| Computer Forensic and Cyber
Investigations Course |
eBusiness Process
Solutions
3140 Gold Camp Drive Suite 70
Rancho Cordova, CA 95670
916-852-2570
|
Get Your 'Certified Cyber-Crime Expert (C3E)'
Certification Now!!
Course Description
The time
for Computer Forensic and Cyber Investigations training is now.
High-profile cases of corporate malfeasance and increased attention paid to
cybercrime and cyberterrorism have elevated electronic evidence discovery to an
indispensable component of any organization’s security plan. This
intensive instructor led course is designed to give a solid foundation in the
theory and practice of essential computer forensic techniques.
This
course will help the incident response team be fully prepared to respond to many
types of crisis situations by providing hands-on training and a strong incident
response foundation. The frontline incident handler will be equipped with
the knowledge, tools, and hands-on experience needed to investigate and respond
effectively to computer crime and other incidents within the organization.
The
course will focus on the role of computer forensics and the methods used in the
investigation of computer crimes. The course explains the need for proper
investigation and illustrates the process of locating, handling, and processing
computer evidence. A detailed explanation of how to effectively manage a
forensics investigation and how to preserve and present evidence will be
covered.
Duration
4 Days
Prerequisites
Attendees
should be familiar with Windows-based computers.
Benefits
 | One-to-one
student equipment ratio
| The
information learned in class will have an immediate impact upon return to
work.
| Upon
successful completion of the course and after passing a practical and
written test the student will earn the Certified Cyber-Crime Expert (C3E)
certification. |
| |
Instructors
Our
instructors are Certified Information Systems Security Professionals (CISSP) and
have an average 15 years in the Security Industry (including Law Enforcement)
and have trained thousands of Fortune 100 and DoD / Government attendees each.
Who Should Attend
Anyone
involved in the security of Information Assets including: Information Security
Officers, Information Security Managers, Computer Crime Investigators, IT
Auditors, Consultants, Systems and Network Administrators, Law Enforcement
Investigators, lawyers, HR Managers, and others interested in information
security are welcome.
Fee
$1750
Customized Course Content
This
course can be presented on site at your facility and custom-tailored to fit the
needs of your organization. On-site courses provide flexibility for
attendees and cost savings to an organization in the form of reduced travel
expenses and multiple student discounts.
Topics
| Computer
Crime
| Basic
Forensic Principles
| General
Computing Principles
| Legal
Challenges
| Search
and Seizure of Computers
| Collection
of Evidence from a “Live” System
| Forensic
Imaging and Verification
| Data
Recovery and Analysis
| Investigative
Techniques
| Encryption
| Real
World Case Studies
| Cutting-Edge
Vendor Tools Used in Course
| Extensive
“Hands-On” Labs |
| | | | | | | | | | | |
Detailed Course Description
1. Computer Crime
| What
is a computer crime?
| Types
of evidence
| Why
collect evidence
| The
rules of evidence
| Locard’s
Exchange Principle
| Why
is computer forensics necessary?
| Computer
Forensics as part of an Incident Response Plan |
| | | | | |
2. Basic
Forensic Principles
| The
forensics objective
| The
principles of evidential integrity and continuity
| Chain
of Custody
| Computer
Forensics Methodology
| General
Evidence Processing Guidelines and Procedures |
| | | |
3. Legal
Challenges
| In-depth
exploration of legal challenges to forensics
| DoJ
Search and Seizure Manual in depth
| Privacy
issues
| Constitutional
protections
| Legal
statutes pertaining to computer seizure
| Steps
for obtaining a Warrant
| Electronic
Communication Privacy Act
| Pen /
Trap Statute
| Wiretap
Statute – Title III
| Specific
court references |
| | | | | | | | |
4. General
Computing Principles
| Types
of storage
| Hard
disks
| Review
of disk geometry
| Tables
and file structure
| Sectors
and clusters
| File
storage
| Unallocated
File Space
| Spool,
Temporary, and Swap Files
| Floppy
disks
| Allocated
vs. Unallocated space
| Deleted
files, File Slack
| Computer
memory and RAM Slack
| Bios
control
| Device
drivers
| Initialization
files
| The
Boot sequence
| General
overview of Networks |
| | | | | | | | | | | | | | | |
5. Search and
Seizure of Computers
| Preparation
for the raid
| Preparing
a Forensic Checklist
| To
seize or not to seize
| How
to handle a “live” computer
| Understanding
the boot sequence for forensic control
| What
to seize and where to look
| Photographing
and recording equipment layout
| Bagging,
tagging and removing equipment
| Storage
of seized equipment |
| | | | | | | |
6. Collection
of Evidence from a “Live” System
| Build
Forensic Response Toolkit
| Trusted
Source Files
| Built-in
Operating System Utilities
| Specialized
Windows tools
| Analysis
of Data
| Log
Analysis and Correlation
| File
Access Times
| Abnormal
Processes
| Reviewing
Relevant Files
| Unusual
of Hidden Files |
| | | | | | | | |
7. Forensic
Imaging & Verification
| Data
Recovery and Analysis
| Overview
of imaging systems
| Preparing
and verifying forensically sterile examination media
| DoD
Standard 5220.22-M
| Making
Bit Stream Image Duplications
| Storing
images
| Demonstration
of imaging using Image MASSter
| Restoring
image copies |
| | | | | | |
8. Data
Recovery and Analysis
| Overview
of analysis software
| Demonstration
of analysis techniques
| Keyword
searching
| Graphic
searching
| Producing,
viewing, and sorting file listings
| Extracting
files
| Undeleting
files
| Investigating
floppy disks
| Use
the Forensics Toolkit |
| | | | | | | |
9.
Investigative Techniques
| Theory
of Investigation
| Information
overload problem
| Maintaining
focus
| Technical
interviews
| Information
discovery
| Evaluating
evidence
| Totality
of the circumstances
| Knowing
when to stop
| Documenting
an investigation
| Record
keeping
| Presenting
evidence
| Report
and exhibit presentation
| Court
testimony |
| | | | | | | | | | | |
10.
Encryption
| Passwords
| Using
PGP
| Software
security devices
| Cracking
password protected files
| Steganography |
| | | |
Real World Case
Studies
| Theft
of Intellectual Property
| Embezzlement
| Employment
disputes
| Destruction
/ alteration of data
| E-mail
misuse |
| | | |
Extensive
Hands-On Labs
| Preparing
Forensically Sterile Media
| Recovering
Data from Unallocated Space
| Building
a Forensic Workstation Toolkit
| Recovering
Data from a “Live System”
| Using
a Hex Editor to Recover Data
| Recovering
Data from Unallocated Space
| Recovering
Data from Formatted Disks
| Using
Quick View Plus to view files
| Using
MD5 Checksums to insure Data Integrity
| Perform
Forensic Analysis on Floppy Discs
| Perform
Forensic Analysis on Hard Drives
| Unlocking
Password Protected Files
| Produce
a Technically Correct Forensic Report |
| | | | | | | | | | | |
| 
