 |
Customer Service or Enrol: 0800 282 353 or +44 1372 364610 |
 |
|
 |
| |
You Will Learn How To
- Implement a computer forensics incident-response strategy
- Lead a successful investigation from the initial response to completion
- Conduct disc-based analysis and recover deleted files
- Identify information-hiding techniques
- Reconstruct user activity from e-mail, temporary Internet files and cached data
- Assess the integrity of system memory and process architecture to reveal malicious codes
Course Benefits
Do you know what to do if your organisation's security is compromised? Threats of computer crime against an organisation's infrastructure have grown substantially, but there are steps you can take. In this course, you apply the latest Windows-based computer forensic techniques to uncover illicit activity and recover lost data. Every crime leaves behind clues. With the right tools, you can effectively respond to and counteract security threats.
Who Should Attend
Systems administrators and those involved in responding to security incidents. Knowledge of Windows-based PCs, including hardware and operating system software, at the level of Course 950, "Windows Vista Comprehensive Introduction", or Course 551, "Windows XP Professional Comprehensive Introduction", is assumed.
Hands-on Training
Exercises, providing experience using software forensic tools to investigate Windows-based systems, include:
- Leveraging case-management software
- Employing forensic toolkits
- Imaging digital media
- Hiding and discovering potential evidence
- Applying steganography techniques
- Manipulating alternate data streams
- Discovering information in mangled files
- Conducting e-mail investigations
- Reconstructing browser and Web server activity
- Establishing covert surveillance with key stroke loggers and remote access
- Configuring tools to detect a rootkit
Course Content
- Responding to incidents
- Applying forensic analysis skills
- Distinguishing between unpermitted corporate and criminal activity
- Communicating with site personnel
- Knowing your organisation's policies
- Minimising impact on your organisation
- Performing incident analysis
- Restoring systems
- Capturing volatile information
- Chain of custody and process integrity
- Advantages of the forensics analysis team
- Securing and documenting the scene
- Processing and logging evidence
- Acquiring a bit-stream image
- Enabling a write blocker
- Establishing a baseline
- Physically protecting the media
- Disc geometry components
- Inspecting Windows file system architectures
- Locating and restoring deleted content
- Scanning and evaluating alternate data streams
- Executing code from a stream
- Steganography tools and concepts
- Detecting steganography
- Scavenging slack space
- Combining files
- Binding multiple executable files
- File time analysis
- Interpreting e-mail headers
- Recovering deleted e-mails
- Detecting spoofed e-mail
- Verifying e-mail routing
- Exploring temporary Internet files
- Researching cookie storage
- Reconstructing cleared browser history
- Tracking user activity
- Uncovering unauthorised usage
- Identifying user and kernel memory
- Inspecting threads
- Discovering rogue DLLs and drivers
- Evaluating processes with Windows Management Instrumentation (WMI)
- Walking dependency trees
- Investigating the process table
- Discovering evidence in the Registry
- Deploying and detecting a rootkit
- Logging key strokes
- Observing real-time remote desktops
- Monitoring Internet access
|
Windows is a registered trademark of Microsoft Corporation.
|
|
|
|
|
| |
| Customer Service or Enrol: 0800 282 353 or +44 1372 364610 |
|
|
Print Friendly
E-mail a Colleague
Course PDF
Course FAQ
Home
