Real-World, Hands-On Computer Forensic Methods and Techniques Course Description The time for Computer Forensic and Cyber Investigations training is now. High-profile cases of corporate malfeasance and increased attention paid to cybercrime and cyberterrorism have elevated electronic evidence discovery to an indispensable component of any organization’s security plan. This intensive instructor led course is designed to give a solid foundation in the theory and practice of essential computer forensic techniques. This course will help the incident response team be fully prepared to respond to many types of crisis situations by providing hands-on training and a strong incident response foundation. The frontline incident handler will be equipped with the knowledge, tools, and hands-on experience needed to investigate and respond effectively to computer crime and other incidents within the organization. The course will focus on the role of computer forensics and the methods used in the investigation of computer crimes. The course explains the need for proper investigation and illustrates the process of locating, handling, and processing computer evidence. A detailed explanation of how to effectively manage a forensics investigation and how to preserve and present evidence will be covered. Instructors Our instructors are Certified Computer Examiners (CCE), Computer Hacking Forensic Investigators (CHFI), and Certified Information Systems Security Professionals (CISSP) and have an average 15 years in the Security Industry (including Law Enforcement) and have trained over three thousand Fortune 100 and DoD / Government attendees. Our instructors have attained the CCE certification and we have trained over
1/3 of the Individuals listed on the CCE website as having attained the CCE Certification. Duration
5 Days Prerequisites Attendees should be familiar with Windows-based computers. Benefits One-to-one student equipment ratio The information learned in class will have an immediate impact upon return to work. Upon successful completion of the course,
the student will be prepared to obtain certification in the Computer
Forensics field.
Who Should Attend Anyone involved in the security of Information Assets including: Information Security Officers, Information Security Managers, Computer Crime Investigators, IT Auditors, Consultants, Systems and Network Administrators, Law Enforcement Investigators, lawyers, HR Managers, and others interested in information security are welcome. Upcoming Schedule (call for future dates)
Detailed course location and hotel information will be provided in
confirmation letter.
| |
September 21 - 25, 2009 | Atlanta GA
*SOLD OUT* |
|
October 2009 | TBD |
|
| |
|
| |
|
Customized Course Content This course can be presented on site at your facility and custom-tailored to fit the needs of your organization. On-site courses provide flexibility for attendees and cost savings to an organization in the form of reduced travel expenses and multiple student discounts. Topics - Computer Crime
- Basic Forensic Principles
- General Computing Principles
- Legal Challenges
- Search and Seizure of Computers
- Collection of Evidence from a "Live" System
- Forensic Imaging and Verification
- Data Recovery and Analysis
- Investigative Techniques
- Encryption
- Real World Case Studies
- Cutting-Edge Vendor Tools Used in Course
- Extensive “Hands-On” Labs
Detailed Course Description 1. Computer Crime - What is a computer crime?
- Types of evidence
- Why collect evidence
- The rules of evidence
- Locard’s Exchange Principle
- Why is computer forensics necessary?
- Computer Forensics as part of an Incident Response Plan
2. Basic Forensic Principles - The forensics objective
- The principles of evidential integrity and continuity
- Chain of Custody
- Computer Forensics Methodology
- General Evidence Processing Guidelines and Procedures
3. Legal Challenges - In-depth exploration of legal challenges to forensics
- DoJ Search and Seizure Manual in depth
- Privacy issues
- Constitutional protections
- Legal statutes pertaining to computer seizure
- Steps for obtaining a Warrant
- Electronic Communication Privacy Act
- Pen / Trap Statute
- Wiretap Statute – Title III
- Specific court references
4. General Computing Principles - Types of storage
- Hard disks
- Review of disk geometry
- Tables and file structure
- Sectors and clusters
- File storage
- Unallocated File Space
- Spool, Temporary, and Swap Files
- Floppy disks
- Allocated vs. Unallocated space
- Deleted files, File Slack
- Computer memory and RAM Slack
- Bios control
- Device drivers
- Initialization files
- The Boot sequence
- General overview of Networks
5. Search and Seizure of Computers - Preparation for the raid
- Preparing a Forensic Checklist
- To seize or not to seize
- How to handle a “live” computer
- Understanding the boot sequence for forensic control
- What to seize and where to look
- Photographing and recording equipment layout
- Bagging, tagging and removing equipment
- Storage of seized equipment
6. Collection of Evidence from a “Live” System - Build Forensic Response Toolkit
- Trusted Source Files
- Built-in Operating System Utilities
- Specialized Windows tools
- Analysis of Data
- Log Analysis and Correlation
- File Access Times
- Abnormal Processes
- Reviewing Relevant Files
- Unusual of Hidden Files
7. Forensic Imaging & Verification - Data Recovery and Analysis
- Overview of imaging systems
- Preparing and verifying forensically sterile examination media
- DoD Standard 5220.22-M
- Making Bit Stream Image Duplications
- Storing images
- Demonstration of imaging using Image MASSter
- Restoring image copies
8. Data Recovery and Analysis - Overview of analysis software
- Demonstration of analysis techniques
- Keyword searching
- Graphic searching
- Producing, viewing, and sorting file listings
- Extracting files
- Undeleting files
- Investigating floppy disks
- Use the Forensics Toolkit
9. Investigative Techniques - Theory of Investigation
- Information overload problem
- Maintaining focus
- Technical interviews
- Information discovery
- Evaluating evidence
- Totality of the circumstances
- Knowing when to stop
- Documenting an investigation
- Record keeping
- Presenting evidence
- Report and exhibit presentation
- Court testimony
10. Encryption - Passwords
- Using PGP
- Software security devices
- Cracking password protected files
- Steganography
Real World Case Studies - Theft of Intellectual Property
- Embezzlement
- Employment disputes
- Destruction / alteration of data
- E-mail misuse
Extensive Hands-On Labs - Preparing Forensically Sterile Media
- Recovering Data from Unallocated Space
- Building a Forensic Workstation Toolkit
- Recovering Data from a “Live System”
- Using a Hex Editor to Recover Data
- Recovering Data from Unallocated Space
- Recovering Data from Formatted Disks
- Using Quick View Plus to view files
- Using MD5 Checksums to insure Data Integrity
- Perform Forensic Analysis on Floppy Discs
- Perform Forensic Analysis on Hard Drives
- Unlocking Password Protected Files
- Produce a Technically Correct Forensic Report
|