Leadership for the Field of Cyber Forensics

The evolving field of cyber forensics requires professionals who understand far more than just hard drive or intrusion analysis. The field requires CCFP professionals who demonstrate competence across a globally recognized common body of knowledge that includes established forensics disciplines as well as newer challenges, such as mobile forensics, cloud forensics, anti-forensics, and more.

The CCFP credential indicates expertise in forensics techniques and procedures, standards of practice, and legal and ethical principles to assure accurate, complete, and reliable digital evidence admissible in a court of law. It also indicates the ability to apply forensics to other information security disciplines, such as e-discovery, malware analysis, or incident response. In other words, the CCFP is an objective measure of excellence valued by courts and employers alike.

CCFP Course Overview

Led by an (ISC)² authorized instructor, this training seminar provides a comprehensive review of cyber forensic concepts and industry best practices, covering the 6 domains of the CCFP CBK:

  • Legal and Ethical Principles
  • Investigations
  • Forensic Science
  • Digital Forensics
  • Application Forensics
  • Hybrid and Emerging Technologies

The course is a combination of instructor lecture, hands-on lab exercises, instructor demonstrations and practicum exam with after-exam review. The course instructors are (ISC)²-qualified cyber forensics professionals from law enforcement, academia, government service, and the private sector. The lab exercises include computer forensics using commercial tools, network forensics and Internet forensics. Such areas as email, applications, forensic timeliners, social media and mobile devices will be addressed in addition to the traditional computer forensics examinations.  Outside of the laboratory exercises, students address legal and ethical considerations, the foundations of digital forensic science within the context of the forensic sciences, and emerging and hybrid technologies as they impact the digital forensic investigator.

This training course will help candidates review and refresh their cyber forensic knowledge and help identify areas they need to study for the CCFP exam and features:

  • Official (ISC)² courseware
  • Taught by an authorized (ISC)² instructor
  • Student handbook and laboratory handbook
  • Collaboration with classmates
  • Real-world learning activities and scenarios
  • Live, hands-on labs

Who should attend?

The course is intended for intermediate to advanced cyber forensics professionals who have at least three years of recent full-time digital or IT security experience in cyber forensics. The CCFP CBK defines the work experience as pertaining to cyber/digital forensics, legal investigation, or application forensics. It builds on and brings together the holistic view of the cyber forensics topics covered in the everyday environment of corporate, legal, law enforcement, and government occupations. Forensics experience is highly recommended for the successful completion of the course.

Examples of work experience may include:

  • Digital forensic examiners in law enforcement supporting criminal investigations
  • Cybercrime and cybersecurity professionals working in the public or private sectors
  • Computer forensic engineers and managers working in corporate information security
  • Digital forensic and e-discovery consultants focused on litigation support
  • Cyber intelligence analysts working for defense/intelligence agencies
  • Computer forensic consultants working for management or specialty consulting firms

Learning Objectives

 After completing this workshop, participants will be able to: 

  • Analyze the nature of evidence, chain of custody, rules of procedure, and the role of expert witness as they pertain to the legal and ethical principles, concepts, methodologies, and their implementation within centralized and decentralized environments across an organization's computing environment
  • Demonstrate an understanding of investigations as they relate to data communications in local area and wide area networks, remote access, and Internet/intranet/extranet configurations
  • Analyze fundamental principles, forensic methods, forensic analysis and examination planning, and evaluate report writing and presentations as they relate to forensic science, applying a broad spectrum of science and technologies to investigate and establish facts in relation to criminal or civil law
  • Analyze media and file systems, computer and operating systems, network, mobile devices, embedded devices, multimedia and content, virtual system forensics and the techniques and tools used in the collection of any digital evidence that can be defined as data or transmitted via electronic means
  • Apply software forensics to file formats and metadata; analyze web, email, and messaging forensics; and understand database forensics and malware forensics
  • Describe the developing technologies and the practice of applying comprehensive and rigorous methods for collecting evidence within the hybrid and emerging technologies of cloud forensics, social networks, the big data paradigm, controls systems, critical infrastructure, and online gaming and virtual/augmented reality