Computer Hacking Forensics Investigator (CHFI) San Bernardino, California 12/16 Luglio 2010

Invito a partecipare ( io ci sarò)

This course will provide participants the necessary skills to identify an intruders footprints and to properly gather the necessary evidence to prosecute in the court of law.
Course Offered By:
New Horizons Computer Learning Centers
301 East Vanderbilt Way, Suite 250
San Bernardino, California 92408

Course Cost:
Dice Learning users - take any SQL Server training course from New Horizons and receive a fully-licensed copy of SQL Server 2008 Standard Edition with 1 CAL License—FREE ($850 Value)! See for details.
Start Date - End Date:
07/12/2010 - 07/16/2010 (More dates) (More dates at this location)
Start Time - End Time:
8:00 am - 4:30 pm
Classroom Type:
Physical Classroom
Geographic Location:
San Bernardino, California 92408

Core Vendor Technology: EC Council
Content Category: Security

Lesson 1: Computer Forensics and Investigations as a Profession

Understanding Computer Forensics
Comparing Definitions of Computer Forensics
Exploring a Brief History of Computer Forensics
Developing Computer Forensics Resources
Preparing for Computing Investigations
Understanding Enforcement Agency Investigations

Lesson 2: Understanding Computer Investigations

Preparing a Computer Investigation
Examining a Computer Crime
Examining a Company-Policy Violation
Taking a Systematic Approach
Assessing the Case
Planning Your Investigation
Securing Your Evidence
Understanding Data-Recovery Workstations and Software

Lesson 3: Working with Windows and DOS Systems

Understanding File Systems
Understanding the Boot Sequence
Examining Registry Data
Disk Drive Overview
Exploring Microsoft File Structures
Disk Partition Concerns
Boot Partition Concerns
Examining FAT Disks
Examining NTFS Disks
NTFS System Files

Lesson 4: Macintosh and Linux Boot Processes and Disk Structures

Understanding the Macintosh File Structure
Understanding Volumes
Exploring Macintosh Boot Tasks
Examining UNIX and Linux Disk Structures
UNIX and Linux Overview
Understanding modes
Understanding UNIX and Linux Boot Processes
Understanding Linux Loader

Lesson 5: The Investigators Office and Laboratory

Understanding Forensic Lab Certification Requirements
Identifying Duties of the Lab Manager and Staff
Balancing Costs and Needs
Acquiring Certification and Training
Determining the Physical Layout of a Computer Forensics Lab
Identifying Lab Security Needs

Lesson 6: Current Computer Forensics Tools

Evaluating Your Computer Forensics Software Needs
Using National Institute of Standards and Technology (NIST) Tools
Using National Institute of Justice (NU) Methods
Validating Computer Forensics Tools
Using Command-Line Forensics Tools
Exploring NTI Tools

Lesson 7: Digital Evidence Controls

Identifying Digital Evidence
Understanding Evidence Rules
Securing Digital Evidence at an Incident Scene
Cataloging Digital Evidence
Lab Evidence Considerations
Processing and Handling Digital Evidence
Storing Digital Evidence
Evidence Retention and Media

Lesson 8: Processing Crime and Incident Scenes

Processing Private-Sector Incident Scenes
Processing Law Enforcement Crime Scenes
Understanding Concepts and Terms Used in Warrants
Preparing for a Search
Identifying the Nature of the Case
Identifying the Type of Computing System
Determining Whether You

Lesson 9: Data Acquisition

Determining the Best Acquisition Method
Planning Data Recovery Contingencies
Using MS-DOS Acquisition Tools
Understanding How DriveSpy Accesses Sector Ranges
Data Preservation Commands
Using DriveSpy Data Manipulation Commands
Using Windows Acquisition To

Lesson 10: Computer Forensic Analysis

Understanding Computer Forensic Analysis
Refining the Investigation Plan
Using DriveSpy to Analyze Computer Data
DriveSpy Command Switches
DriveSpy Keyword Searching
DriveSpy Scripts
DriveSpy Data-Integrity Tools
DriveSpy Residual Data Collection Tools

Lesson 11: E-mail Investigations

Understanding Internet Fundamentals
Understanding Internet Protocols
Exploring the Roles of the Client and Server in E-mail
Investigating E-mail Crimes and Violations
Identifying E-mail Crimes and Violations
Examining E-mail Messages
Copying an E-mail Mes

Lesson 12: Recovering Image Files

Recognizing an Image File
Understanding Bitmap and Raster Images
Understanding Vector Images
Metafle Graphics
Understanding Image File Formats
Understanding Data Compression
Reviewing Lossless and Lossy Compression
Locating and Recovering Image Files

