1-800-THE-TREE (1-800-843-8733)
 

Computer Forensics and Incident Response: Hands-On

Analyzing Windows-Based Systems

 
Course: 536     Type: Hands-On Training     Duration: 4 Days

Quick Enroll    

You Will Learn How To
  • Implement a computer forensics incident-response strategy
  • Lead a successful investigation from the initial response to completion
  • Conduct disk-based analysis and recover deleted files
  • Identify information-hiding techniques
  • Reconstruct user activity from e-mail, temporary Internet files and cached data
  • Assess the integrity of system memory and process architecture to reveal malicious codes

Course Benefits
Do you know what to do if your organization's security is compromised? Threats of computer crime against an organization's infrastructure have grown substantially, but there are steps you can take. In this course, you apply the latest Windows-based computer forensic techniques to uncover illicit activity and recover lost data. Every crime leaves behind clues. With the right tools, you can effectively respond to and counteract security threats.

Who Should Attend
Systems administrators and those involved in responding to security incidents. Knowledge of Windows-based PCs, including hardware and operating system software, at the level of Course 950, "Windows Vista Comprehensive Introduction," or Course 551, "Windows XP Professional Comprehensive Introduction," is assumed.

Hands-On Training
Exercises, providing experience using software forensic tools to investigate Windows-based systems, include:
  • Leveraging case-management software
  • Employing forensic toolkits
  • Imaging digital media
  • Hiding and discovering potential evidence
  • Applying steganography techniques
  • Manipulating alternate data streams
  • Discovering information in mangled files
  • Conducting e-mail investigations
  • Reconstructing browser and Web server activity
  • Establishing covert surveillance with keystroke loggers and remote access
  • Configuring tools to detect a rootkit

Course 536 Content
Introduction to Computer Forensics
  • Responding to incidents
  • Applying forensic analysis skills
  • Distinguishing between unpermitted corporate and criminal activity
Handling Preliminary Investigations
Planning for incident response
  • Communicating with site personnel
  • Knowing your organization's policies
  • Minimizing impact on your organization
Identifying the incident life cycle
  • Performing incident analysis
  • Restoring systems
  • Capturing volatile information
Controlling an Investigation
Collecting digital evidence
  • Chain of custody and process integrity
  • Advantages of the forensics analysis team
Legal aspects of acquiring evidence
  • Securing and documenting the scene
  • Processing and logging evidence
Conducting Disk-Based Analysis
Forensics lab operations
  • Acquiring a bit-stream image
  • Enabling a write blocker
  • Establishing a baseline
  • Physically protecting the media
Disk structure and recovery techniques
  • Disk geometry components
  • Inspecting Windows file system architectures
  • Locating and restoring deleted content
Investigating Information-Hiding Techniques
Uncovering hidden information
  • Scanning and evaluating alternate data streams
  • Executing code from a stream
  • Steganography tools and concepts
  • Detecting steganography
  • Scavenging slack space
Inspecting header signatures and file mangling
  • Combining files
  • Binding multiple executable files
  • File time analysis
Scrutinizing E-mail
Investigating the mail client
  • Interpreting e-mail headers
  • Recovering deleted e-mails
Validating e-mail header information
  • Detecting spoofed e-mail
  • Verifying e-mail routing
Tracing Internet Access
Inspecting browser cache and history files
  • Exploring temporary Internet files
  • Researching cookie storage
  • Reconstructing cleared browser history
Auditing Internet surfing
  • Tracking user activity
  • Uncovering unauthorized usage
Searching Memory in Real Time
Comparing the architecture of processes
  • Identifying user and kernel memory
  • Inspecting threads
  • Discovering rogue DLLs and drivers
Employing advanced process analysis methods
  • Evaluating processes with Windows Management Instrumentation (WMI)
  • Walking dependency trees
Auditing processes and services
  • Investigating the process table
  • Discovering evidence in the Registry
  • Deploying and detecting a root kit
Implementing covert surveillance techniques
  • Logging key strokes
  • Observing real-time remote desktops
  • Monitoring Internet access

Related Courses
Windows is a registered trademark of Microsoft Corporation.
  
 
Request More Info

Salutation

First Name

Last Name

Company

Zip Code

Country
   Codes
Work Phone

Extension

E-mail

A representative will contact you to follow up your request.
Privacy Statement

Save an EXTRA $200 on a 10-Day Training Pass!

Computer Forensics and Incident Response: Hands-On
Upcoming Dates
Sep 30 - Oct 3, 2008
 Washington, DC (Reston, VA)
Nov 4 - 7, 2008
 Toronto
Nov 11 - 14, 2008
 New York
Dec 2 - 5, 2008
 Washington, DC (Rockville, MD)
Dec 9 - 12, 2008
 Ottawa
Dec 16 - 19, 2008
 Washington, DC (Reston, VA)
Mar 10 - 13, 2009
 Washington, DC (Reston, VA)
Mar 24 - 27, 2009
 New York
Mar 31 - Apr 3, 2009
 Ottawa
Mar 31 - Apr 3, 2009
 Washington, DC (Alexandria, VA)

Computer Forensics and Incident Response: Hands-On
Bring Learning Tree On-Site

Course Tuition
$ 2,650 Standard Tuition
Tuition with a Savings Plan
$ 1,580 10-Day Pass
$ 1,665 Training Passport
$ 1,830 Flex-Pass
$ 2,095 Voucher 10-Pack
$ 2,385 Alumni Gold Discount
$ 2,360 Government Discount
 

 

Computer Forensics and Incident Response: Hands-On
Computer Forensics and Incident Response: Hands-On
Course participants conducting a disk-based forensic investigation.
The most recent 100 evaluations scored this course at:

  (3.85/4.00)


CPE 23 Credits 2 Hour(s) College Credit
Customer Service or Enroll: 1-800-843-8733