The Ethical Hacker Network
close

Partners

Training Camp

Digital Construction Company

InfoSec Institute

Sponsors

 

Coming Soon

 

For more info on all sponsors, click here.

For Sponsorship Opportunities, click here.

Top Panel
Sponsors
Top Panel
Course Description: CHFI - Forensics Investigation Print E-mail
This course is provided by our partner, The Training Camp.
ecc_atcoftheyear2006.gif
 Instructor: Steve Kalman, CISSP - Author of the Cisco Press book, Web Security Field Guide, Mr. Kalman is a seasoned professional with over thirty years experience. Since so much of Computer Security is based on law or forensic evidence’s requirements, his main strength is his combination of legal and technical skills. Mr. Kalman is widely sought after as an author, instructor, forensic examiner and expert witness.. He teaches courses on Cisco, Microsoft, ECH, CHFI et al. He was recently featured in the Philadelphia Inquirer for his teaching acumen.

As information technology and the Internet become more integrated into today's workplaces, organizations must consider the misuse of technology as a real threat and plan for its eventuality. When cyber crime strikes, the real issue is not the incident itself, but how the organization responds to the attack. A specialized and fast growing field of investigation known as computer forensics is a leading defense in the corporate world's armory against cyber crime. Forensic investigators detect the extent of a security breach, recover lost data, determine how an intruder got past security mechanisms and, potentially, identify the culprit. The goal of this five-day accelerated information security course is to educate cyber crime investigators in the techniques of computer forensics investigation.  During the program, students will live, learn, and take certification examinations at one of our state-of-the-art education centers. This blended-learning program employs outcome-based (Lecture | Lab | Review)™ delivery - that focuses on preparing you with the real-world skills required to pass the CHFI 312-49 examination, which is delivered at the conclusion of the program.

 

Our Computer Forensics Program:
  • Helps students grasp complex technical concepts more easily by identifying and catering to individual student learning styles through a mixed visual, auditory and kinesthetic-tactual delivery system.
  • Enhances retention by employing accelerated learning techniques focused on committing information to long-term memory.
  • Allows you to achieve your certification in half the time of 'traditional training' while delivering industry-leading exam passing percentages.
With Training Camp, you will learn more. effectively. efficiently.  

Given the complexity and scale of today's corporate networks, effective penetration testing may be the only way to find out how secure a network really is. Ethical Hackers can provide real evidence of weaknesses or provide real assurance that current controls are working effectively. This course will significantly benefit security officers, auditors, security professionals, site administrators, and anyone who is concerned about the integrity of the network infrastructure. Technical certification is a sound investment in your career - and your organization. Although certification does not guarantee success, research has shown that it can have a significant impact on:

  • Morale and confidence.
  • Efficiency and productivity on the job: 75% of managers view certified employees as more productive (Gartner Study).
  • Career advancement: 70.8% of IT managers view certification as a criteria for promotion (Gartner Study).
  • Monetary rewards.
What's Included:

Training Camp offers top-quality technical education and certification training in an all-inclusive course package specifically designed for the needs and ease of our students. We attend to every detail so our students can focus solely on their studies and certification goals.

 

Our CHFI Certification Program includes:

  • Intensive Hands-on Training Utilizing our (Lecture | Lab | Review)™ Delivery.

  • Comprehensive Study Materials and Pre-Class Mentoring, Program Courseware.

  • Optional Package of Five (5) Days of Hotel Accommodations
  • Breakfast and Lunch, Unlimited Beverages, Snacks, and Freshly-brewed Coffee.

  • 24-Hour Instructor Access.

  • Examination Voucher & On-site Certification Testing.

  • Examination Passing Policy.

Our forensics instructors teach to accommodate every student’s learning needs through individualized instruction, hands-on labs, lab partner and group exercises, independent study, self-testing, and question/answer drills.  All instructors are certified computer hacking forensic investigators who are currently involved in computer forensic examinations. Training Camp has dedicated, well-equipped educational facilities where you will attend instruction and labs and have access to comfortable study and lounging rooms. Our students consistently say our facilities are second-to-none.

 

Examination Passing Policy. Should a student complete a Training Camp Program without having successfully passed all vendor examinations, the student may re-attend that program for a period of one year.  Students will only be responsible for accommodations and vendor exam fees.

