Skip to Main Content
This website uses cookies. View our cookie policy
United Kingdom
Select regional store:
Spend And Save! Receive A Free Corporate Gift Card Up To The Value Of £100 This December. Find Out How >>
CFIP Forensic Investigation: Hands-On Training Course

CFIP Forensic Investigation - Hands-On Training Course

SKU: 2839
The CFIP training course and associated examination is a four day course, providing delegates with a practically based understanding of the legalities, best practice and methodologies used in the current computer forensic investigation environment. The course content covers seizure, evidence handling and data preservation, through to investigation and interpretation and finally the reporting and presentation of findings.

How to Book:

Simply book online to receive your booking confirmation and full joining instructions within 48 hours. We accept purchase orders from local authorities, government departments and other public-sector organisations, and will consider account facilities for large corporate customers. See our payment options page for details.

Book today

Course Locations

Cambridge CB22
Price: £2,750.00
ex vat
call to book via purchase order


On this 4 day practical computer forensics training course, gain an understanding of static computer forensics analysis by learning about forensic principles, evidence continuity and methodology to employ when conducting a forensic investigation. Using practical case scenarios, you will be guided through the process of conducting a computer forensics investigation, and will learn the principles surrounding the collection of evidence, together with the forensic tools associated with forensic analysis.

Delegates who successfully complete the exam included at the end of the training course will be awarded the Certified Forensic Investigation Practitioner (CFIP) qualification.

Who is this course suitable for?

Those responsible or eager to become responsible for computer forensic investigation, including:

  • Forensic and Network Investigators
  • IT Security Officers
  • Law Enforcement Officials

What does this course cover?

  • Understand how data is stored to electronic devices
  • Disk partitioning using MBR and GPT
  • File Systems, focussing on NTFS
  • How to employ and understand methods of data reduction
  • Understanding dates, times and metadata
  • The evidential importance of the Windows registry
  • Determining if files have been opened and/or edited
  • Internet Explorer 10 web-browser history
  • Practical advice on the layout, content and phrasing of forensic reports

Using practical scenarios based on Windows 7 artefacts with the latest disk technologies, you will learn the following:

  • The principles and guidelines for computer forensic investigations
  • The process of evidence seizure and continuity
  • The forensic acquisition of an electronic device
  • How data is stored on electronic media
  • The core functionality of forensic examination software
  • How to identify Windows based OS forensic artefacts

The course will also provide answers to many questions including:

  • What skills and qualifications do I need to practice computer forensics?
  • How and where is data actually stored on a device?
  • What is the difference between forensic imaging and cloning?
  • Is keyword searching an effective way to identify data on a device?
  • How is hashing used in forensics?
  • What happens when a user deletes a file?
  • How can ‘Private’ web-browsing work?
  • Can data be recovered after a 7 pass overwrite?
  • Is there a backdoor to passwords and encryption?
  • Who was using a computer on a particular occasion?
  • How can I identify if and when a user edited or accessed a file?

During the course, you will learn:

1. Introduction to Computer Forensics

a. Defining ‘Computer Forensics’

b. Defining ‘Forensic Investigations’

c. Exploring Legal Considerations

2. Investigation Principles and Strategy

a. ACPO Good Practice Guide

b. Investigation Fundamentals

c. Phases of an Investigation

3. Identification and Seizure

a. Identifying data storage

b. Exhibit Seizure and Handling

c. Understanding ‘Chain of Custody’

d. Considerations for Live and Mobile Devices

e. Investigation Scenarios

4. Forensic Acquisition

a. Physical Examination

b. Forensic Images and Clones

c. Hardware, Software and Hashing

d. Conducting Forensic Imaging

e. Preview Examinations

f. Evidence Backups

5. Understanding Electronic Data

a. Bits and Bytes

b. Binary, Decimal and Hexadecimal

c. Interpretation of data

d. Introduction to X-Ways Forensics

6. Physical and Logical Disks

a. Physical Disks, Partitions and Logical Drives

b. Master Boot Records and Partition Tables

c. EFI and GPT

7. File Systems and Data Storage

a. Introduction to File Systems

b. Data Storage – Clusters

c. NTFS and the $MFT

d. File System Metadata

e. Live, Deleted, Unallocated data and File Slack

8. Dates, Times and Metadata

a. Dates and Times in an Investigation

b. File System Metadata

c. Credibility of Dates and Times

d. Embedded File Metadata

9. Forensic Analysis Techniques

a. Analysis Environments

b. Forensic Software and File Systems

c. File Signatures and Data Carving

d. Data Reduction and Hash Analysis

e. Keyword Searching

f. Can data be associated to an individual?

10. Windows Artefacts

a. The Windows Registry

b. Link Files

c. Internet Explorer History

d. Quick Reference

11. Forensic Challenges

a. Encryption and Passwords

b. Data Wiping

c. Malicious Activity

d. Cloud Services

12. Reporting

a. Purpose, Type and Style

b. Typical Content

c. Defence Reports

d. Peer Review

Are there entry requirements?

  • Experience with Microsoft Windows
  • General appreciation of forensic principles, practices and software desirable

What's included?

Our package includes refreshments, and full course materials.

Although the course is non-residential, we offer help finding appropriate hotels, close to the training venue. To take advantage of this offer, drop us an email after you book your course.

How to book?

There are three ways to book your course, either online, via fax, or telephone:

  • To book via telephone just call us on 0845 070 1750, and we’ll take of the details.
  • To book via fax download our booking form, complete it and fax to us on +44 (0) 1353 662667.
  • To book online simply enter the number of delegates you wish to send into the “Quantity” and select the course date from the drop down menu and click “Order now”.

We can also accept purchase orders from local authorities, government departments, and other public sector organisations and will consider account facilities for large corporate customers, follow this link to our payment options page for more information.

All bookings are subject to our terms and conditions.

Read what others have said about our training courses

Customer Reviews

(0.00)stars out of 5
# of Ratings: 0