Learn: in:
» back to Search Results

Course rating of 0 Vendor rating of 5

This course will provide participants the necessary skills to identify an intruders footprints and to properly gather the necessary evidence to prosecute in the court of law.

Course Outline
Lesson 1: Computer Forensics and Investigations as a Profession

Understanding Computer Forensics
Comparing Definitions of Computer Forensics
Exploring a Brief History of Computer Forensics
Developing Computer Forensics Resources
Preparing for Computing Investigations
Understanding Enforcement Agency Investigations
Understanding Corporate Investigations
Maintaining Professional Conduct

Lesson 2: Understanding Computer Investigations

Preparing a Computer Investigation
Examining a Computer Crime
Examining a Company-Policy Violation
Taking a Systematic Approach
Assessing the Case
Planning Your Investigation
Securing Your Evidence
Understanding Data-Recovery Workstations and Software
Setting Up Your Workstation for Computer Forensics
Executing an Investigation
Gathering the Evidence
Copying the Evidence Disk
Analyzing Your Digital Evidence
Completing the Case
Critiquing the Case

Lesson 3: Working with Windows and DOS Systems

Understanding File Systems
Understanding the Boot Sequence
Examining Registry Data
Disk Drive Overview
Exploring Microsoft File Structures
Disk Partition Concerns
Boot Partition Concerns
Examining FAT Disks
Examining NTFS Disks
NTFS System Files
NTFS Attributes
NTFS Data Streams
NTFS Compressed Files
NTFS Encrypted File Systems (EFS)
EFS Recovery Key Agent
Deleting NTFS Files
Understanding Microsoft Boot Tasks
Windows XP, 2000, and NT Startup
Windows XP System Files
Understanding MS-DOS Startup Tasks
Other DOS Operating Systems

Lesson 4: Macintosh and Linux Boot Processes and Disk Structures

Understanding the Macintosh File Structure
Understanding Volumes
Exploring Macintosh Boot Tasks
Examining UNIX and Linux Disk Structures
UNIX and Linux Overview
Understanding modes
Understanding UNIX and Linux Boot Processes
Understanding Linux Loader
UNIX and Linux Drives and Partition Scheme
Examining Compact Disc Data Structures
Understanding Other Disk Structures
Examining SCSI Disks
Examining IDE/EIDE Devices

Lesson 5: The Investigators Office and Laboratory

Understanding Forensic Lab Certification Requirements
Identifying Duties of the Lab Manager and Staff
Balancing Costs and Needs
Acquiring Certification and Training
Determining the Physical Layout of a Computer Forensics Lab
Identifying Lab Security Needs
Conducting High-Risk Investigations
Considering Office Ergonomics
Environmental Conditions
Structural Design Considerations
Electrical Needs
Fire-suppression Systems
Evidence Lockers
Facility Maintenance
Physical Security Needs
Auditing a Computer Forensics Lab
Computer Forensics Lab Floor Plan Ideas
Selecting a Basic Forensic Workstation
Selecting Workstations for Police Labs
Selecting Workstations for Private and Corporate Labs
Stocking Hardware Peripherals
Maintaining Operating Systems and Application Software Inventories
Using a Disaster Recovery Plan
Planning for Equipment Upgrades
Using Laptop Forensic Workstations
Building a Business Case for Developing a Forensics Lab
Creating a Forensic Boot Floppy Disk
Assembling the Tools for a Forensic Boot Floppy Disk
Retrieving Evidence Data Using a Remote Network Connection

Lesson 6: Current Computer Forensics Tools

Evaluating Your Computer Forensics Software Needs
Using National Institute of Standards and Technology (NIST) Tools
Using National Institute of Justice (NU) Methods
Validating Computer Forensics Tools
Using Command-Line Forensics Tools
Exploring NTI Tools
Exploring Ds2dump
Reviewing DriveSpy
Exploring PDBlock
Exploring PDWipe
Reviewing Image
Exploring Part
Exploring SnapBack DatArrest
Exploring Byte Back
Exploring MaresWare
Exploring DIGS Mycroft v3
Exploring Graphical User Interface (GUI) Forensics Tools
Exploring AccessData Programs
Exploring Guidance Software EnCase
Exploring Ontrack
Using BIAProtect
Using LC Technologies Software
Exploring WinHex Specialist Edition
Exploring DIGS Analyzer Professional Forensic Software
Exploring ProDiscover DFT
Exploring DataLifter
Exploring ASRData
Exploring the Internet History Viewer
Exploring Other Useful Computer Forensics Tools
Exploring LTOOLS
Exploring Mtools
Exploring R-Tools
Using Explore2fs
Exploring @stake
Exploring TCT and TCTUTILs
Exploring ILook
Exploring HashKeeper
Using Graphic Viewers
Exploring Hardware Tools
Computing-Investigation Workstations
Building Your Own Workstation
Using a Write-blocker
Using LC Technology International Hardware
Forensic Computers
Digital Intelligence
Image MASSter Solo
Wiebe Tech Forensic DriveDock
Recommendations for a Forensic Workstation

