Invito a partecipare ( io ci sarò)
Summary:
This course will provide participants the necessary skills to identify an intruders footprints and to properly gather the necessary evidence to prosecute in the court of law.
Course Offered By:
New Horizons Computer Learning Centers
301 East Vanderbilt Way, Suite 250
San Bernardino, California 92408
Course Cost:
$2,895.00
Promotions:
Dice Learning users - take any SQL Server training course from New Horizons and receive a fully-licensed copy of SQL Server 2008 Standard Edition with 1 CAL License—FREE ($850 Value)! See http://www.newhorizons.com/FreeSQL2008.aspx for details.
Start Date - End Date:
07/12/2010 - 07/16/2010 (More dates) (More dates at this location)
Start Time - End Time:
8:00 am - 4:30 pm
Classroom Type:
Physical Classroom
Geographic Location:
San Bernardino, California 92408
Description:
Core Vendor Technology: EC Council
Content Category: Security
Objectives:
Lesson 1: Computer Forensics and Investigations as a Profession
Understanding Computer Forensics
Comparing Definitions of Computer Forensics
Exploring a Brief History of Computer Forensics
Developing Computer Forensics Resources
Preparing for Computing Investigations
Understanding Enforcement Agency Investigations
Und
Lesson 2: Understanding Computer Investigations
Preparing a Computer Investigation
Examining a Computer Crime
Examining a Company-Policy Violation
Taking a Systematic Approach
Assessing the Case
Planning Your Investigation
Securing Your Evidence
Understanding Data-Recovery Workstations and Software
Set
Lesson 3: Working with Windows and DOS Systems
Understanding File Systems
Understanding the Boot Sequence
Examining Registry Data
Disk Drive Overview
Exploring Microsoft File Structures
Disk Partition Concerns
Boot Partition Concerns
Examining FAT Disks
Examining NTFS Disks
NTFS System Files
NTFS Attr
Lesson 4: Macintosh and Linux Boot Processes and Disk Structures
Understanding the Macintosh File Structure
Understanding Volumes
Exploring Macintosh Boot Tasks
Examining UNIX and Linux Disk Structures
UNIX and Linux Overview
Understanding modes
Understanding UNIX and Linux Boot Processes
Understanding Linux Loader
UNI
Lesson 5: The Investigators Office and Laboratory
Understanding Forensic Lab Certification Requirements
Identifying Duties of the Lab Manager and Staff
Balancing Costs and Needs
Acquiring Certification and Training
Determining the Physical Layout of a Computer Forensics Lab
Identifying Lab Security Needs
Lesson 6: Current Computer Forensics Tools
Evaluating Your Computer Forensics Software Needs
Using National Institute of Standards and Technology (NIST) Tools
Using National Institute of Justice (NU) Methods
Validating Computer Forensics Tools
Using Command-Line Forensics Tools
Exploring NTI Tools
Lesson 7: Digital Evidence Controls
Identifying Digital Evidence
Understanding Evidence Rules
Securing Digital Evidence at an Incident Scene
Cataloging Digital Evidence
Lab Evidence Considerations
Processing and Handling Digital Evidence
Storing Digital Evidence
Evidence Retention and Media
Lesson 8: Processing Crime and Incident Scenes
Processing Private-Sector Incident Scenes
Processing Law Enforcement Crime Scenes
Understanding Concepts and Terms Used in Warrants
Preparing for a Search
Identifying the Nature of the Case
Identifying the Type of Computing System
Determining Whether You
Lesson 9: Data Acquisition
Determining the Best Acquisition Method
Planning Data Recovery Contingencies
Using MS-DOS Acquisition Tools
Understanding How DriveSpy Accesses Sector Ranges
Data Preservation Commands
Using DriveSpy Data Manipulation Commands
Using Windows Acquisition To
Lesson 10: Computer Forensic Analysis
Understanding Computer Forensic Analysis
Refining the Investigation Plan
Using DriveSpy to Analyze Computer Data
DriveSpy Command Switches
DriveSpy Keyword Searching
DriveSpy Scripts
DriveSpy Data-Integrity Tools
DriveSpy Residual Data Collection Tools
Ot
Lesson 11: E-mail Investigations
Understanding Internet Fundamentals
Understanding Internet Protocols
Exploring the Roles of the Client and Server in E-mail
Investigating E-mail Crimes and Violations
Identifying E-mail Crimes and Violations
Examining E-mail Messages
Copying an E-mail Mes
Lesson 12: Recovering Image Files
Recognizing an Image File
Understanding Bitmap and Raster Images
Understanding Vector Images
Metafle Graphics
Understanding Image File Formats
Understanding Data Compression
Reviewing Lossless and Lossy Compression
Locating and Recovering Image Files
Iden
Lesson 13: Writing Investigation Reports
Understanding the Importance of Reports
Limiting the Report to Specifics
Types of Reports
Expressing an Opinion
Designing the Layout and Presentation
Litigation Support Reports versus Technical Reports
Writing Clearly
Providing Supporting Material
Formatt
Lesson 14: Becoming an Expert Witness
Comparing Technical and Scientific Testimony
Preparing for Testimony
Documenting and Preparing Evidence
Keeping Consistent Work Habits
Processing Evidence
Serving as a Consulting Expert or an Expert Witness
Creating and Maintaining Your CV
Preparing Techn
Lesson 15: Computer Security Incident Response Team
Incident Response Team
Incident Reporting Process
Low-level incidents
Mid-level incidents
High-level incidents
What is a Computer Security Incident Response Team (CSIRT)?
