EN - Self study - PECB Certified Lead Forensics Examiner
Master the Computer Forensics processes
What is included?
- You have 12 months time as of reception of the learning material to learn, do the exam and get your certification
- Certification and examination fees are included in the price of the training course.
-
Participants will receive the training course material containing over 450 pages of explanatory information, examples, best practices, exercises, and quizzes.
- An Attestation of Course Completion worth 31 CPD (Continuing Professional Development) credits will be issued to the participants who have attended the training course.
- If candidates fail the exam, they can retake it within 12 months following the initial attempt for free.
- + 20% reduction on the first year subscription for our all-in-one ISMS/GRC management solution
Why should you take this training course?
Lead Computer Forensics Examiner training enables you to acquire the necessary expertise to perform Computer Forensics processes in order to obtain complete and reliable digital evidence. During this training course, you will also gain a thorough understanding of Computer Forensics fundamentals, based on the best practices used to perform forensics evidence recovery and analytical techniques. This training course is focused on core skills required to collect and analyze data from Windows, Mac OS X, and Linux operating systems, and also from mobile devices.
After mastering all the necessary concepts of Computer Forensics processes, you can sit for the exam and apply for a “PECB Certified Lead Computer Forensics Examiner” credential. By holding a PECB Lead Computer Forensics Examiner Certificate, you will be able to prove that you have the expertise to lead advanced forensic investigations and conduct forensics analysis, reporting, and evidence acquisition.
Who should attend?
This training course is intended for:
- Computer Forensics specialists
- Computer Forensics consultants
- Cybersecurity professionals
- Cyber intelligence analysts
- Electronic data analysts
- Specialists in computer evidence recovery
- Professionals working or interested in law enforcement
- Professionals seeking to advance their knowledge in Computer Forensics analysis
- Information Security team members
- Information technology expert advisors
- Individuals responsible for examining media to extract and disclose data
- IT Specialists
Training course structure
Module 1: Incident Response and Computer Forensic Concepts
- Course objectives and structure
- Standards and regulatory frameworks
- Historical aspects of Digital Forensic
- Basic concepts and definitions in ISO 27037
- Overview of ISO 27037 standard
- Roles and responsibility of CLFE
- Computer Forensic Laboratory
Module 2: Prepare and Lead a Computer Forensic Investigation
- Technical fundamentals
- File System Forensic
- Common File Systems
- Common Operating Systems
- Forensic Acquisition
Module 3: Digital Artifacts Analysis and Management
- Digital artifacts: Identify, acquire, analyze and communicate
- Using open source forensic acquisition and analysis tools
- ISO/IEC 27037:2012
- Advanced Keywords searching with Regular Expression
Module 4: Case Presentation & Trial Simulation
- Decision-making of collection or acquisition of potential digital evidence
- Other Essential Digital Forensic Topics
- CLFE Professional Ethics
- Presenting Digital Forensic Findings
- Competence and evaluation of examiners
- Closing the training
Certification Exam
Learning objectives
After completing this training course, you will be able to:
- Understand the roles and responsibilities of the Lead Computer Forensics examiner during digital forensic investigation
- Understand the purpose of electronic media examination and its correlation with common standards and methodologies
- Comprehend the correct sequence of steps of a computer incident investigation and digital forensic operation
- Understand the common commercial and open source tools that may be used during incident investigation and digital forensic operations
- Acquire the necessary competencies to plan and execute a computer forensics operation and also implement and maintain a safety network to protect evidence
Examination
The “PECB Certified Lead Computer Forensics Examiner” exam fully meets the requirements of the PECB Examination and Certification Programme (ECP). The exam covers the following competency domains:
- Domain 1: Fundamental principles and concepts of Computer Forensics
- Domain 2: Best practices on Computer Forensics
- Domain 3: Digital forensics laboratory requirements
- Domain 4: Operating system and file system structures
- Domain 5: Mobile devices
- Domain 6: Computer crime investigation and forensics examination
- Domain 7: Maintaining chain of evidence
Duration: 3 hours
Location: Online through the PECB app OR in person in one of the PECB exam centers
Preparation: PECB Exam Preparation Guides
Language: The exam is available in multiple other languages and does not need to be taken in the same language as the training material. Additional time can be requested when your native language is not available in your mother tongue (to be requested by candidates on the exam day)
Retake: In case you fail the exam, you can retake it within 12 months following the initial attempt for free
For specific information about the exam type, languages available, and other details, please visit the List of PECB Exams and the Examination Rules and Policies.
Certification
After successfully completing the exam, you can apply for the credentials shown on the table below. You will receive a certificate once you comply with all the requirements related to the selected credential. For more information about Computer Forensics certifications and the PECB certification process, please refer to the Certification Rules and Policies.
The requirements for PECB Computer Forensics Examiner Certifications are:
Credential | Exam | Professional experience | CFMS project experience | Other requirements |
PECB Certified Provisional Forensics Examiner | PECB Certified Lead Forensics Examiner Exam or equivalent | None | None | Signing the PECB Code of Ethics |
PECB Certified Forensics Examiner | PECB Certified Lead Forensics Examiner Exam or equivalent | Two years: One year of field experience in computer forensics | Forensics activities totaling 200 hours | Signing the PECB code of ethics |
PECB Certified Lead Forensics Examiner | PECB Certified Lead Forensics Examiner Exam or equivalent | Five years: Two years of field experience in computer forensics | Forensics activities totaling 300 hours | Signing the PECB code of ethics |
To be considered valid, these computer forensics activities should follow best implementation practices and include the following:
- Conducting forensic investigation
- Post incident response activities
- Network management
- Computer forensics examination and analysis planning
- Analysis of file systems and digital media
- Forensics analysis of operating systems and networks
- Forensics analysis of computer and mobile devices
- Gathering digital evidence
Note: For more information about ISO/IEC 27005 certifications and the PECB Certification process, please refer to Certification Rules and Policies.
Contact us on [email protected] if you have other questions
Start for free now!
Streamline your GRC work using our all-in-one management solution and get access to our network of local specialists
Start for free now!
Streamline your GRC work using our all-in-one management solution and get access to our network of local specialists