Lesson 7: Digital Evidence Controls

Identifying Digital Evidence
Understanding Evidence Rules
Securing Digital Evidence at an Incident Scene
Cataloging Digital Evidence
Lab Evidence Considerations
Processing and Handling Digital Evidence
Storing Digital Evidence
Evidence Retention and Media Storage Needs
Documenting Evidence
Obtaining a Digital Signature

Lesson 8: Processing Crime and Incident Scenes

Processing Private-Sector Incident Scenes
Processing Law Enforcement Crime Scenes
Understanding Concepts and Terms Used in Warrants
Preparing for a Search
Identifying the Nature of the Case
Identifying the Type of Computing System
Determining Whether You Can Seize a Computer
Obtaining a Detailed Description of the Location
Determining Who Is in Charge
Using Additional Technical Expertise
Determining the Tools You Need
Preparing the Investigation Team
Securing a Computer Incident or Crime Scene
Seizing Digital Evidence at the Scene
Processing a Major Incident or Crime Scene
Processing Data Centers with an Array of RAIDS
Using a Technical Advisor at an Incident or Crime Scene
Sample Civil Investigation
Sample Criminal Investigation
Collecting Digital Evidence

Lesson 9: Data Acquisition

Determining the Best Acquisition Method
Planning Data Recovery Contingencies
Using MS-DOS Acquisition Tools
Understanding How DriveSpy Accesses Sector Ranges
Data Preservation Commands
Using DriveSpy Data Manipulation Commands
Using Windows Acquisition Tools
AccessData FTK Explorer
Acquiring Data on Linux Computers
Using Other Forensics Acquisition Tools
Exploring SnapBack DatArrest
Exploring SafeBack
Exploring EnCase

Lesson 10: Computer Forensic Analysis

Understanding Computer Forensic Analysis
Refining the Investigation Plan
Using DriveSpy to Analyze Computer Data
DriveSpy Command Switches
DriveSpy Keyword Searching
DriveSpy Scripts
DriveSpy Data-Integrity Tools
DriveSpy Residual Data Collection Tools
Other Useful DriveSpy Command Tools
Using Other Digital Intelligence Computer Forensics Tools
Using PDBlock and PDWipe
Using AccessDatas Forensic Toolkit
Performing a Computer Forensic Analysis
Setting Up Your Forensic Workstation
Performing Forensic Analysis on Microsoft File Systems
UNIX and Linux Forensic Analysis
Macintosh Investigations
Addressing Data Hiding Techniques
Hiding Partitions
Marking Bad Clusters
Using Steganography
Examining Encrypted Files
Recovering Passwords

Lesson 11: E-mail Investigations

Understanding Internet Fundamentals
Understanding Internet Protocols
Exploring the Roles of the Client and Server in E-mail
Investigating E-mail Crimes and Violations
Identifying E-mail Crimes and Violations
Examining E-mail Messages
Copying an E-mail Message
Printing an E-mail Message
Viewing E-mail Headers
Examining an E-mail Header
Examining Additional E-mail Files
Tracing an E-mail Message
Using Network Logs Related to E-mail
Understanding E-mail Servers
Examining UNIX E-mail Server Logs
Examining Microsoft E-mail Server Logs
Examining Novell GroupWise E-mail Logs
Using Specialized E-mail Forensics Tools

Lesson 12: Recovering Image Files

Recognizing an Image File
Understanding Bitmap and Raster Images
Understanding Vector Images
Metafle Graphics
Understanding Image File Formats
Understanding Data Compression
Reviewing Lossless and Lossy Compression
Locating and Recovering Image Files
Identifying Image File Fragments
Repairing Damaged Headers
Reconstructing File Fragments
Identifying Unknown File Formats
Analyzing Image File Headers
Tools for Viewing Images
Understanding Steganography in Image Files
Using Steganalysis Tools
Identifying Copyright Issues with Graphics

Lesson 13: Writing Investigation Reports

Understanding the Importance of Reports
Limiting the Report to Specifics
Types of Reports
Expressing an Opinion
Designing the Layout and Presentation
Litigation Support Reports versus Technical Reports
Writing Clearly
Providing Supporting Material
Formatting Consistently
Explaining Methods
Data Collection
Including Calculations
Providing for Uncertainty and Error Analysis
Explaining Results
Discussing Results and Conclusions
Providing References
Including Appendices
Providing Acknowledgments
Formal Report Format
Writing the Report
Using FTK Demo Version

