California Criminalistics Institute
This 40-hour course is designed to provide investigators with the necessary training, skills, knowledge, and practical experience in using one of the more advanced tools developed for computer forensics. Students will conduct analyses of three separate investigations and learn to conduct a proper triage of digital evidence;interpret various artifacts created by the Windows operating system, including advanced subjects such as Windows event logs, the USN Journal, and Volume Shadow Copies; use hash sets to exclude or target specific files for analysis; understand and analyze whole disk encryption using Bitlocker; conduct analyses of Internet artifacts, including chat and email,and external storage devices; conduct searches of digital evidence using indexes and different types of search expressions,such as GREP, Boolean, and date filtering, and create reports of findings based on objective analyses
Instruction will be provided and include practical exercises and real-life simulations in the use of EnCase® Forensic version 7 (EnCase v7). Participants will be provided with an understanding of the proper handling of digital evidence. Due to lab setup requirements, this class will be held at The Department of Justice, 11181 Sun Center Drive, Rancho Cordova.
Upon completion of this course, students will understand the functions and capabilities of various forensic tools. They will receive training and practice using the tool to conduct forensic investigations. The training will include how to properly triage digital evidence, conduct a comprehensive analysis, and prepare written documentation of findings.
Students must attend the Basic Data Collection and Computer Digital Evidence Recovery, before attending this course.
No cost to POST supported or State of California based Law Enforcement agencies. A $600.00 tuition fee will be required of all other public agency, private sector, or out-of-state applicants.