Course Overview
TOPThis course teaches students how to recognize a hacker's tracks and uncover network-based evidence. The hands-on exercises include; Carving suspicious email attachments from packet captures, Using flow records to track intruders, Analyzing real-world wireless encryption-cracking attacks, Reconstructing a suspect's web surfing history, Uncovering NDS-tunneled traffic and Dissecting the Operation Aurora exploit.
Scheduled Classes
TOPWhat You'll Learn
TOPParticipants will do the following:
- Identify the role of computer forensics in responding to crimes and solving business challenges
- Examine system forensics issues, laws, and skills
- Examine the purpose and structure of a digital forensics lab
- Examine the evidence life cycle
- Procure evidence in physical and virtualized environments
- Examine the impact of sequestration on the evidence-gathering process
- Collect evidence in network and e-mail environments
- Examine automated digital forensic analysis
- Report investigative findings of potential evidentiary value
- Examine the constraints on digital forensic investigation
Outline
TOP
Viewing outline for:
Module 1: Introduction to the Field and Background
- Introduction to Forensics
- Overview of Computer Crimes
- Lab: Applying the Daubert Standard to Forensic Evidence
- Forensics Methods and Labs
- Trends and Future Directions
Module 2: Tools and Methods
- System Forensic Resources
- Lab: Documenting a Workstation Configuration Using Common Forensic Tools
- Collecting, Seizing, and Protective Evidence
- Lab: Uncovering New Digital Evidence Using Bootable Forensic Utilities
Module 3: Types of Forensics
- Email Forensics
- Lab: Analyzing Images to Identify Suspicious or Modified Files
- Windows Forensics
- Recognizing the Use of Steganography in Image Files
- Linux Forensics
- Lab: Automating Email Evidence Discovery Using P2 Commander
- Macintosh Forensics
- Mobile Forensics
- Lab: Decoding an FTP Protocol Session for Forensic Evidence
- Peforming Network Analysis
- Lab: Identifying and Documenting Evidence from a Forensic Investigation
- Incident and Intrusion Response
- Lab: Conducting an Incident Response Investigation for a Suspicious Login
Prerequisites
TOPBefore attending this course, students should have:
- Minimal experience in the IT field, specifically in IT security
- Understanding of networking concepts and best security practices
- CompTIA network+, Security+, EC-Council CEH certifications or hold equivalent experience and knowledge
Who Should Attend
TOPThis course is beneficial for:
- Police and Law Enforcement
- Military and D0D Personnel
- E-Business Security Professionals
- Network and System Administrators
- Legal Professionals
- Insurance Professionals
- Banking Professionals
- IT Managers
- Governement Agency Professionals