• Our forensic utilities (provided with enrollment)
• DataSniffer (provided with enrollment)
• QuickView Plus (a viewing application)
• Norton Utilities
• Norton Ghost
• A good virus scanning utility. Norton's System Works contains Norton Utilities, Norton's Ghost and a good virus scanning utility. We would suggest purchasing System Works instead of purchasing each Norton utility separately. The cost will be less.

Can I use my Compaq computer for forensic examinations?
No, Compaq or Gateway computers do not make good general examination machines. They contain proprietary hardware and a BIOS that may not be compatible with other hardware and computers. However, a Compaq or Gateway computer is normally necessary to examine a computer of the same brand.

Can I use the Windows ME operating system on an examination machine?
You cannot easily create a bootable "real mode" DOS diskette with ME. Even after it is created, it has some controls and restrictions that WIN 98 real mode DOS does not have. We make some modifications to the IO.SYS file on the Windows 98 boot diskette to prevent Drive Space from loading compressed drives and to prevent some other some other operating system writes to the suspect drive. The ME version of DOS does not allow that level of control. Since some critical portions of a forensic examination are done at a "real mode" DOS level, Windows ME cannot be used. In fact, we recommend during our course that the student have one particular drive, or a number of drives, set aside and specially prepared as examination drive(s). You would need to do this if you were to start conducting forensic examinations.

It is relatively simple to purchase an additional hard drive and the full version of Windows 98. Install Windows 98 and your forensic utilities on the new hard drive and use that drive for your examination drive. The old drive with Windows ME can still be used for it's original purpose. We can assist in obtaining hard drives or Windows 98, if you need help.

Can I use a laptop computer for your course?
Yes, if you can attach a USB or firewire second hard disk drive in your computer to make a forensic copy and to complete the examination required in Module 5.

Can I use my office machine for your course?
Yes, if you have additional hard disk drives that are specifically set aside as examination drives and target drives. During the course we instruct you how to make a master examination drive and how to make and verify "forensically sterile" media. "Forensically sterile" media should be used for both your examination drive (the drive that holds your forensic utilities) and the target drive (the forensic copy of the original media).

Learning computer forensics sounds like a great idea. Will completing your course guarantee that I will get a job in the computer forensic examination field?
No, we will teach you the skills to become a good forensic examiner, but we cannot assure you that you will be able to obtain a position in the field. If you already have a position or are looking for a position in the computer field, our course will greatly enhance your skills and your potential marketability for advancing within your own company or for gaining a new position.

I want to start my own forensic examination business. Will this course help?
Yes, it will help, but it will not assure that the business will be successful. We will teach you the skills to become a good forensic examiner, however there are a number of factors that will affect your ability to find work. These are:

• Your training and education
• Your skills
• The need for forensic examinations in your area
• Your contacts with attorneys, private investigators, fraud investigators, etc.
• Your ability to market your skills and make contacts
• Your reputation

How does your course work?
We provide a detailed student handout for each module that covers the specific topics for that module. The student should study the module and discuss anything that he or she doesn't understand about the module with the instructor. Once the student feels that he or she has a reasonable grasp of the topics in the module, they should then do the practical exercises for the module. The practical exercises "teach" the technical issues and provide practice and understanding of the techniques involved. If any problems are encountered in understanding the technical issues or techniques, the instructor will provide as much help and information as necessary to complete the practical exercises. There is a detailed examination after each module.

How much interaction will I have with my instructor?
You will have as much interaction as it takes to learn each topic. Your instructor will explain any issues that are not clear to you in the student handout. Your instructor will guide you through the practical exercises and will provide as much help and information as necessary to complete the practical exercises. There is a detailed examination after each module that essentially covers all of the issues covered in the module. Your instructor will review the examination and explain and discuss any issues that are not clear on the examination. We, and your instructor, want you to learn the material and we will do whatever it takes to help you learn the material.

How much does the course cost?
The course fee is $2750 (US). We will accept a check, a purchase order, VISA/MasterCard and American Express for payment. Payment is required before any modules are started.

Can I make payments for the course?
Yes, we offer a "pay as you go" interest free program. If time payments are made, the course fee is $3000. The "pay as you go" payment plan is 3 installments of $1000.