Why would an organization need a CSIRT?
What types of CSIRTs exist?
Other Response T
Lesson 16: Logfile Analysis
Secure Audit Logging
Audit Events
Syslog
Message File
Setting Up Remote Logging
Linux Process Tracking
Windows Logging
Remote Logging in Windows
ntsyslog
Application Logging
Extended Logging
Monitoring for Intrusion and Security Events
Importance of Time
Lesson 17: Recovering Deleted Files
The Windows Recycle Bin
Digital evidence
Recycle Hidden Folder
How do I undelete a file?
e2undel
O&O UnErase
Restorer2000
BadCopy Pro
File Scavenger
Mycroft v3
PC ParaChute
Search and Recover
Stellar Phoenix Ext2,Ext3
Zero Assumption Digital Image Recover
Lesson 18: Application Password Crackers
Advanced Office XP Password Recovery
AOXPPR
Accent Keyword Extractor
Advanced PDF Password Recovery
APDFPR
Distributed Network Attack
Windows XP / 2000 / NT Key
Passware Kit
How to Bypass BIOS Passwords
BIOS Password Crackers
Removing the CMOS Battery
Def
Lesson 19: Investigating E-Mail Crimes
E-mail Crimes
Sending Fakemail
Sending E-mail using Telnet
Tracing an e-mail
Mail Headers
Reading Email Headers
Tracing Back
Tracing Back Web Based E-mail
Microsoft Outlook Mail
Pst File Location
Tool: R-Mail
Tool: FinaleMail
Searching E-mail Addresses
E-
Lesson 20: Investigating Web Attacks
How to Tell an Attack is in Progress
What to Do When You Are Under Attack?
Conducting the Investigation
Attempted Break-in
Step 1: Identifing the System(s)
Step 2: Traffic between source and destination
How to detect attacks on your server?
Investigating
Lesson 21: Investigating Network Traffic
Network Intrusions and Attacks
Direct vs. Distributed Attacks
Automated Attacks
Accidental Attacks
Address Spoofing
IP Spoofing
ARP Spoofing
DNS Spoofing
Preventing IP Spoofing
Preventing ARP Spoofing
Preventing DNS Spoofing
VisualZone
DShield
Forensic To
Lesson 22: Investigating Router Attacks
DoS Attacks
Investigating DoS Attacks
Investigating Router Attacks
Lesson 23: The Computer Forensics Process
Evidence Seizure Methodology
Before the Investigation
Document Everything
Confiscation of Computer Equipment
Lesson 24: Data Duplication
Tool: R-Drive Image
Tool: DriveLook
Tool: DiskExplorer for NTFS
Lesson 25: Windows Forensics
Gathering Evidence in Windows
Collecting Data from Memory
Collecting Evidence
Memory Dump
Manual Memory Dump (Windows 2000)
Manual Memory Dump (Windows XP)
PMDump
Windows Registry
Registry Data
Regmon utility
Forensic Tool: InCntrl5
Backing Up of the enti
Lesson 26: Linux Forensics
Performing Memory Dump on Unix Systems
Viewing Hidden Files
Executing Process
Create a Linux Forensic Toolkit
Collect Volatile Data Prior to Forensic Duplication
Executing a Trusted Shell
Determining Who is logged on to the System
Determining the Running
Lesson 27: Investigating PDA
Parabens PDA Seizure
Lesson 28: Enforcement Law and Prosecution
Freedom of Information Act
Reporting Security Breaches to Law Enforcement
National Infrastructure Protection Center
Federal Computer Crimes and Laws
Federal Laws
The USA Patriot Act of 2001
Building the Cybercrime Case
How the FBI Investigates Computer Cr
Lesson 29: Investigating Trademark and Copyright Infringement
Trademarks
Trademark Eligibility
What is a service mark?
What is trade dress?
Internet domain name
Trademark Infringement
Conducting a Trademark Search
Using Internet to Search for Trademarks
Hiring a professional firm to conduct my trademark search
Trade
