System Forensics, Investigation
& Response: 3-Day Combined Course: Chicago,
IL
Location: 1 East Jackson (State and Jackson)
This course provides students with the knowledge and skills necessary
to begin a computer based investigation. Using common and accepted
Incident Response Policies and Procedures for previewing, securing
and preserving digital evidence at a network crime scene, students
will get a strong understanding of how best practice procedures
will enable "acquisition" of digital content in an accepted
and proven format.
Students will also explore methods in a lab environment of Computer
Hacking, Trends and Threats, Disk Imaging and Forensic Analysis
of Trace Evidence - specifically, students will learn Investigative
Procedures, Forensic Theory and acceptable evidence in a court
of law. A strong emphasis will be on definitive plans to respond
to an incident and industry accepted processes. Students will
walk away from the course with a strong understanding of how to
develop and deploy an Incident Response plan, what to look for
when analyzing log files, and an ability to perform bit-map deconstruction.
*The hands-on intensive course, intended for
newly assigned First Responders to computer crime scenes and Computer
Forensic Investigations, and anyone performing activities that
have the potential to require seized digital media and managing
an Incident Response initiative.
*Please note
the maximum headcount of this class is 30 students and will be
taught with two instructors.
DAY 1
Introduction to Computer Hacking
| - |
Information Gathering Techniques |
| - |
Computer Hacking methodologies |
| - |
Expert led lecture on the history of Forensic Analysis |
| - |
Ethical viewpoints on Security Practices and the enterprise
|
| - |
Trends of the Hacker and relevant, real world Threats to
the enterprise |
Industry Standards on Strong Security Practices
for the enterprise
| - |
Understanding Techniques employed by internal and external
attackers |
| - |
Developing and Designing a Best Practices model based on
Industry |
| |
Standards for an enterprise-wide Windows environment
|
| - |
Developing and Designing a Best practices model based on
Industry |
| |
Standards for an enterprise-wide Unix environment
|
Recognizing the elements of an attack
| - |
Employing and analyzing Techniques to Identify Attacks |
| - |
Understanding TCP/IP |
| - |
Key points of interest to look for when performing Packet
Analysis inspections. |
| - |
Analyzing log files and putting together the big picture
Log Analysis |
DAY 2
Review of Legal Issues pertaining to Incident Response
and Forensic Analysis in the Corporate Market Place
| - |
What is Network/Computer Crime and what are the courts accepting
as evidence. |
| - |
In depth, Lecture and Discussion on the theory of a forensic
analysis case and recent case law |
| - |
Determining the steps and process involved to preserve evidentiary
integrity |
| - |
Industry acceptable investigative procedures, processes
and methodologies for forensic analysis. |
Determining the damage of an Attack and whether
or not An Investigation is warranted
| - |
Where is the starting point for developing an incident response
plan? |
| - |
Developing, Designing and deploying an enterprise wide Incident
Response plan |
| - |
How to determine the steps involved in certain types of
a required response |
| - |
How to verify if an incident has taken place |
Incident Response Processes and Procedures
| - |
Conducting a hands on real response to an Incident |
| - |
Understanding Chain of custody and relevant issues |
| - |
Successful Backup of files and the issues that may arise
|
| - |
Defining an incident response Plan and implementation procedure
and what is needed |
| - |
Understanding what trace evidence can and cannot be left
behind |
Steps to take for System Recovery and the issues
involved with rebuilding a system
| - |
Disk Imaging and mirroring the system (Imaging the systems) |
Hands on Log file interpretation and review
| - |
Analyze various attacks and port scans |
DAY 3
Lecture and discussion on introducing the need for Computer
Forensics in the corporate Marketplace
| - |
Computer Forensics and it's applicability in an organizational
environment |
| - |
Conducting a live response on running systems |
Hands on Binary Analysis
| - |
Steps to analyzing an unknown binary (executable) found
on a system to understand what it is |
| - |
Determining if malicious activity penetration occurred and
seized a client |
| - |
Incident Response wrap-up (Practical) |
Registration Form
|