Certification Practice Exams!
Home | News | Articles | Certifications | Quizzes | Practice Tests | Books | Training | FAQ | Freebies
GoCertify.com logo
TOOLBOX
Counselor
Cost Calculator

Certification Watch
Get the latest certification news by email!
First name:

Last name:

*Your email address:

* Enter this security code:

Our Other Sites
GoExam
Certification practice tests with free demos to download.

GoTraining
Get Training on what you need.

CertificationBooks
Find the certification book you're looking for.

SearchCertify
links, links and more certification links!

Cheap Web Tricks
No cost or low cost tools for the frugal Webmaster

The Certified Computer Examiner Certification - page 2

By Michael C. Gregg

Page 2 of 2    1 2

Part 1 - The Written Exam

The written exam is multiple choice. There are 75 questions and a 60-minute time limit. It covers a range of basic knowledge including:
  • Acquisition, marking, handing, and storage of evidence procedures
  • Chain of custody
  • Basic PC hardware construction and theory
  • Very basic networking theory
  • Basic data recovery techniques
  • Authenticating MS Word documents and accessing and interpreting metadata
  • Basic CDR recording processes and accessing data on CDR media
  • Basic password recovery techniques
  • Basic Internet issues
If you are A+, Network+, and Security + certified, possess good hardware troubleshooting skills, and have a basic understanding of the rules of forensics you can successfully pass the written portion of the exam. If it's been a while since you've dealt with these types of issues, you might consider reviewing Upgrading and Repairing PCs by Scott Mueller, The IACIS® Forensic Examination Procedures, and DOJ Computer Crime Procedures. Even if you breeze through this portion of the certification process, don't become overconfident. The written exam only represents one-forth of your grade. Three-fourths of your grade requires hands-on skills.

Part 2, 3, & 4 - Examination of Test Media

Once the written examination has been completed, you will be provided with the first test media. Your first challenge will be to examine and recover the information on a floppy disk. You will be expected to write a complete report on the examination of this disk. It's important to remember to take nothing for granted. You need to handle the media in a way that is forensically sound and that could be supported if you were called into a court of law. It's a good idea to purchase a cloth bound, page numbered notebook. Use this to record each step of the process, making sure to note the date and time of each action performed.

When you successfully complete the examination of the floppy disk, you'll be provided with a CD. This will raise the bar on the skills required to make a successful analysis. The CD will present you with several additional technical hurdles to overcome. Finally, you will be tasked with the examination of a hard drive. This will be the most technically challenging of the three.

How do Disk-Wiping Programs Operate?
These programs operate by overwriting all addressable locations on the disk. Some programs even make several passes to further decrease the possibility of data recovery. What they provide for the forensic analyst is a verifiably clean media. In the hands of the criminal, these programs offer the chance to destroy evidence. Some of the leading competitors in this field include WipeDrive by AccessData, KillDisk by Lsoft, and NTI (New Technologies Inc), which restricts the sale of its product to law enforcement or approved organizations.

Throughout the examination process, you may encounter deleted files, encrypted files, fragments of data, and other obscure artifacts. You will need to have a variety of tools at your disposal to be victorious. The most important of these tools is your brain. If you like puzzles and have some basic detective skills, you can be successful.

Tools of the Trade

There's a wide array of tools that are available for computer forensics. Some of these are rather expensive. The most well-known dedicated forensic software packages include Forensic Toolkit by AccessData and EnCase by Guidance Software. Fortunately, Access Data provides a demo version that will work for all three media examinations, however, you will still need other programs to complete the examination process. Most of these are not free and you'll need to budget for these if you are going to pursue a career in computer forensics. You would not want to explain to a judge or an attorney why you are using pirated or illegal versions of forensic software! This would lose the case and most likely, end your career in computer forensics. You will want to consider purchasing some of the following types of programs:

Final Thoughts

Historically, computer forensics was the exclusive domain of the police and law enforcement, however, corporations are increasingly becoming concerned with security and computer forensics. More than ever, companies are tasked with the examination of attempted hacking attacks and allegations of employee computer misuse. Mishandling of these concerns can cost companies millions. Companies must handle each in a legal and defensible manner. This requires trained employees that possess computer forensic skills. If you are looking to gain this type of knowledge, the CCE is one certification to consider.

Michael C. Gregg (CISSP, MCSE, MCT, CTT+, A+, Network+, Security+, MCP+I, CNA, CCNA, TICSA, CIW SA, CEH, CEI, and CCE) is a consultant, trainer, and author. He is a contributing author to Computer Forensics: Handling Evidence of Cybercrime. His consulting firm, Superior Solutions, Inc., is based in Houston, Texas. You can contact Michael at mikeg@thesolutionfirm.com.

Page 2 of 2    1 2





 
(c) copyright 1998-2008 Anventure.  All Rights Reserved.
contact us | advertise | privacy policy