PLANNING SHEET: DOWNLOAD THE DIGITAL FORENSICS CERTIFICATE PLANNING SHEET

This program was put together by industry professionals who actively conduct digital forensic analysis and are involved with providing training and consultation to law enforcement and corporate security personnel on a regular basis. Digital Forensics Committee Members

Digital forensics is an emerging discipline that focuses on the acquisition, recovery, documentation, and analysis of information contained within and created with computer systems and computing devices - typically in the interest of figuring out what happened, when it happened, how it happened, and who was involved. All evidence must be treated in a way that ensures the admissibility in a court of law or other legal/administrative proceeding, and the forensic analyst must have the skills to document and present evidence in an intelligible manner, understandable to the layperson.

Digital evidence is used everyday for civil, criminal, and administrative proceedings, and there is a shortage of qualified and competent digital forensic professionals. Many institutions are now offering training to help fill the need, with EdCC being one of the first in the State of Washington.

While earning your certificate, you'll learn how to properly acquire and collect evidence for use in criminal and civil proceedings, as well as administrative proceedings pertinent to violations of company policy. Rules of evidence and legal considerations will be covered as well.

This hands-on program is designed for any information technology professional that needs to acquire the skills to properly perform forensic analysis of computing devices and systems, analyze employee resource usage, or perhaps start their own digital forensics company. Students will learn a complete methodology on how to process cases from start to finish - not just how to be a user of automated software packages.

Skills will be emphasized that are often left out of other programs, such as methodologies to perform testing, verification, and assure the proper interpretation of evidence. With these skills you will be able successfully process cases involving situations and scenarios not covered in class. The legal aspects of acquiring and using digital evidence will be covered, with emphasis on what the digital forensics analyst needs to know to assure that any actions performed are within the letter of the law.

Upon completion of this certificate program, students may be qualified for jobs as Computer/Digital Forensic Examiners. Students who are already working in an information technology or information security related position will find their skill sets greatly enhanced. In addition, students will be afforded the opportunity to sit for the CyberSecurity Forensic Analyst (CSFA) Certification - a hands-on certification test developed by some of the same professionals that developed the program at EdCC.

Entry Requirements

This certificate begins at an advanced level and is designed for students already working in an information technology capacity - our goal is to leverage the experience and training you already have. Students MUST see a CIS faculty advisor for proper placement into this program. It is recommended that program candidates have a minimum of the A+, Network+, and Security+ certifications or equivalent experience and training before enrolling.

The Digital Forensics Certificate program consists of four courses:

Digital Forensics And The Law (CIS 201)

This course covers legal issues that InfoSec and digital forensics professionals should be well versed in. We will approach digital forensics as a science of acquiring, recovering, documenting, and analysis of information contained within and created with computer systems and computing devices so that evidence will be admissible in a court of law or other legal/administrative proceeding. This is a hybrid course (online and in-class) that will be held on Saturdays.

Course Topics Include:

Computer Forensic Protocols
Computer Forensics and Electronic Discovery
Depositions and Expert Testimony
Electronic Evidence in Litigation
Electronic Surveillance in Communications Networks
Evidence Retention, Preservation and Spoliation
Federal Rules of Evidence
Legislation Affecting the Information Security Professional
Privacy Issues
Searching and Seizing Computers - Search Warrant Issues
Security and Acceptable Use Policies
Standards For Handling Digital Evidence
The Electronic Communications Privacy Act
The Federal Court System


Digital Forensics I (CIS 272)

All participants of this course will be expected to agree to and sign a Code of Ethics and Conduct during the first class.

This course covers fundamental procedures and methodologies used for digital forensics, and consists of material that every digital forensic analyst must master. The student will be learning a methodology for processing cases involving digital evidence from start to finish.

Course Topics Include:

Active, Archival and Latent Data
Ethics
Case Management
Creating Understandable and Accurate Reports
Developing Your Verification Methodology
Documentation and Note Taking
Effective Keyword Searches
FAT 12/16/32 File Systems
File Header Formats
Forensic Imaging Methods
Forensic Software and Tools
Insurance/Liability Issues
Introduction To NTFS
Junk Science Attacks
Preparing to Testify
Marketing Yourself
Working As An Expert Witness

Digital Forensics II (CIS 273)

This course covers advanced digital forensic topics, such as the structure and layout of NTFS, the Windows Registry, INFO2 files, and Event Logs - among others. The student will be introduced to a process for conducting testing and verification, as well as re-creating specific computing environments. Preparation for the CyberSecurity Forensic Analyst (CSFA) certification will also be covered, and the student will be given the opportunity to take the CSFA test.

Note: While this class does not require a criminal background check to enroll, a criminal background check is required to take the CyberSecurity Forensics Analyst Certification. Taking the certification test is not required, and will not affect the outcome of the student's grade.

