Advanced Linux Data Forensics with
Andrew Rosen: 4-Day Combined Course: Chicago,
IL
Corporate: $3,000
Law Enforcement & Gov't:
$2,000
Included with the Price of Training:
1-Single User license of SMART for Linux
Lifetime SMART for Linux Support
All course materials and use of a laptop for all labs and hands
on instruction
Whether you are involved in Data Forensics, Information Assurance,
Regulatory Compliance Monitoring (Sarbanes-Oxley), Information
Systems Security, Electronic Discovery or Data Recovery, this
course will provide you with the latest, most powerful tools and
techniques available to support your Forensic mission.
This Advanced Linux Data Forensics
Course is a hands-on intensive course, intended for anyone performing
activities that will require the acquisition of digital media
and content. Advanced Linux Data Forensics
will train you on how to perform audits and Forensic Investigations
using SMART for Linux. By learning the methodology, and the intellectual
process of Linux Data Forensics, the
student will be enabled to perform the practice of post-mortem
analysis, data acquisition across the enterprise, mounting images,
creating a case and processing the evidence while preserving the
integrity of the forensic process. Moreover, this course will
train you on the advanced conceptual understanding of using Linux
Data Forensics to capture all seized images and
perform process based analysis on all Windows, Linux, Macintosh
and UNIX systems. Linux Data Forensics
is platform independent and can collect forensic data on many
operating systems, file systems and storage-devices (please review
the included course Syllabus, below).
About the instructor - Andrew
Rosen:
Andrew Rosen, is considered by many to be the foremost expert
on Linux Data Forensics in the world.
Andrew recently served as the lead forensic investigator in the
Enron case, the largest data forensics investigation in history,
which allowed events to be set into motion that would profoundly
change the data forensic landscape forever.
Andrew will be partnering with Security Forensics, Inc.
to teach this Advanced Level, Linux Data Forensics course.
Andrew created Expert Witness and Expert Witness for Windows (now
sold under the name Encase, by Guidance Software). He founded
ASR Data and developed SMART for Linux, a revolutionary
concept, captured in a simplistic, forensic application. Andrew
has traveled extensively, speaking, training and testifying on
the procedures, processes and theories of forensic data acquisition
(please review attached curriculum vitae).
Andrew has developed a philosophy and methodology that thousands
of students from around the world agree is unique, effective,
engaging and delivers exceptional value. Understanding adult learning
dynamics, the needs and requirements of the students and the core
foundation of Linux Data Forensics allows Andrew
to deliver an overall experience that far exceeds traditional
classroom based instruction, more than simply providing technical
information or training on a specific tool or platform, Andrew’s
training embraces and addresses data forensics from a holistic
perspective.
About ASR Data
ASR Data has been conducting technology based and Data Forensics
Training for over a decade. ASR Data is the creator of SMART for
Linux, the market leader for Linux Data Forensics in the world.
SMART for Linux, has been used in some of the worlds most notable
forensic investigations and used by some of the worlds largest
organizations.
About Security Forensics, Inc.
Security Forensics, Inc. is a Chicago based Data Forensics Organization.
Our core service offerings revolve around electronic discovery,
forensic-analysis, benchmarking performance, enterprise message
tracking and monitoring and forensic analysis training. Security
Forensics’ methodology allows organizations to peer into
an elusive spectrum of disconnected pathways, allowing us to make
recommendations, which will enable efficiency and protection.
We provide an in-depth analysis of internal control and network
architectural processes.
Pre-requisites for the course: Students
for this course should have a minimum of 2 years experience in
conducting data forensic examinations and should be familiar with
forensic and scientific methodologies.
Day One
Welcome
Introductions
Course Direction and Flow
Advanced Data Forensics Define
| - |
Post Mortem Analysis |
| - |
Live Analysis |
| - |
Matrix |
Advanced Scenarios
| - |
Disked-based File System |
| - |
Network File System |
| - |
Enterprise Servers |
| - |
Live System |
| - |
Current and Future Challenges |
| - |
Power of Linux |
SMART for Linux
| - |
SMART Architecture |
| - |
SMART Features |
| - |
SMART and Linux |
SMART Introduction
| - |
Installing and Running |
| - |
Creating Users |
| - |
Storage Devices |
| - |
Device Information and Options |
| - |
SMART Preferences |
| - |
Cases and SMART |
| - |
SMART Logging |
SMART Servers
| - |
SMART Processes |
| - |
Server Technology |
| - |
Properly Configured Operating Systems |
| - |
Remote Administration Software |
SMART Clients
| - |
Requirements |
| - |
Remote Client Software |
Day Two
Review Day One
Smart Client Server Communication
| - |
Communication Technologies |
| - |
Securing Data Transmission |
Remote Case Study
| - |
Remote Case Study Background |
| - |
Configure SMART Client |
| - |
Create Case |
| - |
Import Image File |
| - |
Process Case Work |
SMART Hash Sets
SMART Boot CD-ROM
| - |
Architecture and Overview |
| - |
Included Utilities |
| - |
Methodology |
SMART and RAID
| - |
RAID |
| - |
Linux and RAID |
| - |
Working with RAID |
| - |
Initializing RAID |
| - |
Acquiring RAID |
Day Three
Review Day Two
Advanced Linux Forensics
| - |
Statically Compiled Binaries |
| - |
Building a Forensic Super Kernel |
| - |
Patching the Kernel |
Live Analysis Intro
| - |
Live Analysis Fundamentals |
| - |
Concerns and Implications |
| - |
Methodology |
Live Analysis Toolkit
| - |
Programs |
| - |
Logging |
| - |
Program Table |
| - |
Targets |
Linux Live Analysis Case Study
| - |
Live Case Information |
| - |
Pitfalls and Mistakes |
Day Four
Review Day Three
FreeBSD Analysis Case Study
| - |
FreeBSD Design and Overview |
| - |
Analysis using Linux |
| - |
Analysis using SMART |
Advanced Acquisition
| - |
Network Acquisition |
| - |
Chunking Image Files |
Linux Loopholes
| - |
Odd Sector Issue |
| - |
‘dd’ and Block Sizes |
| - |
Proprietary Programs and File Formats |
Course Practical
Registration Form
Corporate
Law Ennformcement & Gov't
|