1-800-THE-TREE (1-800-843-8733)
TRAINING YOU CAN TRUST
 
 

Computer Forensics and Incident Response: Hands-On

Analyzing Windows-Based Systems
 
Course: 536   Type: Hands-On Training   Duration: 4 Days
 
 

You Will Learn How To

  • Implement a computer forensics incident-response strategy
  • Lead a successful investigation from the initial response to completion
  • Conduct disk-based analysis and recover deleted files
  • Identify information-hiding techniques
  • Reconstruct user activity from e-mail, temporary Internet files and cached data
  • Assess the integrity of system memory and process architecture to reveal malicious codes

Course Benefits

Do you know what to do if your organization's security is compromised? Threats of computer crime against an organization's infrastructure have grown substantially, but there are steps you can take. In this course, you apply the latest Windows-based computer forensic techniques to uncover illicit activity and recover lost data. Every crime leaves behind clues. With the right tools, you can effectively respond to and counteract security threats.

Who Should Attend

Systems administrators and those involved in responding to security incidents. Knowledge of Windows-based PCs, including hardware and operating system software, at the level of Course 950, "Windows Vista Comprehensive Introduction," is assumed.

Hands-On Training

Exercises, providing experience using software forensic tools to investigate Windows-based systems, include:
  • Leveraging case-management software
  • Employing forensic toolkits
  • Imaging digital media
  • Hiding and discovering potential evidence
  • Applying steganography techniques
  • Manipulating alternate data streams
  • Discovering information in mangled files
  • Conducting e-mail investigations
  • Reconstructing browser and Web server activity
  • Establishing covert surveillance with keystroke loggers and remote access
  • Configuring tools to detect a rootkit

Related Courses

 
Windows is a registered trademark of Microsoft Corporation. (ISC)2 is a registered certification mark of (ISC)2, Inc. 		 

Upcoming Dates

Nov 4 - 7, 2008
 Toronto
Nov 11 - 14, 2008
 New York
Dec 2 - 5, 2008
 Washington, DC (Rockville, MD)
Dec 9 - 12, 2008
 Ottawa
Dec 16 - 19, 2008
 Washington, DC (Reston, VA)
Mar 10 - 13, 2009
 Washington, DC (Reston, VA)
Mar 24 - 27, 2009
 New York
Mar 31 - Apr 3, 2009
 Ottawa
May 5 - 8, 2009
 Toronto
May 12 - 15, 2009
 Washington, DC (Rockville, MD)
Jul 21 - 24, 2009
 New York
Jul 28 - 31, 2009
 Ottawa

For complete schedule, please visit www.learningtree.com
 
http://www.learningtree.com/courses/536pf.htm
 
 
1-800-THE-TREE (1-800-843-8733)
TRAINING YOU CAN TRUST
 
 

Computer Forensics and Incident Response: Hands-On

Analyzing Windows-Based Systems
 
Course: 536   Type: Hands-On Training   Duration: 4 Days
 
 
Course 536 Content
 

Introduction to Computer Forensics

  • Responding to incidents
  • Applying forensic analysis skills
  • Distinguishing between unpermitted corporate and criminal activity

Handling Preliminary Investigations

Planning for incident response

  • Communicating with site personnel
  • Knowing your organization's policies
  • Minimizing impact on your organization

Identifying the incident life cycle

  • Performing incident analysis
  • Restoring systems
  • Capturing volatile information

Controlling an Investigation

Collecting digital evidence

  • Chain of custody and process integrity
  • Advantages of the forensics analysis team

Legal aspects of acquiring evidence

  • Securing and documenting the scene
  • Processing and logging evidence

Conducting Disk-Based Analysis

Forensics lab operations

  • Acquiring a bit-stream image
  • Enabling a write blocker
  • Establishing a baseline
  • Physically protecting the media

Disk structure and recovery techniques

  • Disk geometry components
  • Inspecting Windows file system architectures
  • Locating and restoring deleted content

Investigating Information-Hiding Techniques

Uncovering hidden information

  • Scanning and evaluating alternate data streams
  • Executing code from a stream
  • Steganography tools and concepts
  • Detecting steganography
  • Scavenging slack space

Inspecting header signatures and file mangling

  • Combining files
  • Binding multiple executable files
  • File time analysis

Scrutinizing E-mail

Investigating the mail client

  • Interpreting e-mail headers
  • Recovering deleted e-mails

Validating e-mail header information

  • Detecting spoofed e-mail
  • Verifying e-mail routing

Tracing Internet Access

Inspecting browser cache and history files

  • Exploring temporary Internet files
  • Researching cookie storage
  • Reconstructing cleared browser history

Auditing Internet surfing

  • Tracking user activity
  • Uncovering unauthorized usage

Searching Memory in Real Time

Comparing the architecture of processes

  • Identifying user and kernel memory
  • Inspecting threads
  • Discovering rogue DLLs and drivers

Employing advanced process analysis methods

  • Evaluating processes with Windows Management Instrumentation (WMI)
  • Walking dependency trees

Auditing processes and services

  • Investigating the process table
  • Discovering evidence in the Registry
  • Deploying and detecting a root kit

Implementing covert surveillance techniques

  • Logging key strokes
  • Observing real-time remote desktops
  • Monitoring Internet access
 
http://www.learningtree.com/courses/536pf.htm
 
 
1-800-THE-TREE (1-800-843-8733)
TRAINING YOU CAN TRUST
 
 

Computer Forensics and Incident Response: Hands-On Tuition

Analyzing Windows-Based Systems
 
Course: 536   Type: Hands-On Training   Duration: 4 Days
 
 

Course Tuition
$ 2,790 Standard Tuition
Tuition with a Savings Plan
$ 1,800 10-Day Pass
$ 1,670 Training Passport
$ 1,700 Premium-Pass
$ 2,200 Voucher 10-Pack
$ 2,515 Alumni Gold Discount
$ 2,484 Government Discount
 

 

Your Course Tuition Entitles You To...

  • Class participation
  • Team workshops
  • Use of in-class hands-on equipment
  • Comprehensive course materials
  • Morning and afternoon refreshments
  • Course Completion Certificate awarding Continuing Education Units
  • FREE participation in Professional Certification
  • FREE participation in College Credit programs (including related exams)
  
 

Tuition Savings Plans

Training Passport
  • 3 courses in 12 months
  • As little as $1,670 per course
  • Savings as much as 40%
  • Only $5,000
Premium Pass
  • 4 courses in 24 months
  • As little as $1,700 per course
  • Save as much as 45%
10-Day Pass
  • A NEW way to save on training
  • 10 days of training for one person
  • Save as much as $990 per course
  • Only $4,500
Training Vouchers
  • Save as much as $990 per course
  • Fully transferable
  • As low as $2,200 per course
Alumni Gold Discount Attend your first course and you'll receive a personalized Alumni Gold Discount card, entitling you to save as much as $305 on each course you take within the following 12 months. Take just one course each year and you'll be entitled to ongoing discounts...year after year!

Your Guarantee of Satisfaction

Unless you feel 100% satisfied that Learning Tree delivered even more than you expected, there is no fee for your course attendance. Our Guarantee of Quality lets you experience the value of the course--and then pay only if you feel the course was well worth the tuition.

Enrolling is Easy and Flexible!

Enroll by phone or online. If your plans change, just let us know and, without a fee, you can transfer to another course or cancel your enrollment. Pay after you've taken the course, and then only if you are 100% satisfied.
 
http://www.learningtree.com/courses/536pf.htm