Forensic Computer Examiner

The Forensic Computer Examiner Online Training Program will help you break into this field by preparing you for the Certified Computer Examiner credential.
Temecula, CA P.O. Box 760,, Temecula, CA 92593
(951) 9723600

Course at a Glance

Mode of learning : Online - Instructor Lead(LVC)

Domain / Subject : Engineering & Technology

Function : Information Technology(IT)

Duration : 80 Hours

Difficulty : Medium

Forensic Computer Examiner

For many years, law enforcement officers have been the primary forensic computer examiners; however the need for qualified civilian forensic computer examiners is growing faster than ever. The Forensic Computer Examiner Online Training Program will help you break into this field by preparing you for the Certified Computer Examiner credential. This online certificate program is offered in partnership with major colleges, universities, and other accredited education providers.


Upon  successful completion of the Forensic Computer Examiner Online Training Program, you’ll:

  • Know what a forensic examiner may expect to encounter during an examination
  • Understand software licensing and how it affects forensic examiners
  • Explore forensic ethical standards as they apply to forensic examiners
  • Determine when a legal opinion may be necessary to prevent privacy issues from interfering with the examination or causing a valid lawsuit
  • Understand how to properly establish and maintain the physical chain of custody of media and evidence
  • Know the significance of, location of, and how to recover data from swap files, temporary files, Internet cache files, Internet cookies, mail files, and Internet sites visited
  • Be able to prevent virus introduction and prevent activation of "booby traps"
  • Understand how to find and document data, including hidden data and password-protected data
  • Discover how to present recovered and evidence data to the client in a useful format
  • Understand how to present data in court or other proceedings
  • Be fully prepared to sit for the CCE Certification testing through the International Society of Forensic Computer Examiners


This program is compatible with the Windows XP and later operating systems and IE 7 and later browsers.

Minimum Computer Requirements:

  • PC with the latest updates and BIOS (Mac computers may not be used)
  • XP, Vista or Windows 7 operating systems
  • Internet access
  • 1 GB (or more) memory
  • 10 GB or larger hard-disk drive for examination purposes
  • 2 (or more) open USB 2.0 ports

Recommended Configuration:

  • PC with the latest updates and BIOS
  • Windows 2000 or XP operating system
  • High-speed Internet access
  • 2 GB (or more) memory
  • 15 GB or larger hard-disk drive for examination purposes
  • Integrated PS/2 ports (not USB keyboard or mouse)
  • 4 open USB 2.0 ports
  • 1 open Firewire/IEEE 1394 port
  • Read/Write blocking device such as the FireFly Read/Write device made by Digital Intelligence


To enroll in this course, you’ll need to have basic computer skills, including the ability to work outside the Windows GUI interface. This is because forensic examiners  often need data that can’t easily be accessed from within Windows. Being comfortable working within the DOS environment will be very helpful in this field.

A good measure of your readiness for this program is knowing that you can successfully complete the A+ certification through Microsoft. Note that the certification is by no means a prerequisite. However, the basic knowledge needed for success in this program typically requires that you have the A+ level of experience.

A forensic computer examiner will be required to work with the hardware of a computer on many occasions, so you’ll need to have the ability or desire to remove and replace hard-disk drives from computers and change jumper settings. These topics are briefly covered within our program, but you should have these skills prior to enrolling.

To work in this field, you must not have a criminal record. This includes any felony conviction where the individual could have received a sentence of one or more years of imprisonment. This also includes any criminal history of sexually related offenses, as many digital examinations include these topics, and an examiner with this type of history could be easily discredited.

Course Syllabus

Module 1- Introduction to Computer Forensics

  • Recommended Machine Configurations
  • What makes a good computer forensic examiner?
  • Computer Forensics vs. E Discovery
  • Dealing with clients or employers
  • Work Product
  • Client Contracts
  • Legal and privacy issues
  • Software Licensing
  • Ethical Conduct Issues
  • Cases that may include digital evidence
  • Forensic Examination Procedures
  • Determining Scope of Examinations
  • Hardware and Imaging Issues
  • Floppy Diskette, USB and Optical Media Examination
  • Limited Examinations
  • Forensically Sterile Examination Media
  • Examination Documentation and Reports
  • ASCII Table
  • General Overview of Boot Process and Operating Systems
  • Floppy Diskette Sides, FD Tracks, Hard Disk Drives
  • BIOS History
  • Networked Computers
  • Media Acquisition
  • Acquisition Documentation
  • Chain of Custody

Module 2 – Imaging

  • Recommended Machine Configurations
  • Imaging Theory and Process
  • Imaging Methods
  • Write Blocking
  • Imaging Flash Drives
  • Wiping, Hashing, Validation, Image Restoration, Cloning, Unallocated Space
  • Drive Partitioning
  • One (1) Student Lab Practical Exercise

Module 3 – File Signatures, Data Formats & Unallocated Space

  • File Identification
  • File Headers
  • General File Types
  • File Viewers
  • Examination of Compressed Files
  • Data Carving – Using Simple Carver
  • One (1) Student Lab Practical Exercise

Module 4 – FAT File System

  • Logical structures of DOS, Windows 95, Windows 98
  • Master Boot Record
  • File Allocation Table
  • 16 Bit FAT
  • 32 Bit FAT
  • Directory Entries
  • Clusters
  • Unallocated Space
  • Sub-Directories
  • Six (6) Student Lab Practical Exercises

Module 5 – NTFS File System

  • Introduction and Overview
  • Basic Terms
  • Basic Boot Record Information
  • Time Stamps
  • Root Directory
  • Recycle Bin
  • File Creation
  • File Deletion
  • Examining NTFS Drives
  • Two (2) Student Lab Practical Exercises

Module 6 – Registry & Artifacts

  • Creating an Examination Boot Disk
  • Data Recovery
  • Windows Swap and Page Files
  • Forensic Analysis of the Windows Registry
  • Internet Cache Files, Cookies and Internet Sites
  • Microsoft Outlook
  • Logical Structures
  • Tracking User Specific Computer Use
  • Internet Explorer Cache Index
  • Basic Mail Issues
  • Basic Internet Issues
  • Common Situations Encountered during Examinations
  • Password Protection and Defeating Passwords
  • Compound Documents
  • FTK
  • Three (3) Student Lab Practical Exercises

Module 7 – Forensic Policy, Case Writing, Legal Process & Forensic Tool Kits

  • Use of Policy and Checklists in Forensic Practice
  • Data Presentation to Client
  • Case Report Writing
  • Legal Process
  • Expert Admission
  • Going to Court
  • Use of Forensic Tools and Software
  • One (1) Student Lab Practical Exercise – Hard drive examination


Write Your Own Review

Write your review here (required)

Is the price of course overrated?
would you recommend this course to others?
Is duration of the course sufficient enough?
Did you like the faculties?
What would you prefer in future classroom or online learning?

Disclaimer: The contents of the course & Institute are obtained from the institute’s website by automated scraping or manual updates. For the latest information, please refer the institute website directly. For any discrepancies in the content, contact us at