Lesson 14: Becoming an Expert Witness

Comparing Technical and Scientific Testimony
Preparing for Testimony
Documenting and Preparing Evidence
Keeping Consistent Work Habits
Processing Evidence
Serving as a Consulting Expert or an Expert Witness
Creating and Maintaining Your CV
Preparing Technical Definitions
Testifying in Court
Understanding the Trial Process
Qualifying Your Testimony and Voir Dire
Addressing Potential Problems
Testifying in General
Presenting Your Evidence
Using Graphics in Your Testimony
Helping Your Attorney
Avoiding Testimony Problems
Testifying During Direct Examination
Using Graphics During Testimony
Testifying During Cross-Examination
Exercising Ethics When Testifying
Understanding Prosecutorial Misconduct
Preparing for a Deposition
Guidelines for Testifying at a Deposition
Recognizing Deposition Problems
Public Release: Dealing with Reporters
Forming an Expert Opinion
Determining the Origin of a Floppy Disk

Lesson 15: Computer Security Incident Response Team

Incident Response Team
Incident Reporting Process
Low-level incidents
Mid-level incidents
High-level incidents
What is a Computer Security Incident Response Team (CSIRT)?
Why would an organization need a CSIRT?
What types of CSIRTs exist?
Other Response Teams Acronyms
What does a CSIRT do?
What is Incident Handling?
Need for CSIRT in Organizations
Best Practices for Creating a CSIRT?

Lesson 16: Logfile Analysis

Secure Audit Logging
Audit Events
Message File
Setting Up Remote Logging
Linux Process Tracking
Windows Logging
Remote Logging in Windows
Application Logging
Extended Logging
Monitoring for Intrusion and Security Events
Importance of Time Synchronization
Passive Detection Methods
Dump Event Log Tool (Dumpel.exe)
Event Collection
Event Collection Tools
Forensic Tool: fwanalog
Elements of an End-to-End Forensic Trace
Log Analysis and Correlation
TCPDump logs
Intrusion Detection Log (RealSecure)
Intrusion Detection Log (SNORT)

Lesson 17: Recovering Deleted Files

The Windows Recycle Bin
Digital evidence
Recycle Hidden Folder
How do I undelete a file?
O&O UnErase
BadCopy Pro
File Scavenger
Mycroft v3
PC ParaChute
Search and Recover
Stellar Phoenix Ext2,Ext3
Zero Assumption Digital Image Recovery
VirtualLab Data Recovery
Drive & Data Recovery
Active@ UNERASER - DATA Recovery

Lesson 18: Application Password Crackers

Advanced Office XP Password Recovery
Accent Keyword Extractor
Advanced PDF Password Recovery
Distributed Network Attack
Windows XP / 2000 / NT Key
Passware Kit
How to Bypass BIOS Passwords
BIOS Password Crackers
Removing the CMOS Battery
Default Password Database

Lesson 19: Investigating E-Mail Crimes

E-mail Crimes
Sending Fakemail
Sending E-mail using Telnet
Tracing an e-mail
Mail Headers
Reading Email Headers
Tracing Back
Tracing Back Web Based E-mail
Microsoft Outlook Mail
Pst File Location
Tool: R-Mail
Tool: FinaleMail
Searching E-mail Addresses
E-mail Search Site
Network Abuse Clearing House
Handling Spam
Protecting your E-mail Address from Spam
Tool: Enkoder Form
Tool: eMailTrackerPro
Tool: SPAM Punisher

Lesson 20: Investigating Web Attacks

How to Tell an Attack is in Progress
What to Do When You Are Under Attack?
Conducting the Investigation
Attempted Break-in
Step 1: Identifing the System(s)
Step 2: Traffic between source and destination
How to detect attacks on your server?
Investigating Log Files
IIS Logs
Log file Codes
Apache Logs
Log Security
Log File Information
Simple Request
Time/Date Field
Mirrored Site Detection
Mirrored Site in IIS Logs
Vulnerability Scanning Detection
Example of Attack in Log file
Web Page Defacement
Defacement using DNS Compromise
Investigating DNS Poisoning
Investigating FTP Servers
Example of FTP Compromise
FTP logs
SQL Injection Attacks
Investigating SQL Injection Attacks
Web Based Password Brute Force Attack
Investigating IP Address
Tools for locating IP Address
Investigating Dynamic IP Address
Location of DHCP Server Logfile

