CFS: Data and Image Files

Computer Forensic Specialist Data and Image Files

Course Description CEH

Course Description

The Computer Forensic Series by EC-Council provides the knowledge and skills to identify, track, and prosecute the cyber-criminal. The series is comprised of five books covering a broad base of topics in Computer Hacking Forensic Investigation, designed to expose the reader to the process of detecting attacks and collecting evidence in a forensically sound manner with the intent to report crime and prevent future attacks. Learners are introduced to advanced techniques in computer investigation and analysis with interest in generating potential legal evidence. This and the other four books provide preparation to identify evidence in computer related crime and abuse cases as well as track the intrusive hacker's path through a client system. The series and accompanying labs help prepare the security student or professional to profile an intruder's footprint and gather all necessary information and evidence to support prosecution in a court of law.
Investigating data and image files provides a basic understanding of steganography, data acquisition and duplication, encase, how to recover the deleted files and partitions and image file forensics.



Learn about investigating data and image files From EC-Council's Computer Forensics Courseware

Who should Attend

This course will significantly benefit the security officers, auditors, security professionals, site administrators, and anyone who is concerned about the integrity of the network infrastructure.

  • Duration: 2 days (9:00AM – 5:00PM)
  • CPE/ECE Qualification: 2 ECE Credits awarded for attendance (1 for each 8 hour class day)
  • Program Cost: $750 USD
  • Supplement Cost (Courseware & Certificate exam Access): $75 USD
  • Bundle Price: $799 USD
  • Getting Started: Find Training Click HERE
  • Corporate Trainers interested in setting up internal company training programs, click here


About Us Icon


What’s included?

  • Physical Courseware
  • 1 year Access To EC-Council Student LMS for Practical Labs (if applicable), testing, and Certificate

Related Certificates:

  • Computer Forensic Specialist: Procedures & Response
  • Computer Forensic Specialist: Storage Device & Operating Systems
  • Computer Forensic Specialist: Network Intrusion & Cybercrime
  • Computer Forensic Specialist: Wireless Networks and Devices


Course Briefing

Sexual Harassment


Steganography, the art of hidden writing, has been in use for centuries. It involves embedding a hidden message in some transport or carrier medium, and has been used by mathematicians, military personnel, and scientists. They all engage themselves in changing the common language and transferring it through secret and hidden communication.
The objective of this chapter is to make you familiar with the concept of steganography. This chapter covers the various methods in which steganography can be applied either legally or illegally. It discusses the early history and evolution of steganography and highlights the various steganography tools that are used and the salient features of these tools as well.




Investigating Reports

Data Acquisition and Duplication

Data acquisition is an important step in the investigation process. The data collected from the victim’s system is presented as the evidence. So, the data should be kept with the investigator and produced in the court while the trial is going on. Sometimes instead of data acquisition, duplication of the data is the best way to collect the data. Duplicated data can also be presented at the court.

This chapter deals with data acquisition and data duplication process which are the important aspects of the forensic investigation. It also highlights the popular tools required during the data acquisition and data duplication process.    





Forensic Investigations Using EnCase

Encase is widely known and used tool in the forensics. It helps to collect and verify the evidences for the investigation process. This chapter covers the evidence files, verifying file integrity, configuring encase, searching, and bookmarks.
This chapter describes the complete process of forensic investigation using EnCase.




Recovering Deleted Files and
Deleted Partitions

During the investigation of the computer system, an investigator may come across a situation where the evidences of the crime are deleted from the system. In this case, an investigator should know how to recover the deleted files, which can be used as evidence. Deleted files and deleted partitions can be a good source of evidence which are useful to provide an important clue in the investigation.
This chapter covers the various methods in which a forensic investigator can recover the deleted files.  It deals primarily with understanding the basic concept of recovering the deleted files. The chapter also highlights the various data recovery tools and the salient features of these tools.




Windows Forensics

Image File Forensics

Image files are the key component in the investigation process.  Image files can be presented as evidence in the court. It is important to recover the image files from the attacked computer and preserve it. Image files are delicate and can be corrupted if it is not handled properly.
This chapter covers the various methods in which a forensic investigator can go about recovering the image files. This chapter mainly deals with understanding the basic concept of recovering the image files. This chapter also highlights the various image recovery, steganalysis, and viewing tools that are used in this process.