Lesson 13: Writing Investigation Reports

Understanding the Importance of Reports
Limiting the Report to Specifics
Types of Reports
Expressing an Opinion
Designing the Layout and Presentation
Litigation Support Reports versus Technical Reports
Writing Clearly
Providing Supporting Material

Lesson 14: Becoming an Expert Witness

Comparing Technical and Scientific Testimony
Preparing for Testimony
Documenting and Preparing Evidence
Keeping Consistent Work Habits
Processing Evidence
Serving as a Consulting Expert or an Expert Witness
Creating and Maintaining Your CV
Preparing Techn

Lesson 15: Computer Security Incident Response Team

Incident Response Team
Incident Reporting Process
Low-level incidents
Mid-level incidents
High-level incidents
What is a Computer Security Incident Response Team (CSIRT)?
Why would an organization need a CSIRT?
What types of CSIRTs exist?
Other Response T

Lesson 16: Logfile Analysis

Secure Audit Logging
Audit Events
Message File
Setting Up Remote Logging
Linux Process Tracking
Windows Logging
Remote Logging in Windows
Application Logging
Extended Logging
Monitoring for Intrusion and Security Events
Importance of Time

Lesson 17: Recovering Deleted Files

The Windows Recycle Bin
Digital evidence
Recycle Hidden Folder
How do I undelete a file?
O&O UnErase
BadCopy Pro
File Scavenger
Mycroft v3
PC ParaChute
Search and Recover
Stellar Phoenix Ext2,Ext3
Zero Assumption Digital Image Recover

Lesson 18: Application Password Crackers

Advanced Office XP Password Recovery
Accent Keyword Extractor
Advanced PDF Password Recovery
Distributed Network Attack
Windows XP / 2000 / NT Key
Passware Kit
How to Bypass BIOS Passwords
BIOS Password Crackers
Removing the CMOS Battery

Lesson 19: Investigating E-Mail Crimes

E-mail Crimes
Sending Fakemail
Sending E-mail using Telnet
Tracing an e-mail
Mail Headers
Reading Email Headers
Tracing Back
Tracing Back Web Based E-mail
Microsoft Outlook Mail
Pst File Location
Tool: R-Mail
Tool: FinaleMail
Searching E-mail Addresses

Lesson 20: Investigating Web Attacks

How to Tell an Attack is in Progress
What to Do When You Are Under Attack?
Conducting the Investigation
Attempted Break-in
Step 1: Identifing the System(s)
Step 2: Traffic between source and destination
How to detect attacks on your server?

Lesson 21: Investigating Network Traffic

Network Intrusions and Attacks
Direct vs. Distributed Attacks
Automated Attacks
Accidental Attacks
Address Spoofing
IP Spoofing
ARP Spoofing
DNS Spoofing
Preventing IP Spoofing
Preventing ARP Spoofing
Preventing DNS Spoofing
Forensic To

Lesson 22: Investigating Router Attacks

DoS Attacks
Investigating DoS Attacks
Investigating Router Attacks

Lesson 23: The Computer Forensics Process

Evidence Seizure Methodology
Before the Investigation
Document Everything
Confiscation of Computer Equipment

Lesson 24: Data Duplication

Tool: R-Drive Image
Tool: DriveLook
Tool: DiskExplorer for NTFS

Lesson 25: Windows Forensics

Gathering Evidence in Windows
Collecting Data from Memory
Collecting Evidence
Memory Dump
Manual Memory Dump (Windows 2000)
Manual Memory Dump (Windows XP)
Windows Registry
Registry Data
Regmon utility
Forensic Tool: InCntrl5
Backing Up of the enti

Lesson 26: Linux Forensics

Performing Memory Dump on Unix Systems
Viewing Hidden Files
Executing Process
Create a Linux Forensic Toolkit
Collect Volatile Data Prior to Forensic Duplication
Executing a Trusted Shell
Determining Who is logged on to the System
Determining the Running

Lesson 27: Investigating PDA

Parabens PDA Seizure

Lesson 28: Enforcement Law and Prosecution

Freedom of Information Act
Reporting Security Breaches to Law Enforcement
National Infrastructure Protection Center
Federal Computer Crimes and Laws
Federal Laws
The USA Patriot Act of 2001
Building the Cybercrime Case
How the FBI Investigates Computer Cr

Lesson 29: Investigating Trademark and Copyright Infringement

Trademark Eligibility
What is a service mark?
What is trade dress?
Internet domain name
Trademark Infringement
Conducting a Trademark Search
Using Internet to Search for Trademarks
Hiring a professional firm to conduct my trademark search

Maxitruffa informatica: Pec false dalle banche, svuotati migliaia di conti correnti online.

Banda di cybercriminali sgominata tra Abruzzo e Calabria dai carabinieri del comando provinciale di Messina. I militari hanno arrestato 5 p...