Lesson 21: Investigating Network Traffic

Network Intrusions and Attacks
Direct vs. Distributed Attacks
Automated Attacks
Accidental Attacks
Address Spoofing
IP Spoofing
ARP Spoofing
DNS Spoofing
Preventing IP Spoofing
Preventing ARP Spoofing
Preventing DNS Spoofing
Forensic Tools for Network Investigations

Lesson 22: Investigating Router Attacks

DoS Attacks
Investigating DoS Attacks
Investigating Router Attacks

Lesson 23: The Computer Forensics Process

Evidence Seizure Methodology
Before the Investigation
Document Everything
Confiscation of Computer Equipment

Lesson 24: Data Duplication

Tool: R-Drive Image
Tool: DriveLook
Tool: DiskExplorer for NTFS

Lesson 25: Windows Forensics

Gathering Evidence in Windows
Collecting Data from Memory
Collecting Evidence
Memory Dump
Manual Memory Dump (Windows 2000)
Manual Memory Dump (Windows XP)
Windows Registry
Registry Data
Regmon utility
Forensic Tool: InCntrl5
Backing Up of the entire Registry
System State Backup
Forensic Tool: Back4Win
Forensic Tool: Registry Watch
System Processes
Process Monitors
Default Processes in Windows NT, 2000, and XP
Process-Monitoring Programs
Process Explorer
Look for Hidden Files
Viewing Hidden Files in Windows
NTFS Streams
Detecting NTFS Streams
Detecting Rootkits
Detecting Trojans and Backdoors
Removing Trojans and Backdoors
Port Numbers Used by Trojans
Examining the Windows Swap File
Swap file as evidence
Viewing the Contents of the Swap/Page File
Recovering Evidence from the Web Browser
Locating Browser History Evidence
Forensic Tool: Cache Monitor
Print Spooler Files
Forensic Tool: StegDetect

Lesson 26: Linux Forensics

Performing Memory Dump on Unix Systems
Viewing Hidden Files
Executing Process
Create a Linux Forensic Toolkit
Collect Volatile Data Prior to Forensic Duplication
Executing a Trusted Shell
Determining Who is logged on to the System
Determining the Running Processes
Detecting Loadable Kernel Module Rootkits
Open Ports and Listening Applications
/proc file system
Log Files
Configuration Files
Low Level Analysis
Log Messages
Running syslogd
Investigating User Accounts
Collecting an Evidential Image
File Auditing Tools

Lesson 27: Investigating PDA

Parabens PDA Seizure

Lesson 28: Enforcement Law and Prosecution

Freedom of Information Act
Reporting Security Breaches to Law Enforcement
National Infrastructure Protection Center
Federal Computer Crimes and Laws
Federal Laws
The USA Patriot Act of 2001
Building the Cybercrime Case
How the FBI Investigates Computer Crime
Cyber Crime Investigations
Computer-facilitated crime
Federal Statutes
Local laws
Federal Investigative Guidelines
Gather Proprietary Information
Contact law enforcement
To initiate an investigation

Lesson 29: Investigating Trademark and Copyright Infringement

Trademark Eligibility
What is a service mark?
What is trade dress?
Internet domain name
Trademark Infringement
Conducting a Trademark Search
Using Internet to Search for Trademarks
Hiring a professional firm to conduct my trademark search
Trademark Registrations
Benefits of Trademark Registration
How long does a copyright last?
Copyright Notice
Copyright Fair Use Doctrine
U.S. Copyright Office
How are copyrights enforced?
What is Plagiarism?
Plagiarism Detection Tools

Prerequisites & Certificates

Certificates offered

Cancellation Policy
Cancellations or postponements received more than ten business days prior to the first day of the course will be fully refunded less a $75 processing fee. The cost of the course is payable, in full, for any cancellations or postponements received within ten business days, or less, prior to the first day of the course.
Map & Reviews
Acend Corporate Learning
[ View Provider's Profile ]


This course has not yet been rated by one of our members.

If you have taken a course through this vendor please log into your account and leave feedback for this vendor. You will be helping ensure our members get directed to the best training facilities.