Course Topics Include:

Analysis Reports For Complex Cases
Case Studies
Data Hiding Techniques
Dealing with Encryption and Passwords
E-mail Analysis
Insurance/Liability Issues
Internet History Analysis
Log Analysis
Testing and Verification Methodology
Metadata
Network Forensics
NTFS
Managing a Computer Forensics Lab
Viruses and Malware
Windows Event Logs
Windows Registry

Introduction to Network Security (CIS 274)

This course will help students acquire a foundational knowledge of security topics that every information security professional must master, and will also cover the learning objectives for the CompTIA Security+ Certification examination. This certification is used as the foundation for advanced security certifications or career roles.

Students will gain a solid background on firewall architectures, intrusion detection systems, business security concerns, basic cryptography, and operational and organizational security. Analyzing and properly interpreting various log formats will be covered, with an emphasis on the skills needed in this area for the forensic examiner or person working on an incident response team.

Course Topics Include:

Administrative versus technical controls
Attacks and countermeasures
Authentication methods
Conducting vulnerability assessments
Creating a network security baseline
Digital forensics
Disaster recovery plans
DNS security
Email vulnerabilities and how to safeguard against them
Encryption types and implementation
Incident response
Information security terminology
Intrusion detection and prevention systems
Securing routers, switches, and firewalls
Security policies
Virtual Private Networks
Web server security
Wireless security mechanisms

Digital Forensics Committee Members

Clark Silliman J.D.
Attorney and Instructor, Edmonds Community College
Clark Silliman brings a broad legal background to Edmonds Community College where he is in his fourteenth year as an instructor in the Paralegal Program. He has been in private practice in the Puget Sound area since 1968, trying a broad range of civil and criminal cases in state and federal courts.

Clark's practice areas include intellectual property, family law, personal injury, workers compensation, estate planning and probate, administrative law, commercial transactions, corporations and partnerships, labor law, real estate, admiralty and maritime law.

Clark graduated with honors from the United States Naval Justice School, as well as the University of Washington School of Law. He possesses a Bachelor of Science in Mechanical Engineering, and is also a contributing author for the Washington Law Review.
James Haley
Detective/Forensic Examiner, Snohomish County Sheriff's Office Forensic Unit
James has more than 26 years of law enforcement experience in Snohomish County. He has worked in positions in Patrol, Crimes Against Children, White Collar Crime and Forgery.

James is currently assigned to the Computer Forensics Unit at the Snohomish County Sheriff's Office. He is certified in computer forensics by the International Association of Computer Investigative Specialists. James has examined computers in cases involving homicide, harassment, identity theft, threats, sex offenses, pornography and internal affairs.

James provides computer forensic support and training to the Sexual Assault Unit, Fraud and Forgery Unit, and Small City entities within Snohomish County. James has provided training to the Snohomish County Prosecutor's Office, Sheriff's Office and other local agencies in preservation and collection of computers and computer evidence. James is also a Certified Ethical Hacker (CEH).

John Wohlfert
Senior Systems Engineer, Microsoft Corporation
John is a Senior Engineer for ISA firewall deployments for Microsoft's Corporate IT group. Prior to Microsoft, John worked for Compaq Computer Corporation and provided Tier III consulting services for Microsoft Data Operations Center. John enjoys forensic investigation at the enterprise level.

John has owned and operated several computer related retail franchises as well as a software development company which have received global recognition for excellence in service and innovation including the IBM Presidential Award of Excellence for best computer reseller.

John has been in the computer industry for over 25 years, has worked in sales, as a consultant and Microsoft Certified Instructor. He holds MCP, MCSE, CyberSecurity Windows Forensics Essentials, National Security Agency IAM and IEM, Infrastructure Hacking, Novell, IBM as well as numerous manufacturer specific and other certifications.

Mike Andrew
EdCC Substitute Instructor, Vice President of and Forensic Analyst for CyberSecurity Institute
Mike has been an Information Technology professional for nine years, and has been conducting training and forensic analysis at CSI since 2003 for attorneys, various law enforcement agencies, and several colleges throughout the Pacific Northwest . He is certified by the National Security Agency in INFOSEC Assessment Methodology and is a CyberSecurity Institute Certified Instructor. Since joining CSI, Mike has been actively involved with developing and delivering training in digital forensics to members of city, state, and federal law enforcement agencies, as well as training military personnel to perform forensic analysis in the Mideast. He has performed work as a forensic analyst on cases at all levels - local, state, and federal.

Mike is currently a member of the Computer Information Systems Dept. Advisory Committee and Digital Forensics Committee at Edmonds Community College in Washington State. He is an officer and founding member of the Washington State chapter of HTCIA and is also a member of both the HTCC and the Institute of Computer Forensic Professionals. Mike is a CyberSecurity Forensic Analyst and Certified Ethical Hacker, and possesses certificates in Network Security and Micro-Computer Support. Mike recently had his paper entitled “Defining a Process Model for Forensic Analysis of Digital Devices and Storage Media” approved by the IEEE (Institute of Electrical and Electronics Engineers) for publication.