 

 

What You'll Learn:

 

This accelerated computer forensic program will prepare students with the necessary skills to identify an intruder's footprints and to properly gather the necessary evidence to prosecute. Many of today's top tools of the forensic trade will be taught during this course, including software, hardware, and specialized techniques. Each training day is segmented into Lecture, Lab, and Review components that cater to a student's multiple learning styles (auditory, visual, kinesthetic-tactual).

 

Our program covers the following material:

 

Introduction to Computer Forensics

Computer Forensics and Investigations as a Profession

  • Understanding Computer Forensics
  • Comparing Definitions of Computer Forensics
  • Exploring a Brief History of Computer Forensics
  • Developing Computer Forensics Resources
  • Preparing for Computing Investigations
  • Understanding Enforcement Agency Investigations
  • Understanding Corporate Investigations
  • Maintaining Professional Conduct

Understanding Computer Investigations 

  • Preparing a Computer Investigation
  • Examining a Computer Crime
  • Examining a Company-Policy Violation
  • Taking a Systematic Approach
  • Assessing the Case
  • Planning Your Investigation
  • Securing Your Evidence
  • Understanding Data-Recovery Workstations and Software
  • Setting Up Your Workstation for Computer Forensics
  • Executing an Investigation
  • Gathering the Evidence
  • Copying the Evidence Disk
  • Analyzing Your Digital Evidence
  • Completing the Case
  • Critiquing the Case

Working with Windows and DOS Systems 

  • Understanding File Systems
  • Understanding the Boot Sequence
  • Examining Registry Data
  • Disk Drive Overview
  • Exploring Microsoft File Structures
  • Disk Partition Concerns
  • Boot Partition Concerns
  • Examining FAT Disks
  • Examining NTFS Disks
  • NTFS System Files
  • NTFS Attributes
  • NTFS Data Streams
  • NTFS Compressed Files
  • NTFS Encrypted File Systems (EFS)
  • EFS Recovery Key Agent
  • Deleting NTFS Files
  • Understanding Microsoft Boot Tasks
  • Windows XP, 2000, and NT Startup
  • Windows XP System Files
  • Understanding MS-DOS Startup Tasks
  • Other DOS Operating Systems

Macintosh and Linux Boot Processes and Disk Structures 

  • Understanding the Macintosh File Structure
  • Understanding Volumes
  • Exploring Macintosh Boot Tasks
  • Examining UNIX and Linux Disk Structures
  • UNIX and Linux Overview
  • Understanding modes
  • Understanding UNIX and Linux Boot Processes
  • Understanding Linux Loader
  • UNIX and Linux Drives and Partition Scheme
  • Examining Compact Disc Data Structures
  • Understanding Other Disk Structures
  • Examining SCSI Disks
  • Examining IDE/EIDE Devices

The Investigator's Office and Laboratory

  • Understanding Forensic Lab Certification Requirements
  • Identifying Duties of the Lab Manager and Staff
  • Balancing Costs and Needs
  • Acquiring Certification and Training
  • Determining the Physical Layout of a Computer Forensics Lab
  • Identifying Lab Security Needs
  • Conducting High-Risk Investigations
  • Considering Office Ergonomics
  • Environmental Conditions
  • Lighting
  • Structural Design Considerations
  • Electrical Needs
  • Communications
  • Fire-suppression Systems
  • Evidence Lockers
  • Facility Maintenance
  • Physical Security Needs
  • Auditing a Computer Forensics Lab
  • Computer Forensics Lab Floor Plan Ideas
  • Selecting a Basic Forensic Workstation
  • Selecting Workstations for Police Labs
  • Selecting Workstations for Private and Corporate Labs
  • Stocking Hardware Peripherals
  • Maintaining Operating Systems and Application Software Inventories
  • Using a Disaster Recovery Plan
  • Planning for Equipment Upgrades
  • Using Laptop Forensic Workstations
  • Building a Business Case for Developing a Forensics Lab
  • Creating a Forensic Boot Floppy Disk
  • Assembling the Tools for a Forensic Boot Floppy Disk
  • Retrieving Evidence Data Using a Remote Network Connection

