Live Virtual Training in Singapore time zone | Keep Learning with ALC
This course is presented as Live Virtual Training. Click for more details.

Presented in association with Cyber Digital Forensics Services (CDFS)


This is the Official CCE BootCamp® that will teach you what you need to know to successfully take the Certified Computer Examiner (CCE)® certification examination.

The Certified Computer Examiner (CCE)® BootCamp is an intensive one week training course in computer forensic examinations. This course will teach you how to conduct forensically sound computer examinations and will prepare you to take the CCE certification testing. The CCE BootCamp® is the version of the CFTCO.COM online training course. This is the original CCE BootCamp®.

New Equipment - Students will now use the all new Guardonix USB3.0 Writeblocker and Stabilizer to assist with their practical exercises.

Updated Training Material - Many updates to the training manuals include:

  • Windows 10 operating system
  • New training exercises including the latest file systems

Learning outcomes

This course is for anyone who is serious about digital forensics.  The objective is to equip participants with the knowledge to do their job properly and to collect evidence in a forensically sound manner so that it can be presented and accepted in court, if needed. Topics covered include:

  • Introduction to Computer Forensics
  • Imaging
  • File Signatures, Data Formats & Unallocated Space
  • FAT File System
  • NTFS
  • Registry & Artifacts
  • Forensic Policy
  •  Case Writing
  • Legal Process
  • Forensic Tool Kits

Who should attend

Typical audiences include:

  • Government, military, law enforcement officers
  • Professionals such as network administrators, cyber security professionals, MIS and IS specialists, auditors, fraud examiners, private investigators
  • Specialists who may encounter computer media that contains potential evidence or other significant data
  • Those who wish to start their own forensic examination practice

Course contents

Module 1 – Introduction to Computer Forensics
  • Recommended Machine Configurations
  • What makes a good computer forensic examiner?
  • Computer Forensics vs. E Discovery
  • Dealing with clients or employers
    • Work Product
    • Client Contracts
    • Legal and privacy issues
  • Software Licensing
  • Ethical Conduct Issues
  • Cases that may include digital evidence
  • Forensic Examination Procedures
  • Determining Scope of Examinations
  • Hardware and Imaging Issues
  • USB and Optical Media Examination
  • Limited Examinations
  • Forensically Sterile Examination Media
  • Examination Documentation and Reports
  • ASCII Table
  • General Overview of Boot Process and Operating Systems
  • BIOS History
  • Networked Computers
  • Media Acquisition
  • Acquisition Documentation
  • Chain of Custody
Module 2 – Imaging
  • Imaging Theory and Process
  • Imaging Methods
  • Write Blocking
  • Imaging Flash Drives
  • Wiping, Hashing, Validation, Image Restoration, Cloning, Unallocated Space
  • Drive Partitioning
  • One (1) Student Lab Practical Exercise
Module 3 – File Signatures, Data Formats & Unallocated Space
  • File Identification
  • File Headers
  • General File Types
  • File Viewers
  • Examination of Compressed Files
  • Data Carving
  • One (1) Student Lab Practical Exercise
Module 4 – FAT File System
  • Logical structures of DOS and the Windows Operating System
  • Master Boot Record
  • File Allocation Table
    • 16 Bit FAT
    • 32 Bit FAT
  • Directory Entries
  • Clusters
  • Unallocated Space
  • Sub-Directories
  • FORMAT
  • Six (6) Student Lab Practical Exercises

Why do we still teach the DOS FAT file system?
A sound understanding of the FAT file system is essential, as it is still a very common file system widely used in portable devices such as USB thumb drives, digital camera flash cards and mobile phones. These types of portable media can often hold valuable forensic evidence. For this reason, understanding the FAT file system is an important part of becoming a qualified digital forensic examiner.

Module 5 – NTFS
  • Introduction and Overview
  • Basic Terms
  • Basic Boot Record Information
  • Time Stamps
  • Root Directory
  • Recycle Bin
  • File Creation
  • File Deletion
  • Examining NTFS Drives
  • Two (2) Student Lab Practical Exercises
Module 6 – Registry & Artifacts
  • Creating an Examination Boot Disk
  • Data Recovery
  • Windows Swap and Page Files
  • Forensic Analysis of the Windows Registry
  • Internet Cache Files, Cookies and Internet Sites
  • Microsoft Outlook
  • MSMAIL
  • Logical Structures
  • Tracking User Specific Computer Use
  • Internet Explorer Cache Index
  • Basic Mail Issues
  • Basic Internet Issues
  • Common Situations Encountered during Examinations
  • Password Protection and Defeating Passwords
  • Compound Documents
  • Examining CDR Media
  • Three (3) Student Lab Practical Exercises
Module 7 – Forensic Policy, Case Writing, Legal Process & Forensic Tool Kits
  • Use of Policy and Checklists in Forensic Practice
  • Data Presentation to Client
  • Case Report Writing
  • Legal Process
  • Expert Admission
  • Going to Court
  • Use of Forensic Tools and Software
  • One (1) Student Lab Practical Exercise – Hard drive examination

Course fees

The fee for the course is:

  • $6,250 + GST
PreRequisites

You should have an understanding of Digital Forensics at least comparable to what is covered in the Digital Forensics & Data Analysis 101 course.

Assessment and Certification Exam

Approximately 40% of the CCE BootCamp® consists of hands-on, comprehensive practical exercises. Successful course completion requires the submission of at least three written reports based on the results of specific practical exercises. These reports may be submitted to the instructors during the training class or within the 6 weeks of additional instructor support provided at the conclusion of the training class.

Students must have strong computer skills, including the ability or desire to work outside the Windows GUI interface and work with computer hardware. The online multiple choice portion of the CCE certification test is administered at the end of each CCE BootCamp®.