Examination: Computer Information Forensics Investigator
Examination Code: ICT-IFI-1
The letters in bold are the domain ID.
|
| A. Overview of Cybercrime |
A1. What is Cybercrime
A2. Ordinary Crime vs Cybercrime
A3. Brief history of Cybercrime
A4. Categorizing Cybercrime |
| B. Understanding Computer Forensics and Investigation |
B1. What is Computer Forensics
B2. Need for Computer Forensics
B3. The Role of Computer Forensics Investigator
B4. Corporate versus Law Enforcement Concerns
B5. Maintaining Professional Conduct |
| C. Preparing and Planning a Computer Investigation |
C1. Process of Computer Investigation
C2. Assessing the Case
C3. Planning Your Investigation
C4. Securing Your Evidence
C5. Analyzing Your Digital Evidence
C6. Report Your Investigation
C7. Evaluate Your Investigation |
| D. Managing Investigator's Office and Laboratory |
D1. Overview of Computer Forensic Laboratory Requirement
D2. Designing the layout of Computer Forensics Laboratory
D3. Managing Laboratory Security
D4. Setting Up Your Forensic Workstation |
| E. Overview of Computer Forensic Tools |
E1. Categoring Computer Forensic Tools
E2. Evaluating Your Computer Forensics Need
E3. Exploring Common Forensic tools
E4. Validating Computer Forensics Tools
E5. Building Your Forensic Boot Disk |
| F. Securing Computer System |
F1. Overview of Computer Security
F2. Understanding Authentication Mechanism
F3. Understanding common security components
F4. Understanding audit
F5. Methods of audit |
| G. Responding Computer Security Incidents |
G1. Importance of Incident Response
G2. Classifying Incidents
G3. Reporting Incidents
G4. Handling Incidents
G5. Organizing Security Incident Response Team
G6. Importance of First Responder
G7. Procedure of First Responder |
| H. Processing Crime and Incident Scenes |
H1. Processing Private-Sector Incident Scenes
H2. Processing Law Enforcement Crime Scenes
H3. Preparing Search and Seizure
H4. Securing a Computer Incident or Crime Scene
H5. Collecting Computer Evidence |
| I. Handling Computer Evidence |
I1. Identifying Computer Evidence
I2. Understanding Evidence Rules
I3. Cataloging Computer Evidence
I4. Storing Computer Evidence
I5. Evidence Admissibility in a Court Law |
| J. Overview of Disk Structure and Filesystem |
J1. Disk Drive Overview
J2. Disk Partition Overview
J3. Exploring FAT
J4. Exploring NTFS
J5. Exploring Unix/Linux Filesystem
J6. Exploring Filesystem of Macintosh
J7. Exploring Disk Structure CD and DVD
J8. Exploring the booting process of DOS, Windows, Unix/Linux and Macintosh |
| K. Acquiring Computer Evidence |
K1. Determining Order of Evidence Collection
K2. Data Acquisition Format
K3. Verifying Evidence File
K4. Acquiring Data on common workstations
K5. Acquiring Data on common servers
K6. Acquiring Data on PDAs and Handheld Computers
K7. Environmental Factor on Collecting Preserving |
| L. Extracting Evidence |
L1. Understanding Computer Forensic Analysis
L2. Performing a Computer Forensic Analysis
L3. Addressing Data Hiding Techniques
L4. Carving Data
L5. Understanding the Windows Recycle Bin |
| M. Recovering Graphical Image |
M1. Recognizing Graphical Image File
M2. Understanding Graphical Image File Formats
M3. Recovering Graphical Image File
M4. Steganography in Image File |
| N. Recovering Encrypted Data |
N1. Overview of Cryptographic
N2. Symmetric v.s. Asymmetric Encryption
N3. Common Encryption Practices and Implementation
N4. Understanding Strengths and Weaknesses of Encryption
N5. Recovering Password
N6. Handling Encrypted Data |
| O. Analyzing Logfile |
O1. Secure Audit Logging
O2. Setting Up Remote Logging
O3. Importance of Time Synchronization
O4. Log Analysis and Correlation
O5. Intrusion Detection Log |
| P. Investigating Network and Web Attack |
P1. Overview of Networking Models and Standards
P2. Exploring common Network Components
P3. Exploring common Network Application and Protocol
P4. Exploring TCP/IP and Internet
P5. Identify Network Attack
P6. Monitoring Network Traffic
P7. Identify Web Application Attack
P8. Investigating DoS Attacks
P9. Investigating Router Attacks
P10.Tracing back IP Address |
| Q. Investigating E-mail |
Q1. Exploring E-mail system
Q2. Identifying E-mail Crimes and Violations
Q3. Examinging E-mail Messages
Q4. Tracing an E-mail |
| R. Understanding Law |
R1. Overview of Computer and Crime
R2. Overview of Jurisdiction and Legal Process
R3. Overview of Internet Privacy Law and Privacy Policies |
| S. Writing Investigation Reports |
S1. Understanding the Importance of Reports
S2. Type of Reports
S3. Formal Report Format
S4. Writing the Report |
| T. Testifying in Court |
T1. Preparing trail
T2. Preparing Documentation and Evidence for Testimony
T3. Understanding trial process
T4. Understanding prosecutional misconduct
T5. Presenting Your Testimony
T6. Preparing for deposition
T7. Dealing with media
T8. Forming expert opinion |
Certification 
