Computer Forensics Training - Advanced Digital Forensic Techniques by SecureIA

The dramatic increase in computer-related crime requires corporate security personnel and law enforcement agents to understand how to legally obtain electronic evidence stored in computers.

Electronic records such as computer network logs, e-mails, word processing files, and “.jpg” picture files increasingly provide the government and corporations with important (and sometimes essential) evidence in criminal and civil cases.

One of the purposes of this course is to provide law enforcement agents and corporate security personnel with systematic guidance that can help them understand some of the issues that arise when they seek electronic evidence in criminal and civil investigations.

Course Includes

3 DVD-ROMs featuring live instructor-led classroom sessions with full audio, video and demonstration components

Printable courseware

Exclusive LearningZone Live Mentor (Value at $295)

Help Whenever you need it! Exclusive LearningZone - Chat Live with our Certified Instructors anytime around the clock (7x24)

Focused on practical solutions to real-world development problems

Free 1 Year Upgrade Policy

Certificate of Completion

Instructor

Kenneth Mayer - Certified CEH Trainer (CCSI, MCT, CCNP, CCDA)
Ken Mayer is a Microsoft Certified Trainer as well as a Certified Ethical Hacker Trainer and Security consultant. He started his career in computer technology in 1980s. He has offered a wide variety of IT training and high level consulting projects for Fortune 500 companies across the United States and Western Europe. He has achieved the Certified Cisco Systems Instructor certification. The CCSI certification involved a two-day lab and observation event held on Cisco in Paris, France Facility. This gave Ken the accreditation to be able to deliver Cisco Authorized Courses as a CCSI. He has taught the full line of Cisco CCNA, CCDA, CCNP, CCDP and CCIP course curriculums, including Cisco's security appliances such as PIX and IDS.

Course Outline

Module 1 - Computer Forensic Investigative Theory
History of Digital Forensics
Digital Evidence
Three Main Aspects to Digital Evidence Reconstruction
“Attack” Guidelines for the Recovery of Digital Data
Classification
Reconstruction
Demo - TimeStomping
Behavioral evidence analysis (BEA)
Equivocal forensic analysis (EFA)
Victimology
Demo - Following the Clues from an Email Header
Important Questions Regarding the Victim's Cybertrail
Module 1 Review

Module 2 - Computer Forensic Laboratory Protocols
Overview
QA
SOP
Notes
Reports
Peer Review
Admin Review
Annual Review
Deviation
Lab Intake
Tracking
Storage
Discovery
Module 2 Review

Module 3 - Computer Forensic Processing Techniques
Goal of Digital Evidence Processing
Demo - Logical Review with FTK
Duplication
Documenting and Identifying
Disassembling the Device
Disconnecting the Device
Document the Boot Sequence
Removing and Attaching the Storage Device to Duplicated System
Circumstances Preventing the Removal of Storage Devices
Write Protection via Hardware/Software
Geometry of a Storage Device
Host Protected Area (HPA)
Tools for Duplicating Evidence to Examiner's Storage Device
EnCase for Windows Acquisition Tool
Demo - Hashing and Duplicating a Drive
Preparing Duplication for Evidence Examination
Recording the Logical Drive Structure
Using “Sandra” and “WinHex”
File Allocation Tables
Logical Processes
Known Files
Reference Lists
Verify that File Headers Match Extensions
Demo - Introduction to FTK
“Regular Expressions”
Demo - Using Regular Expressions
File Signatures
Demo - Hex Workshop Analysis of Graphic Files
Module 3 Review

Module 4 - Crypto and Password Recovery
Background
Demo - Stegonography
History
Concepts 1
Demo - Cracking a Windows Hashed Password
Concepts 2
File Protection
Options 1
Demo - Recovering Passwords from a Zip File
Options 2
Rainbow Tables
Demo - Brute Force/Dictionary Cracks with Lophtcrack
Demo - Password Cracking with Rainbow Tables
Module 4 Review

Module 5 - Specialized Artifact Recovery
Overview
Exam Preparation Stage
Windows File Date/Time Stamps
File Signatures
Image File Databases
Demo - Thumbs.DB
The Windows OS
Windows Operating Environment
Windows Registry
Windows Registry Hives 1
Demo - Registry Overview
Windows Registry Hives 2
Windows 98 Registry
Windows NT/2000/XP Registry
Windows Registry ID Numbers
Windows Alternate Data Streams
Demo - Alternate Data Streams
Windows Unique ID Numbers
Other ID’s
Historical Files 1
Demo - Real Index.dat
Historical Files 2
Demo - Review of Event Viewer
Historical Files 3
Demo - Historical Entries in the Registry
Historical Files 4
Windows Recycle Bin
Demo - INFO Files
Outlook E-Mail
Outlook 2k/Workgroup E-Mail
Outlook Express 4/5/6
Web E-Mail
Module 5 Review