The course is open for immediate enrollment. If you pay with a credit card, you could start today. If you have been thinking about starting our training, now is the time. Included in the course fee are the following utilities:

• Our Forensic Suite of 5 utilities: Wiper, Listdrv, Chksum, Freesecs and Diskdupe
• DataSniffer (http://www.data-sniffer.com)
• The complete Passware Kit from http://www.lostpassword.com

How long does the course take?
Typically the course takes about 4 months to complete. The actual time to complete the course depends on the amount of time that the student commits to the course and how quickly the student can learn. The strength of our course is that it is self-paced. This is a superior learning method to any one or two week classroom training course. Our training method gives the student much more time to understand and "digest" the material and as much time as it takes to learn and practice the skills necessary to conduct forensic examinations. This also allows the student much more time to interact with his or her coach. Since the course is self-paced, it allows you to proceed to the next topic when you have learned and understand the material, not when the time allotted for a particular block of instruction is over. It also allows for interruptions caused by work or family and doesn't require 100% of your time while taking the course.

Do you offer a certification?
Yes, the Certified Computer Examiner (CCE)^® is available through the International Society of Forensic Computer Examiners (www.isfce.com). Completing our course will give you the skills to be a good forensic examiner and more than enough skills to successfully complete the CCE certification.

It should be noted that any certification alone is normally not enough to get someone accepted as an expert witness in court. A combination of knowledge, training, experience and certification will probably be necessary to get you recognized in court as a computer forensic expert. We are listed in the DOD Central Contractor Registration (CCR) at www.ccr2000.com and have been authorized for training military and DOD personnel. Our Duns number is 005809871.

We have been approved by the state of Colorado Department of Labor and Employment for the WIA Eligibility System for retraining displaced technical workers. If you live in Colorado and have been laid off from a technical computer position, the State of Colorado will pay our complete tuition fee to retrain you.

I live outside the United States. Can I take your course?
Yes, you can. Our course was designed for distance learning and is working very well. We have students from as far away as South America, Canada, Hong Kong and Singapore.

Who are your instructors?
Our instructors are all certified, qualified forensic examiners who currently conduct forensic examinations.

Why is this course better than the Encase training or the Access Data training?
There are a number of reasons why our training is better. We teach the basic methodologies for conducting sound forensic examinations. The other courses teach you how to use their software to conduct forensic examinations. Using these software "suites", the examiner does not need to know very much about the methodology necessary to conduct a forensic examination, the operating system and what the software is actually doing.

We believe that it is extremely important that a forensic computer examiner knows the underlying methodologies, operating system theory and the principles of what the automated software is doing when it "examines" a drive. Once the fundamentals are understood by the student, the "tool" that is used to conduct the examination is far less important than the process and methodology used to conduct the examination.

Remember, it is you the examiner who must qualify as an expert witness and testify in court, not the software "suite" that you may use. Simply stating that you used this software "suite" or that software "suite" to recover the data, is not going to work for very long, if at all. Sooner or later you will be asked some hard technical questions. You should be able to answer them.

One strength of our course is that you learn at your own pace. You decide when you are ready to go to the next technical issue or topic. In all of the classroom courses, the structure is fairly rigid and the topics are covered in a certain period of time. If you don't understand one topic before they move on to the next topic, they will probably leave you behind. You may attend a week's training and learn very little, other than how to use their software's interface.

Another strength of our course is the quality of our instructors. All of our instructors are certified forensic computer examiners who are currently conducting forensic examinations. They are keeping abreast of changes in technology and techniques. Their instruction will reflect that. The staff and the instructors truly care about you and want you to learn the material.

What have your students said about your course?
There has been exceptionally good feedback from our students. Here's what our students say:

I have found your course to be very informative and interesting. I am a Certified Information System Security Professional (CISSP). The CISSP examinations I had to go through to get that certification was exhaustive and very detail-originated. Yet, I find that in your course, I still have a lot to learn about the basic set up of computer media. The addition of "coaches", experienced computer forensics practitioners that are actual performing everyday in that function, is extremely valuable to a learning student. I have found my "coach", Bill Long, to be helpful and available at all times. Keep up the good work.

Charles E. Olds, CISSP
Senior Systems Security Administrator

I have been a professional educator at the masters degree level and law school level, full time or part time, since 1983. I am impressed and extremely pleased with the course of study offered by the Computer Forensic Training Center. The content is challenging. The materials are professional. The program structure is excellent. I am especially impressed with the personal interest shown me by John Mellon and my assigned instructor. In terms of educational excellence, the computer forensics training offered by the Computer Forensic Training Center is a real winner. I am truly happy to have been accepted into the program.

Gary Amos
Attorney