The Basic Computer Forensic Training seminar is designed as an introductory or refresher course for professionals involved in the acquisition and processing of computer evidence. It covers how to conduct a computer forensic analysis and the concepts behind the techniques. Mastery of this material will provide a thorough foundation on which to build an advanced practical knowledge of computer forensics.

Minimum Prerequisites: A basic knowledge of computers and DOS commands and the ability to efficiently use the keyboard to maneuver through the file system.

Course Overview
Cyber crime: Computer evidence investigations; how criminals use computers.
Hardware identification: How to identify the hardware components of a computer system and understand their functions.
File name: Proper naming conventions for files and directories.
Forming command lines: Practice creating and formatting proper command lines using paths, relative paths, and meta characters.
Common commands: Practice using internal and external operating system commands.
EVERYDAY DOS: Using the capabilities of the operating system to enhance productivity.

Batch files and scripots: Understanding the importance of batch files in forensic analysis.
Bits/Bytes/Data storage: How computers store information at the bit and byte level.
Physical drive structures of floppy disks: The physical setup/design of floppy disk drives.
Physical drive structures of hard disks: Understanding the layout of hard drives.
Partitions and formatting: Practice disk partitioning and formatting.
Operating system identification: Learn to recognize the type of operating system partition by the single byte that identifies it. Identifying the files needed to boot a computer and where the boot sector(s) are located.
Sectors and clusters: How sectors and clusters relate to forensics.
Boot sequence: Learn to outline the boot sequence of a PC and how to control this process.
Boot up: Which files are needed to boot a system--optional and required files.

Diskeditors: Learn about and use disk editors.
Managing the file system: Practice using a disk editor to view FAT file systems.
Erasing files: What happens when DOS/WIN9X deletes a file.
Unerasing files: Practice using automated methods to un-erase data.
File types/headers: What distinguishes one type of file from another. Practice examining file headers.
Preserving evidence: Electronic evidence is volatile. Learn how to protect it.

Creating boot disks: Practical experience creating proper forensic boot disks.
Forensic processing: Basic considerations when seizing computers. Designing procedures that are defensible in court.
File catalog: Benefits and rationale for cataloging all the files on a system and recording the hash values(with practice).
Disk imaging/copying procedures: Practice in performing disk imaging and copying.
Create work copy: Learn how to create forensically sound work copies and why. Practice restoring an image to a work copy.
Data compression: What is data compression and how it can be used to hide data. Practice using a compression program.
Encryption: Learn the basic concepts of encryption.
Key Word Searching: Master key word searching and learn to develop meaningful keyword lists.

Graphic processing: Learn about steganography and how to use software which can display various graphics files.
Raid kit/ Raid planning: Determining which hardware and software to include in a raid kit.
Search Warrant wording: Review some of the key wording needed to create a valid search warrant.
Federal/State statutes: Learn about federal and state computer crime statutes.
Final exam (measure your knowledge)

Top