Computer Forensics Training

Computer Forensics Training

Introduction:

Computer Forensics Training course with real world hands-on labs - Take your system-based forensic knowledge onto the wire. Incorporate network evidence into your investigations, provide better findings, and get the job done faster.

Forensic casework that does not include a network component is a rarity in todays environment. Performing disk forensics will always be a critical and foundational skill for this career, but overlooking the network component of today’s computing architecture is akin to ignoring security camera footage of a crime as it was committed. Whether you handle an intrusion incident, data theft case, or employee misuse scenario, the network often has an unparalleled view of the incident. Its evidence can provide the proof necessary to show intent, or even definitively prove that a crime actually occurred.

The rate of fraud, abuse and downright criminal activity on IT systems by hackers, contractors and even employees are reaching alarming rates. Corporate IT, Law Enforcement and Information Security Pros are often required to perform computer forensics duties on their jobs. In terms of job growth, nothing beats computer forensics as a career, and no one can beat ENOsecurity as the best place to learn from a computer forensics training expert.

Computer crime is here to stay. Computer Forensics Specialists are needed by today’s companies to determine the root cause of a hacker attack, collect evidence legally admissible in court, and protect corporate assets and reputation. The best way to become a forensics expert is to attend a training session with a computer forensics training expert.

Customize It:

With onsite Training, courses can be scheduled on a date that is convenient for you, and because they can be scheduled at your location, you don’t incur travel costs and students won’t be away from home. Onsite classes can also be tailored to meet your needs. You might shorten a 5-day class into a 3-day class, or combine portions of several related courses into a single course, or have the instructor vary the emphasis of topics depending on your staff’s and site’s requirements.

Audience/Target Group

• IT professionals involved with information system security, computer forensics, and incident response

Computer Forensics Training Related Courses:

Duration: 5 days

Skilled Gained:

• Firmly understand the provisions of IT law
• Learn complex technical concepts
• Successfully define evidence-handling procedures
• Functionally design and outline procedures related to incident response strategies
• Comprehend the general rules of evidence

Course Content:

The classroom training is typically highly structured and rigid; an intense week of instructor led, practical, hands-on training. Typically long days provide an intense week of submersion into computer forensic examination. Classroom training is led by experienced, practicing computer examiners who are CCFE certified. Instructor support begins at the classroom training and extends beyond the classroom session via email to assist students in fine tuning report writing skills. The training is sectioned into eight modules. The material is constantly being revised and is subject to change. The current modules consist of:

MODULE 1:

Course Introduction

Computer Forensics and Investigation as a Profession
Define computer forensics
Describe how to prepare for computer investigations and explain the difference between law enforcement agency and corporate investigations
Explain the importance of maintaining professional conduct
Digital Evidence - Legal Issues
Identifying Digital Evidence
Evidence Admissibility
Federal Rules of Evidence
Daubert Standard
Discovery
Warrants
What is Seizure?
Consent Issues
Expert Witness
Roles and responsibilities
Ethics: (ISC)2, AAFS, ISO

MODULE 2:

Investigations

Investigative Process
Chain of Custody
Incident Response
E-Discovery
Criminal v. Civil v. Administrative Investigations
Intellectual Property
Reporting
Quality Control
Lab and Tool
Investigator
Examination
Standards
Evidence Management
SOPs
Collection
Documentation
Preservation
Transport / Tracking
Storage / Access Control
Disposition
Current Computer Forensics Tools and Hardware
Commercial
Free / Open Source

MODULE 3:

DIGITAL FORENSICS

Forensic Science Fundamentals
•Principles and Methods
Locard's Principle, Inman-Rudin Paradigm, Scientific Method, Peer Review
Forensic Analysis Process
Hardware
Storage Media
Hard Disk Geometry, Solid State Drives, RAIDS
Operating System
Boot Process, BIOS/CMOS, The Swap File
File Systems
NTFS File System, FAT File System, HFS+, Ext2/3/4, Embedded
Erased vs. Deleted
Live Forensics

MODULE 4:

ANALYZING DATA

Hardware Forensics
Keyword Searching
Metadata
Time Line Analysis
Hash Analysis
File Signatures
File Filtering (KFF)
Volume Shadow Copies
Time Zone Issues
Link Files
Print Spool
Deleted Files
Recycle Bin Forensics
File Slack
Damaged Media
Physical Damage
Logical Damage
File Carving
Registry Forensics
USB Devices
HKLM
Multimedia Files
EXIF Data
Compound Files
Compression
Ole
ADS
Passwords
Web Application Forensics
Common Web Attack Vectors
SQL Injection
Cross-Site Scripting
Cookies
Browser Artifacts
Email Investigators
Email Headers
Email Files
Messaging Forensics
Database Forensics
Software Forensics
races and Application Debris
Software Analysis (Hashes, Code Comparison Techniques, etc.)
Malware Analysis
Malware Types and Behavior
Static vs. Dynamic Analysis

MODULE 5:

NETWORK FORENSICS

TCP/IP
IP Addressing -- Proxies -- Ports and services
Types of Attacks
Wired vs. Wireless
Network Devices Forensics
Routers,Firewalls,Examining Logs
Packet Analysis
OS Utilities
Netstat
Net sessions
Openfiles
Networking Monitoring Tools
SNORT
Wire shark
NetworkMiner

MODULE 6:

Anti-Forensics

Hiding
Encryption (Symmetric, Asymmetric, TrueCrypt Hidden Partitions)
Steganography
Packing
Hidden Devices (NAS)
Tunneling / Onion Routing
Destruction
Wiping/Overwriting
Corruption / Degaussing
Spoofing
Address Spoofing
Data Spoofing (Timestamping)
Log Tampering
Live Operating Systems

MODULE 7:

Mobile Devices

Types of Devices
GPS
Cell Phones
Tablets
Vendor and Carrier Identification
Obtaining Information from Cellular Provider
GSM vs. CDMA
SIM Cards
Common Tools
Methodology
Advanced Mobile Forensics (JTAG, chip-off)

MODULE 8:

New and Emerging Technology

Legal Issues (Privacy, Obtaining Warrants)
Social Networks Forensics
Types of Social Networks
Types of Evidence
Collecting Data
Virtualization
Virtualization Forensics
Use of Virtualization in Forensics
Cloud Forensics
Types of Cloud Services
Challenges of Cloud Forensics
Big Data
Control Systems and IoT

DAY 5: Wrap-Up
Morning Session is spent finishing up any loose ends, dealing with exam prep issues and review

Request More Information

Time Frame: 0-3 Months4-12 Months

No Comments Yet.

Leave a comment