Reginald Chapman
Trooper Detective, Computer Crimes Unit, Washington State Patrol
Reggy is certified in computer forensics by the International Association of Computer Investigative Specialists. As an examiner in the Computer Crimes Unit (CCU) of the Washington State Patrol, he has examined computers in cases involving harassment, identity theft, homicide, threats, narcotics, sex offenses, computer intrusion, policy violations, money laundering, internal affairs and pornography.

He is currently assigned to a Federal Task force as computer forensic examiner where he examines computers for state, local and federal agencies. He is on the Board of Directors, Director of Training, for the Northwest Crime and Technology (NCT) group based in Oregon.

Reggy is also an instructor for the International Association of Computer Investigative Specialists (IACIS) yearly basic training conference, and is the Northwest Regional Coordinator for the Certified Forensic Computer Examiner testing process for IACIS. He is also a Certified Ethical Hacker (CEH).

Scott Matsudaira
Detective/Computer Forensic Examiner, Bellingham Police Department

Scott Matsudaira has been a Detective/Computer Forensic Examiner for the Bellingham Police Department since 1991 and is currently assigned to the Investigations Unit as a Major Crimes Detective and Computer Forensic Examiner. His current responsibilities include examining, analyzing, and securing electronic evidence with regards to investigations of criminal activity where a computer or other means of electronic data manipulation were used.

Aside from investigating criminal cases with the Bellingham Police Department, Scott has also assisted other Law Enforcement agencies with computer forensic assistance to include the Federal Bureau of Investigation (FBI), Immigrations and Customs Enforcement (ICE), Alcohol, Tobacco, Firearms and Explosives (ATF), National Center for Missing and Exploited Children (NCMEC), and other surrounding local Police and Sheriff agencies. Scott has performed over 100 computer forensic examinations as a Law Enforcement Officer and maintains certifications as a computer forensic examiner (CFCE), electronic evidence collection specialist (CEECS), seized computer evidence recovery specialist (SCERS), and Certified Ethical Hacker (CEH). He is also an instructor with The Internet and Your Child (IYC) organization.

Scott is a certification coach for the International Association of Computer Investigative Specialists where he both mentors and evaluates prospective candidates as they work towards their CFCE certification, and is also Vice President and founding member of the Washington State High Technology Crime Investigation Association.

Steve Hailey
EdCC Digital Forensics and Information Security Instructor, President/CEO of CyberSecurity Institute
Steve Hailey is an Information Technology veteran of twenty-four years, with seventeen years experience developing and delivering technical training. After ten years of experience with "data recovery" in both the public and private sectors, Steve began conducting forensic analysis professionally in 1997. He is a highly skilled expert witness and dynamic instructor, bringing to bear his combined skills in forensic analysis and computing technology. He currently instructs the information security and digital forensics curriculum at Edmonds Community College in Washington State, where he chairs the Digital Forensics Committee.

Steve has performed work and conducted training in the fields of computer networking, information security, and digital forensics for two Fortune 50 companies, several law firms, the federal government, various law enforcement agencies, and several colleges throughout the Pacific Northwest. He is actively involved with developing and delivering training in computer forensics to members of city, state, and federal law enforcement agencies, and was chosen to train military personnel to perform forensic analysis in the Mideast.

He has authored certification practice tests for several vendors and is also a Subject Matter Expert for CompTIA's Security+. Steve has processed digital forensic cases ranging from inappropriate resource use and network intrusions to cases involving identity theft, credit card fraud, child pornography and money laundering. He is creator of the CyberSecurity Institute Certified Instructor (CSICI)™ and CyberSecurity Forensic Analyst (CSFA)™ certifications, as well as the author of several computer forensics/forensic computing course books.

Steve is a Certified Information Systems Security Professional (CISSP), possesses a certificate in computer forensics from Oregon State University, and has over twenty technical certifications, including: Certified Ethical Hacker (CEH), A+ , Certified EC-Council Instructor, CIW Certified Trainer, CIW E-Commerce Designer, CIW Foundations, CIW Internetworking Professional, CIW Security Analyst, CIW Security Professional, CIW Server Administrator, CIW Site Designer, CIW Master Server Administrator, CIW Master Site Designer, Certified Personal Digital Assistant Examiner, Certified Technical Trainer, iNet+, Microsoft Certified Systems Engineer, Network+, Security+, Security Certified Network Professional.

Steve is an active participant in organizations devoted to the advancement of digital forensics and information security. He is the founder and President of the Washington State High Technology Crime Investigation Association, and is on the Board of Directors for the Institute of Computer Forensic Professionals. His other affiliations include The Agora, InfraGard, and the High Tech Crime Consortium. Steve has been featured on television, radio, and has authored several articles related to digital forensics and information security. An article he co-authored with the creator of the Certified Ethical Hacker course and certification can be found here: Catch cyber criminals by thinking like them