Together, Reducing Fraud Worldwide

Digital Forensics Tools and Techniques: Taking Fraud Examination to the Next Level


Share |

  CPE Credit: 16
Course Level: Intermediate
Prerequisite: A fundamental understanding of digital evidence sources and collection procedures


 

This intermediate-level course will introduce you to the processes, tools and techniques used by computer forensic examiners, as well as supplement Introduction to Digital Forensics
 

Course instructors will provide an overview of techniques and processes used by computer forensic examiners, as well as a demonstration of the software and hardware tools most commonly used by forensic professionals. You will learn about various computer forensic procedures, as well as best practices in securing, obtaining and analyzing digital evidence pertaining to fraud investigations. 

 

Gain the tools you need as a fraud examiner to understand and analyze digital evidence. This course will enable you to make the right decisions pertaining to digital forensics in your investigations.  

 

Upcoming Courses 

No courses are scheduled at this time. Please view our Calendar of Events for additional learning opportunities.

 

You Will Learn How To:  

Utilize the processes and techniques involved in a computer forensic examination

Define the pros and cons of various forensic software tools

Recognize forensic hardware that can be brought to bear in a fraud examination

Apply various data-acquisition methods

Implement evidence search and analysis strategies

Obtain forensics from smartphones and other mobile devices 


Who Should Attend:  

Attorneys, legal professionals and law enforcement personnel

Detectives and private investigators

IT professionals

Internal auditors, forensic accountants and bank examiners

Certified Fraud Examiners and other anti-fraud professionals 

Fees 

Members: $795
Non-Members: $945

 

CPE Credit 

16

 

Field of Study
Computer Science 

 

Course Level
Intermediate 

 

Prerequisite
A fundamental understanding of digital evidence sources and collection procedures 


Advanced Preparation 

None

  

Delivery Method 

Group-Live
  

  Day One  
7:30-8:00 a.m.   Registration & Continental Breakfast   
8:00-9:20 a.m. 

Forensic Methodology and Logistics 

This session will provide a condensed review of the key learning objectives related to the forensic process: issues to consider and strategic planning for this component of the fraud examination.

9:20-9:35 a.m.  Break 
9:35-10:55 a.m. 

Understanding File Systems 

In this section, participants will get a better understanding of how operating systems store information. We will examine how the most common file systems function and how data is stored on these systems.

10:55-11:10 a.m.  Break  
11:10 a.m.-12:30 p.m. 

Analyzing Windows Systems 

In this block, we will examine where evidence resides on current Windows platforms. Participants will learn how to examine the Windows Registry, Windows Event logs as well as Internet usage, focusing on the tools and techniques used to perform such analysis.

12:30-1:30 p.m.  Group Lunch  
1:30-2:50 p.m. 

Forensic Equipment 

An ever-growing variety of computer forensic hardware and equipment is now available in the marketplace which can be brought to bear in a fraud examination. Specialized computers have been designed for both laboratory and field use to provide a wide range of forensic capabilities far beyond those of standard consumer products. Portable devices designed to create forensic images of computer hard drives, and a wide variety of write-blocking devices (to ensure that no data can be written to a drive being imaged) now provide the computer forensic examiner with a significant variety of useful tools.

2:50-3:05 p.m.  Break  
3:05-4:25 p.m.  

Forensic Software 

Specialized forensic software applications contain useful tools to facilitate forensic data acquisition and validation of the acquired data, and can provide analytical capabilities that allow the fraud examiner to uncover and document electronic evidence. However, the features of these applications can vary widely, and computer forensic examiners must be aware of both what products are available and their capabilities. The leading products, such as EnCase and The Forensic Toolkit, will be discussed along with other software alternatives that the examiner may wish to consider for their computer forensics toolbox.

 

 

  Day Two 
7:30-8:00 a.m.   Continental Breakfast   
8:00-9:20 a.m. 

Data Acquisition Methods 

How the data is forensically acquired is perhaps the most important step in the forensic process. Precautions against alteration of the original evidence and other issues will be discussed. Basic steps in data acquisition using one or two of the forensic software applications will be demonstrated.

9:20-9:35 a.m.  Break  
9:35-10:55 a.m. 

Cell Phone and Other Mobile Device Forensics 

Cell phones and other moble devices are everywhere and they are turning up in investigations on a regular basis. Learn what can be stored on these devices, how to extract it and use it to support your case. We will take a closer look at tools and techniques specific to analyzing these and other storage devices.

10:55-11:10 a.m.  Break  
11:10 a.m.-12:30 p.m. 

Search Strategies 

The average computer hard disk drive today is 100 gigabytes (and growing), which is the equivalent of 7-10 million printed pages. Due to the volume of data that may require examination, the creation of an effective and efficient search strategy requires a great deal of thought and planning. The examiner will need to construct a keyword search of names, terms, numbers, etc. that are relevant to the analysis. The selection of keywords that provide only the desired information is almost an art, and will be addressed in detail.

12:30-1:30 p.m.  Group Lunch  
1:30-2:50 p.m. 

Analysis Strategies 

There are significant artifacts on Windows-based computer systems that could be useful to the fraud examiner. Data from the Windows Registry, the Recycle Bin, file slack, the Windows paging file (or “swap” file) and other areas can provide critical evidence in an examination. In addition, files and folders that may have previously been deleted can be recovered with special forensic utilities. We will discuss all of these areas where important evidence may be hidden and how to extract it.

2:50-3:05 p.m.  Break  
3:05-4:25 p.m.  

Tracking Internet Activities & Tracing Email 

There may be a significant amount of information related to a user’s Internet activities that is captured by the operating system. Some of this information is saved in files that the normal user cannot view. However, there are special tools that can assist the fraud examiner in deciphering the Internet History. We will discuss the construction of the Internet History files and the valuable information that they can provide. Also, in many investigations there is a need to determine where an email message originated. How to trace emails back to the point of origin will be discussed in detail.

Event Cancellation Policy 

Our cancellation policy is intended to keep costs low for attendees. Due to financial obligations incurred by ACFE, Inc. you must cancel your registration prior to the start of the event. Cancellations received less than 14 calendar days prior to an event start date are subject to a $100 administrative fee. No refunds or credits will be given for cancellations received on or after the start date of the event. Those who do not cancel and do not attend are responsible for the full registration fee.

 

Satisfaction Guarantee 

ACFE seminars are unmatched in scope and effectiveness and backed by our unconditional satisfaction guarantee. If you attend an ACFE event and are not completely satisfied, please contact an ACFE Member Services Representative at MemberServices@ACFE.com or call (800) 245-3321 / +1 (512) 478-9000.

 

NASBA CPEThe Association of Certified Fraud Examiners, Inc. is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.learningmarket.org 
 

 

If you would like to begin receiving email notifications from the ACFE, please click here to subscribe.



Reviews
We welcome your reviews and feedback on ACFE Events, Training & Products. If you have questions or need assistance, please contact an ACFE Member Services Representative.

 

  You must be logged in to leave a review....

0 Comments

Add Comment

Text Only 2000 character limit

Page 1 of 1

Related Information

Calendar of Events