Current Computer Forensics Tools

  • Evaluating Your Computer Forensics Software Needs
  • Using National Institute of Standards and Technology (NIST) Tools
  • Using National Institute of Justice (NU) Methods
  • Validating Computer Forensics Tools
  • Using Command-Line Forensics Tools
  • Exploring NTI Tools
  • Exploring Ds2dump
  • Reviewing DriveSpy
  • Exploring PDBlock
  • Exploring PDWipe
  • Reviewing Image
  • Exploring Part
  • Exploring SnapBack DatArrest
  • Exploring Byte Back
  • Exploring MaresWare
  • Exploring DIGS Mycroft v3
  • Exploring Graphical User Interface (GUI) Forensics Tools
  • Exploring AccessData Programs
  • Exploring Guidance Software EnCase
  • Exploring Ontrack
  • Using BIAProtect
  • Using LC Technologies Software
  • Exploring WinHex Specialist Edition
  • Exploring DIGS Analyzer Professional Forensic Software
  • Exploring ProDiscover DFT
  • Exploring DataLifter
  • Exploring ASRData
  • Exploring the Internet History Viewer
  • Exploring Other Useful Computer Forensics Tools
  • Exploring LTOOLS
  • Exploring Mtools
  • Exploring R-Tools
  • Using Explore2fs
  • Exploring @stake
  • Exploring TCT and TCTUTILs
  • Exploring ILook
  • Exploring HashKeeper
  • Using Graphic Viewers
  • Exploring Hardware Tools
  • Computing-Investigation Workstations
  • Building Your Own Workstation
  • Using a Write-blocker
  • Using LC Technology International Hardware
  • Forensic Computers
  • DIGS
  • Digital Intelligence
  • Image MASSter Solo
  • FastBloc
  • Acard
  • NoWrite
  • Wiebe Tech Forensic DriveDock
  • Recommendations for a Forensic Workstation
The Crime Scene

Digital Evidence Controls 

  • Identifying Digital Evidence
  • Understanding Evidence Rules
  • Securing Digital Evidence at an Incident Scene
  • Cataloging Digital Evidence
  • Lab Evidence Considerations
  • Processing and Handling Digital Evidence
  • Storing Digital Evidence
  • Evidence Retention and Media Storage Needs
  • Documenting Evidence
  • Obtaining a Digital Signature

Processing Crime and Incident Scenes 

  • Processing Private-Sector Incident Scenes
  • Processing Law Enforcement Crime Scenes
  • Understanding Concepts and Terms Used in Warrants
  • Preparing for a Search
  • Identifying the Nature of the Case
  • Identifying the Type of Computing System
  • Determining Whether You Can Seize a Computer
  • Obtaining a Detailed Description of the Location
  • Determining Who Is in Charge
  • Using Additional Technical Expertise
  • Determining the Tools You Need
  • Preparing the Investigation Team
  • Securing a Computer Incident or Crime Scene
  • Seizing Digital Evidence at the Scene
  • Processing a Major Incident or Crime Scene
  • Processing Data Centers with an Array of RAIDS
  • Using a Technical Advisor at an Incident or Crime Scene
  • Sample Civil Investigation
  • Sample Criminal Investigation
  • Collecting Digital Evidence

Data Acquisition 

  • Determining the Best Acquisition Method
  • Planning Data Recovery Contingencies
  • Using MS-DOS Acquisition Tools
  • Understanding How DriveSpy Accesses Sector Ranges
  • Data Preservation Commands
  • Using DriveSpy Data Manipulation Commands
  • Using Windows Acquisition Tools
  • AccessData FTK Explorer
  • Acquiring Data on Linux Computers
  • Using Other Forensics Acquisition Tools
  • Exploring SnapBack DatArrest
  • Exploring SafeBack
  • Exploring EnCase

