServices

15:50-16:00 Break Break Break Break Break

16:00 Windows Artifacts File Headers and Carving Internet Artifacts (Email) Small Scale Devices Certification Process 16:50-17:00 END OF

DAY END OF DAY END OF DAY END OF DAY END OF DAY

References

Download now ( PDF - 7 Page - 339.93 KB )

Related documents

Development of Science Education Peer Assessment Scale: Validity and Reliability Study

In this study, it is aimed to develop the Science Education Peer Comparison Scale (SEPCS) in order to measure the comparison of Science Education students'

Image Recognition in Artificial Intelligence

By first analysing the image data in terms of the local image structures, such as lines or edges, and then controlling the filtering based on local information from the analysis

Download microsoft excel without key how to use

How the study was conducted The researchers used a 3-D global atmospheric download to predict how the radioactive material download move over earth and a health-effects model to see

Implementing the Nash Program in Stochastic Games

All stationary perfect equilibria of the intertemporal game approach (as slight stochastic perturbations as in Nash (1953) tend to zero) the same division of surplus as the static

Breeding Strategies for Maintaining Colonies of Laboratory Mice

How Many Breeding Females are Needed to Produce 40 Male Homozygotes per Week Using a Heterozygous Female x Heterozygous Male Breeding Scheme With 15% Non-Productive Breeders.

Essays on the production and commercialization of new scientific knowledge

Quality: We measure quality (Q in our formal model) by observing the average number of citations received by a scientist for all the papers he or she published in a given

Development Finance Institutions in Nigeria: Structure, Roles and Assessment

The aim of the Association is to create a forum for DFIs in Nigeria to discuss and exchange ideas on issues of common interest, provide a platform for members to co-operate

Influenza vaccination among healthcare workers in a multidisciplinary University Hospital in Italy

The aim of this study was to evaluate the current vac- cination status of the HCWs in all of the Departments different from the Department for the Health of Women and Children of one