Course Description

This is one of the most popular courses in the industry today. Designed for the corporate
environment, this course provides extensive hands on training in the following subjects:

  • Where to Look in the Windows Registry
  • Audit Logs and Files
  • Viewing Your Systems Cache, Index and Host Files MRUs
  • Expression Searches for Critical Information, such as:
    • Credit Card Numbers
    • Phone Numbers
    • IP Addresses
    • Social Security Numbers
  • On-Site Acquisition of Critical System Files (Forensics Audit)
  • Introduction to Network Forensics
  • Recovery of Volatile System Information: Creating Batch Files to Acquire
    Critical and Time-Sensitive System Information
  • Anti-Forensics: How Users Cover Their Tracks, including topics in:
    • Hiding Files in Slack Space
    • Compression Strings
    • Host Files
    • Matching File Headers
    • Alternate Data Streams
    • Index Files
    • Secure Erasing of Data Files
    • Secure Erasing of Slack Space
    • MRUs
    • Cookies
    • Modifying File Time Stamp Information
    • Metadata
    • Detecting Hidden Drives
    • INFO2 File
  • Tracing E-Mail Headers
  • Rainbow Tables for Password Recovery
  • Identifying a Compromised System
  • Introduction to Open Source Forensics Tools
  • Introduction to Linux Forensics
  • Introduction to Copy Machine Forensics
  • Introduction to Printer Forensics
  • Securing a Crime Scene and Interfacing with Law Enforcement

 

This course includes extensive lecture and  laboratory training sessions and provides each student with case image files for continued practice.  This course uses the Access Data FTK forensic recovery and analysis software along with other open source tools and techniques. Successful completion of each training session provides the student with a Certificate of Completion. This training program adheres to the IIAS 4000 series standards (International Industry & Academic Alliance) standards for Computer Forensics educational programs. (www.cybefdefenseeducation.info)

 

Training includes:

  • Five days of intense instructor-led instruction
  • Training Manual
  • Lab and Exercise Manual
  • Hands on Training
  • Case image files for analysis
  • Certificate of Completion
  • 1Classroom snacks and lunch are offered each day

 

Prerequisites: Successfully completion of Corporate Computer Forensics I or equivalent experience.  This is a one week 40-hour course.