ISFCE Training
The ISFCE's Certified Computer Examiner (CCE) Bootcamp is the most internationally recognized, vendor neutral, hands-on digital forensics training course in the world. If you plan to testify in court, you the examiner, not the automated software product, must qualify as an "expert" witness. As an expert witness, you must know and be able to articulate what your automated software is doing. Our course will teach you how data is stored, where the data is located and how to recover all of the data. Our students will learn how to conduct thorough examinations and how to explain, interpret and draw the appropriate conclusions on what has been found and what it may mean. Regardless of which automated product that you may use, you will understand what the product is doing and you will be able to explain or testify about how and what you have found. We teach you how to conduct thorough examinations, regardless of the tools that you use.
This course will teach you the core forensic procedures that will apply to examining any operating system or file system. During our course, we provide instruction on the logical structures of the FAT file system and the NTFS logical structures. We have thoroughly studied the NTFS operating system and feel that our NTFS course material cannot be matched anywhere. The NTFS section provides detailed instruction about the partition table, the boot record, bitmaps, the root directory, the MFT, headers, attributes, resident files, non-resident files, run lists, alternate data streams, etc.
Our training focus is not only on forensic recovery techniques, but on ensuring that what you find can be admitted in court. You will learn how to establish and use sound evidence handling procedures and how to conduct examinations using sound forensic examination procedures.
Typical students for this training include government, military, law enforcement officers, those who wish to start their own forensic examination business or professionals such as network administrators, MIS and IS specialists, auditors, fraud examiners, private investigators and similar specialists who may encounter computer media that contains potential evidence or other significant data.