Computer Forensic Analysis 

  • Understanding Computer Forensic Analysis
  • Refining the Investigation Plan
  • Using DriveSpy to Analyze Computer Data
  • DriveSpy Command Switches
  • DriveSpy Keyword Searching
  • DriveSpy Scripts
  • DriveSpy Data-Integrity Tools
  • DriveSpy Residual Data Collection Tools
  • Other Useful DriveSpy Command Tools
  • Using Other Digital Intelligence Computer Forensics Tools
  • Using PDBlock and PDWipe
  • Using AccessData's Forensic Toolkit
  • Performing a Computer Forensic Analysis
  • Setting Up Your Forensic Workstation
  • Performing Forensic Analysis on Microsoft File Systems
  • UNIX and Linux Forensic Analysis
  • Macintosh Investigations
  • Addressing Data Hiding Techniques
  • Hiding Partitions
  • Marking Bad Clusters
  • Bit-Shifting
  • Using Steganography
  • Examining Encrypted Files
  • Recovering Passwords

E-mail Investigations 

  • Understanding Internet Fundamentals
  • Understanding Internet Protocols
  • Exploring the Roles of the Client and Server in E-mail
  • Investigating E-mail Crimes and Violations
  • Identifying E-mail Crimes and Violations
  • Examining E-mail Messages
  • Copying an E-mail Message
  • Printing an E-mail Message
  • Viewing E-mail Headers
  • Examining an E-mail Header
  • Examining Additional E-mail Files
  • Tracing an E-mail Message
  • Using Network Logs Related to E-mail
  • Understanding E-mail Servers
  • Examining UNIX E-mail Server Logs
  • Examining Microsoft E-mail Server Logs
  • Examining Novell GroupWise E-mail Logs
  • Using Specialized E-mail Forensics Tools

Recovering Image Files 

  • Recognizing an Image File
  • Understanding Bitmap and Raster Images
  • Understanding Vector Images
  • Metafle Graphics
  • Understanding Image File Formats
  • Understanding Data Compression
  • Reviewing Lossless and Lossy Compression
  • Locating and Recovering Image Files
  • Identifying Image File Fragments
  • Repairing Damaged Headers
  • Reconstructing File Fragments
  • Identifying Unknown File Formats
  • Analyzing Image File Headers
  • Tools for Viewing Images
  • Understanding Steganography in Image Files
  • Using Steganalysis Tools
  • Identifying Copyright Issues with Graphics
Computer Forensics, Building the Case

Writing Investigation Reports

  • Understanding the Importance of Reports
  • Limiting the Report to Specifics
  • Types of Reports
  • Expressing an Opinion
  • Designing the Layout and Presentation
  • Litigation Support Reports versus Technical Reports
  • Writing Clearly<
  • Providing Supporting Material
  • Formatting Consistently
  • Explaining Methods
  • Data Collection
  • Including Calculations
  • Providing for Uncertainty and Error Analysis
  • Explaining Results
  • Discussing Results and Conclusions
  • Providing References
  • Including Appendices
  • Providing Acknowledgments
  • Formal Report Format
  • Writing the Report
  • Using FTK Demo Version

Becoming an Expert Witness

  • Comparing Technical and Scientific Testimony
  • Preparing for Testimony
  • Documenting and Preparing Evidence
  • Keeping Consistent Work Habits
  • Processing Evidence
  • Serving as a Consulting Expert or an Expert Witness
  • Creating and Maintaining Your CV
  • Preparing Technical Definitions
  • Testifying in Court
  • Understanding the Trial Process
  • Qualifying Your Testimony and Voir Dire
  • Addressing Potential Problems
  • Testifying in General
  • Presenting Your Evidence
  • Using Graphics in Your Testimony
  • Helping Your Attorney
  • Avoiding Testimony Problems
  • Testifying During Direct Examination
  • Using Graphics During Testimony
  • Testifying During Cross-Examination
  • Exercising Ethics When Testifying
  • Understanding Prosecutorial Misconduct
  • Preparing for a Deposition
  • Guidelines for Testifying at a Deposition
  • Recognizing Deposition Problems
  • Public Release: Dealing with Reporters
  • Forming an Expert Opinion
  • Determining the Origin of a Floppy Disk

Computer Security Incident Response Team

  • Incident Response Team
  • Incident Reporting Process
  • Low-level incidents
  • Mid-level incidents
  • High-level incidents
  • What is a Computer Security Incident Response Team (CSIRT)?
  • Why would an organization need a CSIRT?
  • What types of CSIRTs exist?
  • Other Response Teams Acronyms
  • What does a CSIRT do?
  • What is Incident Handling?
  • Need for CSIRT in Organizations
  • Best Practices for Creating a CSIRT?

