Select regional store:
CFIP Forensic Investigation: Hands-On Training Course

CFIP Forensic Investigation - Hands-On Training Course

SKU: 2839
The CFIP training course and associated examination is a four day course, providing delegates with a practically-based understanding of the legalities, best practice, and methodologies used in the current computer forensic investigation environment. The course content covers seizure, evidence handling, and data preservation, through to investigation and interpretation, and finally to the reporting and presentation of findings.

How to Book:

Simply book online to receive your booking confirmation and full joining instructions within 48 hours. We accept purchase orders from local authorities, government departments and other public-sector organisations, and will consider account facilities for large corporate customers. See our payment options page for details.

Book today

Course Locations

Cambridge CB22
Price: $2,648.00
call to book via purchase order


On this 4-day practical computer forensics training course, gain an understanding of static computer forensics analysis by learning about forensic principles, evidence continuity, and methodology to employ when conducting a forensic investigation. Using practical case scenarios, you will be guided through the process of conducting a computer forensics investigation and will learn the principles surrounding the collection of evidence, together with the forensic tools associated with forensic analysis.

Delegates who successfully complete the exam included at the end of the training course will be awarded the Certified Forensic Investigation Practitioner (CFIP) qualification.

Who is this course suitable for?

Those responsible or eager to become responsible for computer forensic investigation, including:

  • Forensic and Network Investigators
  • IT Security Officers
  • Law Enforcement Officials

What does this course cover?

  • Understand how data is stored to electronic devices
  • Disk partitioning using MBR and GPT
  • File Systems, focusing on NTFS
  • How to employ and understand methods of data reduction
  • Understanding dates, times, and metadata
  • The empirical importance of the Windows registry
  • Determining if files have been opened and/or edited
  • Internet Explorer 10 web-browser history
  • Practical advice on the layout, content, and phrasing of forensic reports

Using practical scenarios based on Windows 7 artifacts with the latest disk technologies, you will learn the following:

  • The principles and guidelines for computer forensic investigations
  • The process of evidence seizure and continuity
  • The forensic acquisition of an electronic device
  • How data is stored on electronic media
  • The core functionality of forensic examination software
  • How to identify Windows based OS forensic artifacts

The course will also provide answers to many questions, including:

  • What skills and qualifications do I need to practice computer forensics?
  • How and where is data actually stored on a device?
  • What is the difference between forensic imaging and cloning?
  • Is keyword searching an effective way to identify data on a device?
  • How is hashing used in forensics?
  • What happens when a user deletes a file?
  • How can "Private" web-browsing work?
  • Can data be recovered after a 7 pass overwrite?
  • Is there a backdoor to passwords and encryption?
  • Who was using a computer on a particular occasion?
  • How can I identify if and when a user edited or accessed a file?

During the course, you will learn:

1. Introduction to Computer Forensics

a. Defining "Computer Forensics"

b. Defining "Forensic Investigations"

c. Exploring Legal Considerations

2. Investigation Principles and Strategy

a. ACPO Good Practice Guide

b. Investigation Fundamentals

c. Phases of an Investigation

3. Identification and Seizure

a. Identifying data storage

b. Exhibit Seizure and Handling

c. Understanding "Chain of Custody"

d. Considerations for Live and Mobile Devices

e. Investigation Scenarios

4. Forensic Acquisition

a. Physical Examination

b. Forensic Images and Clones

c. Hardware, Software, and Hashing

d. Conducting Forensic Imaging

e. Preview Examinations

f. Evidence Backups

5. Understanding Electronic Data

a. Bits and Bytes

b. Binary, Decimal, and Hexadecimal

c. Interpretation of data

d. Introduction to X-Ways Forensics

6. Physical and Logical Disks

a. Physical Disks, Partitions, and Logical Drives

b. Master Boot Records and Partition Tables

c. EFI and GPT

7. File Systems and Data Storage

a. Introduction to File Systems

b. Data Storage—Clusters

c. NTFS and the $MFT

d. File System Metadata

e. Live, Deleted, Unallocated data, and File Slack

8. Dates, Times, and Metadata

a. Dates and Times in an Investigation

b. File System Metadata

c. Credibility of Dates and Times

d. Embedded File Metadata

9. Forensic Analysis Techniques

a. Analysis Environments

b. Forensic Software and File Systems

c. File Signatures and Data Carving

d. Data Reduction and Hash Analysis

e. Keyword Searching

f. Can data be associated with an individual?

10. Windows Artifacts

a. The Windows Registry

b. Link Files

c. Internet Explorer History

d. Quick Reference

11. Forensic Challenges

a. Encryption and Passwords

b. Data Wiping

c. Malicious Activity

d. Cloud Services

12. Reporting

a. Purpose, Type, and Style

b. Typical Content

c. Defense Reports

d. Peer Review

Are there entry requirements?

  • Experience with Microsoft Windows
  • General appreciation of forensic principles, practices, and software desirable

What's included?

Our package includes refreshments and full course materials.

Although the course is non-residential, we offer help finding appropriate hotels close to the training venue. To take advantage of this offer, drop us an email after you book your course.

How to book?

There are three ways to book your course—either online, via fax, or telephone:

  • To book via telephone, just call us toll free on 1 817 317 3454 and we’ll take of the details.
  • To book via fax, download our booking form, complete it and fax to us on +44 (0) 1353 662667.
  • To book online, simply enter the number of delegates you wish to send into the “Quantity” and select the course date from the drop down menu and click “Order now.”

We can also accept purchase orders from local authorities, government departments, and other public sector organizations, and we will consider account facilities for large corporate customers. Follow this link to our payment options page for more information.

All bookings are subject to our terms and conditions.

Read what others have said about our training courses

Customer Reviews

(1# of Ratings:)
0 people found this comment helpful
0 did not
Was this comment helpful?
Question: What ever happened to all of those “supplemental” texts that were supposed to support original “ITIL 5”? Answer: They linger in the under-utilized, under-recognized back of beyond, and some of the deserver your time and attention. Take, for example, ITIL V3 Planning to Implement Service Management. This may be the “something” that so many IT professionals look for when they ask “HOW” do I implement the concepts and ideas in this ITIL schema? Written by many of the original authors of ITIL documents and then compiled by Colin Rudd, this book does a really good job of putting some of the beginning steps into perspective. Each section is organized cleanly and throughout there are highlighted “example” panels, describing concepts with brief, concrete examples that are immediately usable. But the best part is hiding in the back: Appendices include cookie-cutter plans for accomplishing things like Business Cases, Quality Initiatives and (gasp!) tool selection. Not pre-written blank form templates, but key elements that you could plug into your own RFPs, Business Case Templates, etc. To be sure, some of this may seem common sense, but it’s awfully nice to see it written and organized in a way it can be related to easily. I believe this would be a great resource for anyone about to lead an ITSM initiative, in particular management teams and consultants alike, though if I could level any criticism at all, it’s that I’d like to see that audience called out more directly – maybe a preface in the beginning specifying exactly who would benefit. Ultimately this was a great reminder that the ‘L’ in ITIL is Library, and maybe we should be digging around some of those bookshelves again to see what else we might have missed…
Showing comments 1-1 of 1
This website uses cookies. View our cookie policy