|
|
|
Frequently Asked Questions
What is computer forensics?Computer forensics is the process of examining data to reveal illicit activity or recover lost information. A computer forensics investigation includes the response to and evaluation of a potential computer crime in addition to gathering evidence and maintaining a chain of custody.What is this course about?This course provides a comprehensive introduction to Windows-based computer forensics investigative techniques. You gain the knowledge and skills required to conduct a computer forensics investigation from initial discovery to completion. You also learn how to exploit your organisation's Computer Incident Response Team (CIRT); collect, manage and record digital evidence; and leverage powerful software tools and techniques to uncover hidden or deleted information.Who will benefit from this course?This course is valuable for:System and network administrators who need to determine if an incident has occurred within their organisation and the best means for handling such incidentsMembers of a CIRT who must enhance or develop their skills of forensics analysis and information discoverySecurity managers who are required to more effectively allocate resources for their organisation's CIRT members, ensuring optimal team performanceSecurity advisors and consultants who must advance their knowledge and skills of computer forensics to better advise their clients and present more effective incident solutions What background do I need?It is assumed you have a fundamental knowledge of Windows-based PCs, hardware and operating system software, including knowledge of OS architecture, memory usage and disk file systems. Why should I be concerned about computer forensics?Despite efforts to safeguard sensitive data and networks, organisations today face an ever-growing threat of cyber crime and security violations. These attacks can occur internally as well as from an external source and include fraud, copyright infringement and stolen data.Computer forensics and incident response provide an organisation with a legal method for handling computer misuse as well as a means for securing sensitive data and identifying compromised systems.Does this course cover steganography?Yes! Steganography is a technique used to hide and covertly transmit information. In this course, you learn steganalysis, the process of imbedding and extracting information from normal file types, such as graphic files. You also learn how to detect and analyse information obscured by steganography.Which computer systems are covered in this course?You learn and apply computer forensics investigative techniques on Windows Server 2003 and
Windows XP.Will this course help me prepare for the CISSP Certification examination?
Yes, this course helps you prepare for the CISSP Certification exam. For more information, please refer to the CISSP Q&A.Does this course provide me with (ISC)2 continuing professional education (CPE) credits?
Yes! Learning Tree, in agreement with (ISC)2, is a recognised "Trusted CPE Provider." This course provides you with 32 "A-level" CPE credits toward maintaining your CISSP Certification. Please see the CISSP Q&A for more information on the continuing education requirements of (ISC)2.
How much time is spent on each topic?| Content | Hours | | Responding to incidents and investigating computer crime | 2.5 | | Conducting and managing the investigation | 2.0 | | Performing disk-based analysis | 3.5 | | Investigating information-hiding techniques | 5.5 | | Examining e-mail | 1.5 | | Tracing Internet access | 1.5 | | Searching memory in real-time | 5.0 | | Forensics challenge | 1.5 |
Times, including the workshops, are estimates; exact times may vary according to the needs of each class.I've heard that information can be hidden in unused areas of the hard drive. Is this covered in the course?Yes. This course provides you with the skills to find and recover information from unused storage areas of a disk cluster and the free space portion of the disk. You also learn techniques used to obscure information on a disk drive, such as Alternate Data Streams and file mangling.I've heard a lot about cybersecurity lately. Does this course cover cybersecurity?Yes, this course provides hands-on experience uncovering covert system activities and responding to cybersecurity attacks.How much of this course is hands-on?Approximately 45 percent of the course is dedicated to hands-on exercises. Employing the latest software forensic tools you capture disk images, undelete files, search memory in real-time for hidden data, and discover compromised machines.Is this course just for people who will be taking someone to court?This course is for anyone who needs experience uncovering hidden data or reconstructing user activity. Collected evidence can be retained as supporting documentation in an employee dismissal or used in a court of law when criminal activity is discovered.How does this course relate to other Learning Tree courses? |
Windows Server is a registered trademark of Microsoft Corporation.
Learning Tree AnyWareTM is a trademark of Learning Tree International, Inc. in the United States and other countries, and is covered by a patent application pending in the United States.
|
|
Course Dates
 | Most events below can be taken in-class or live, online from your home or office with AnyWare. |
UK Dates | | 10 - 13 Jul | London enrol | US East Coast Dates | | 29 May - 1 Jun | Washington, DC enrol* | | 17 - 20 Jul | New York enrol* | | 11 - 14 Sep | New York enrol* |
*Work and train on the same day! Attend live US East Coast Courses online from 2pm to 9pm GMT. For AnyWare enrolments, please register at least 7 days prior to the start of the course.
More Dates and Locations.
Tuition for Course 536 (4 Days)
Bring this or any Learning Tree Course on-site to your location!
|
E-mail a Colleague
Course Details
Course Details PDF