Logfile Analysis

  • Secure Audit Logging
  • Audit Events
  • Syslog
  • Message File
  • Setting Up Remote Logging
  • Linux Process Tracking
  • Windows Logging
  • Remote Logging in Windows
  • ntsyslog
  • Application Logging
  • Extended Logging
  • Monitoring for Intrusion and Security Events
  • Importance of Time Synchronization
  • Passive Detection Methods
  • Dump Event Log Tool (Dumpel.exe)
  • EventCombMT
  • Event Collection
  • Scripting
  • Event Collection Tools
  • Forensic Tool: fwanalog
  • Elements of an End-to-End Forensic Trace 
  • Log Analysis and Correlation
  • TCPDump logs
  • Intrusion Detection Log (RealSecure)
  • Intrusion Detection Log (SNORT)

Recovering Deleted Files

  • The Windows Recycle Bin
  • Digital evidence
  • Recycle Hidden Folder
  • How do I undelete a file?
  • >e2undel
  • O&O UnErase
  • Restorer2000
  • BadCopy Pro
  • File Scavenger
  • Mycroft v3
  • PC ParaChute
  • Search and Recover
  • Stellar Phoenix Ext2,Ext3
  • Zero Assumption Digital Image Recovery
  • FileSaver
  • VirtualLab Data Recovery
  • R-Linux
  • Drive & Data Recovery
  • Active@ UNERASER - DATA Recovery

Application Password Crackers

  • Advanced Office XP Password Recovery
  • AOXPPR
  • Accent Keyword Extractor
  • Advanced PDF Password Recovery
  • APDFPR
  • Distributed Network Attack
  • Windows XP / 2000 / NT Key
  • Passware Kit
  • How to Bypass BIOS Passwords
  • BIOS Password Crackers
  • Removing the CMOS Battery
  • Default Password Database
Computer Forensics Investigation

Investigating E-Mail Crimes

  • E-mail Crimes
  • Sending Fakemail
  • Sending E-mail using Telnet
  • Tracing an e-mail
  • Mail Headers
  • Reading Email Headers
  • Tracing Back
  • Tracing Back Web Based E-mail
  • Microsoft Outlook Mail
  • Pst File Location
  • Tool: R-Mail
  • Tool: FinaleMail
  • Searching E-mail Addresses
  • E-mail Search Site
  • abuse.net
  • Network Abuse Clearing House
  • Handling Spam
  • Protecting your E-mail Address from Spam
  • Tool: Enkoder Form
  • Tool: eMailTrackerPro
  • Tool: SPAM Punisher

Investigating Web Attacks

  • How to Tell an Attack is in Progress
  • What to Do When You Are Under Attack?
  • Conducting the Investigation
  • Attempted Break-in
  • Step 1: Identifing the System(s)
  • Step 2: Traffic between source and destination
  • How to detect attacks on your server?
  • Investigating Log Files
  • IIS Logs
  • Log file Codes
  • Apache Logs
  • Access_log
  • Log Security
  • Log File Information
  • Simple Request
  • Time/Date Field
  • Mirrored Site Detection
  • Mirrored Site in IIS Logs
  • Vulnerability Scanning Detection
  • Example of Attack in Log file
  • Web Page Defacement
  • Defacement using DNS Compromise
  • Investigating DNS Poisoning
  • Investigating FTP Servers
  • Example of FTP Compromise
  • FTP logs
  • SQL Injection Attacks
  • Investigating SQL Injection Attacks
  • Web Based Password Brute Force Attack
  • Investigating IP Address
  • Tools for locating IP Address
  • Investigating Dynamic IP Address
  • Location of DHCP Server Logfile

Investigating Network Traffic

  • Network Intrusions and Attacks
  • Direct vs. Distributed Attacks
  • Automated Attacks
  • Accidental “Attacks”
  • Address Spoofing
  • IP Spoofing
  • ARP Spoofing
  • DNS Spoofing
  • Preventing IP Spoofing
  • Preventing ARP Spoofing
  • Preventing DNS Spoofing
  • VisualZone
  • DShield
  • Forensic Tools for Network Investigations
  • TCPDump
  • Ethereal
  • NetAnalyst
  • Ettercap
  • Ethereal