Here are some reviews of the training vendor.
The course content was excellent ... if there was things that weren't relevant you could skip and spend more time on things that you needed to learn. Training provider was excellent as her skill level was superb and her communication skills were superb.
Reviewed by 2015
This course should have dual screens
Reviewed by 2015
I was not able to finish the whole entire course. When creating course training please make sure that it fits the allotted time (beginning to the end). We had two breaks and Instructor did not allow us to listen to the course. I had maybe another 10 mins to finish the whole course, but the Instructor said that it was 4:30pm and it is Ok and we can go home. It is not Ok not to be able to finish the course..
Reviewed by 2014
Mentored training actually worked quite well for me. The instructor is there in the room all the time, available if needed. A lot of material for one day, but I did manage to complete it without feeling too rushed.
Reviewed by 2014
It is not possible to complete a beginner's course in one day. There is a lot of information to absorb. It is wonderful that one can re-sit a session within a limited time.
Reviewed by 2013
To bottom line my feelings about the course: Course -- helpful but this comment is made with reservations. Instructor -- excellent !
Reviewed by 2013
The course material was far too heavy for the duration of the course. The material needs to be reduced so that students do not feel rushed or pressured with time, or the duration of the class needs to be extended.
Reviewed by 2013
Overall, the course has been well handled by the Training Provider. But i would expect that, somehow, there is a time allotted in the afternoon for more visible and face to face interaction between the TP and the whole class. Others may be asking questions that may not have been thought of by other learners but may be helpful.
Reviewed by 2013
Very impressed and would highly recommend.
Reviewed by 2013
The trainer was excellent...easy to talk to and very helpful and informed.
Reviewed by 2013
This was a very good learning environment. I prefer having an instructor present in case I have questions but also be able to work at my own pace.
Reviewed by 2013
I could have used some more time to go through the exercises in the sharepoint database.
Reviewed by 2013
re Instructor assessment. ques. are N/A as it was independant mentored study. Flash based training module had 1 hiccup where ctrl-b key was captured by OS and I had to hunt for alt-b to complete the module. Class mentor was unaware of flaw. I felt that the design of the module would have prevented me from completing the section if I was unable to locate alternative keystroke. Worthwhile day.
Reviewed by 2012
Course is very good but not enough time to complete the exercises. Should be at least another 1.5 hours longer.
Reviewed by 2012
Using the self-teaching method made for a more relaxed working environment. As the instructor's assistance was on a one-on-one basis I was not hesitate to ask questions.
Reviewed by 2012
Would prefer an instructor led (classroom) style of training over a computer based course.
Reviewed by 2012
I would suggest that the course manual contain more visual material (e.g. screen shots) versus words. The course was very well. I did not think I would like the on line method of training but I did. I also liked the fact that I could work through my lunch to complete the course earlier. I had to catch the go train so it worked better for me.
Reviewed by 2012
Susan was an excellent instructor, and was very helpful with providing extra "tips" not covered within the course material.
Reviewed by 2012
I only realized after completing 2 units thoroughly that there is not enough time allotted for a lot practicing. I would tell students in advance that getting through the videos and practicing later in your own time is recommended.
Reviewed by 2012
Enjoyed the flexibility of the "Modern Classroom" style of learning where you can move at your own pace and focus on what you need most. You can even move to the next chapter if you need help and the instructor is busy. Definitely dress warmly as the classroom was really over air-conditioned!
Reviewed by 2012
I loved the Adobe InDesign course but as a new user I felt there was so much material to cover and I wanted to take my time getting familiar with the program and learning about everything. I think if the class had been 2 days instead of 1 it would have been perfect!
Reviewed by 2012
Manual provided was totally different then computer training. Expected more hands on training instead of just watching an instruction video.
Reviewed by 2012
Reviewed by 2012
The video - was not at all interactive - only concepts were presented. The manual completedly different from the video material. I have no objections to using different approaches but a course on any software must include interactive materials.
Reviewed by 2012
The course was set up in a way which was easy to follow. However, I thought there was a lot of information to take in the day. The instructor was very helpful and very knowledgeable.
Reviewed by 2012
The training provider, Melanie, was exceptional. She was very knowledgeable and sat with me personally for hands on training. I found the course to be long and difficult to complete in one day.
Reviewed by 2012
The amount of material was a little much (maybe an hour) to cover in the allotted time - but otherwise good.
Reviewed by 2011
The room was too cold for me. The Instructor was very helpful.
Reviewed by 2011
A co worker of mine, did not receive the certificate of completing the course. As well, I received a website to log to after the course for 30 days (The Online Support). Although the vendor ID number does not exisit. I have gone back to my contact at Last Minute Training, and haven't received any feedback from her. The course was good, the follow up, was the greatest service.
Reviewed by 2011
Would like to have access to the on-line training materials for this course for a period of time after course completion
Reviewed by 2011
Hi - the server crashed during my session and I would like to reschedule. Can someone contact me to do this?
Reviewed by 2011

This course currently does not have any dates scheduled. Please call 1-877-313-8881 to enquire about future dates or scheduling a private, in house course for your team.

This page has been viewed 459 times.