Investigating Router Attacks

  • DoS Attacks
  • Investigating DoS Attacks
  • Investigating Router Attacks

The Computer Forensics Process

  • Evidence Seizure Methodology
  • Before the Investigation
  • Document Everything
  • Confiscation of Computer Equipment

Data Duplication

  • Tool: R-Drive Image
  • Tool: DriveLook
  • Tool: DiskExplorer for NTFS
Computer Forensics Environments

Windows Forensics

  • Gathering Evidence in Windows
  • Collecting Data from Memory
  • Collecting Evidence
  • Memory Dump
  • Manual Memory Dump (Windows 2000)
  • Manual Memory Dump (Windows XP)
  • PMDump
  • Windows Registry
  • Registry Data
  • Regmon utility
  • Forensic Tool: Backing Up of the entire Registry
  • System State Backup
  • Forensic Tool: Back4Win
  • Forensic Tool: Registry Watch
  • System Processes
  • Process Monitors
  • Default Processes in Windows NT, 2000, and XP
  • Process-Monitoring Programs
  • Process Explorer
  • Look for Hidden Files
  • Viewing Hidden Files in Windows
  • NTFS Streams
  • Detecting NTFS Streams
  • Rootkits
  • Detecting
  • Sigverif
  • Detecting Trojans and Backdoors
  • Removing Trojans and Backdoors
  • Port Numbers Used by Trojans
  • Examining the Windows Swap File
  • Swap file as evidence
  • Viewing the Contents of the Swap/Page File
  • Recovering Evidence from the Web Browser
  • Locating Browser History Evidence
  • Forensic Tool: Cache Monitor
  • Print Spooler Files
  • Steganography
  • Forensic Tool:

Linux Forensics

  • Performing Memory Dump on Unix Systems
  • Viewing Hidden Files
  • Executing Process
  • Create a Linux Forensic Toolkit
  • Collect Volatile Data Prior to Forensic Duplication
  • Executing a Trusted Shell
  • Determining Who is logged on to the System
  • Determining the Running Processes
  • Detecting Loadable Kernel Module Rootkits
  • LKM
  • Open Ports and Listening Applications
  • /proc file system
  • Log Files
  • Configuration Files
  • Low Level Analysis
  • Log Messages
  • Running syslogd
  • Investigating User Accounts
  • Collecting an Evidential Image
  • File Auditing Tools

Investigating PDA

  • Paraben's PDA Seizure

Enforcement Law and Prosecution

  • Freedom of Information Act
  • Reporting Security Breaches to Law Enforcement
  • National Infrastructure Protection Center
  • Federal Computer Crimes and Laws
  • Federal Laws
  • The USA Patriot Act of 2001
  • Building the Cybercrime Case
  • How the FBI Investigates Computer Crime
  • Cyber Crime Investigations
  • Computer-facilitated crime
  • FBI
  • Federal Statutes
  • Local laws
  • Federal Investigative Guidelines
  • Gather Proprietary Information
  • Contact law enforcement
  • To initiate an investigation

Investigating Trademark and Copyright Infringement

  • Trademarks
  • Trademark Eligibility
  • What is a service mark?
  • What is trade dress?
  • Internet domain name
  • Trademark Infringement
  • Conducting a Trademark Search
  • Using Internet to Search for Trademarks
  • Hiring a professional firm to conduct my trademark search
  • Trademark Registrations
  • Benefits of Trademark Registration
  • Copyright
  • How long does a copyright last?
  • Copyright Notice
  • Copyright “Fair Use” Doctrine
  • U.S. Copyright Office
  • How are copyrights enforced?
  • SCO vs IBM
  • What is Plagiarism?
  • Turnitin
  • Plagiarism Detection Tools
Exam Review and Delivery
  • Interactive Exam-Objective Reinforcement
  • Examination Delivery

 

 
< Prev   Next >
[ Back ]
Register Now for ChicagoCon 07
Registration for 2008f Now Open!

  

For Pre-Con ?s

This e-mail address is being protected from spam bots, you need JavaScript enabled to view it

ChicagoCon News