All 5 modules | 1.17 gb
Electronic records such as computer network logs, e-mails, word processing files, and “.jpg” picture files increasingly provide the government and corporations with important (and sometimes essential) evidence in criminal and civil cases.
One of the purposes of this course is to provide law enforcement agents and corporate security personnel with systematic guidance that can help them understand some of the issues that arise when they seek electronic evidence in criminal and civil investigations.
Our reputation speaks for itself! See what others are saying… Testimonials
Package Includes:
* 3 DVD-ROMs featuring live instructor-led classroom sessions with full audio, video and demonstration components
* Printable courseware
* Exclusive LearningZone Live Mentor (Value at $295) Click for Details
Help Whenever you need it! Exclusive LearningZone – Chat Live with our Certified Instructors anytime around the clock (7×24)
* Focused on practical solutions to real-world development problems
* Free 1 Year Upgrade Policy
* Certificate of Completion
Module 1 – Computer Forensic Investigative Theory
- History of Digital Forensics
- Digital Evidence
- Three Main Aspects to Digital Evidence Reconstruction
- “Attack” Guidelines for the Recovery of Digital Data
- Classification
- Reconstruction
- Demo – TimeStomping
- Behavioral evidence analysis (BEA)
- Equivocal forensic analysis (EFA)
- Victimology
- Demo – Following the Clues from an Email Header
- Important Questions Regarding the Victim’s Cybertrail
- Module 1 Review
Module 2 – Computer Forensic Laboratory Protocols
- Overview
- QA
- SOP
- Notes
- Reports
- Peer Review
- Admin Review
- Annual Review
- Deviation
- Lab Intake
- Tracking
- Storage
- Discovery
- Module 2 Review
Module 3 – Computer Forensic Processing Techniques
- Goal of Digital Evidence Processing
- Demo – Logical Review with FTK
- Duplication
- Documenting and Identifying
- Disassembling the Device
- Disconnecting the Device
- Document the Boot Sequence
- Removing and Attaching the Storage Device to Duplicated System
- Circumstances Preventing the Removal of Storage Devices
- Write Protection via Hardware/Software
- Geometry of a Storage Device
- Host Protected Area (HPA)
- Tools for Duplicating Evidence to Examiner’s Storage Device
- EnCase for Windows Acquisition Tool
- Demo – Hashing and Duplicating a Drive
- Preparing Duplication for Evidence Examination
- Recording the Logical Drive Structure
- Using “Sandra” and “WinHex”
- File Allocation Tables
- Logical Processes
- Known Files
- Reference Lists
- Verify that File Headers Match Extensions
- Demo – Introduction to FTK
- “Regular Expressions”
- Demo – Using Regular Expressions
- File Signatures
- Demo – Hex Workshop Analysis of Graphic Files
- Module 3 Review
Module 4 – Crypto and Password Recovery
- Background
- Demo – Stegonography
- History
- Concepts 1
- Demo – Cracking a Windows Hashed Password
- Concepts 2
- File Protection
- Options 1
- Demo – Recovering Passwords from a Zip File
- Options 2
- Rainbow Tables
- Demo – Brute Force/Dictionary Cracks with Lophtcrack
- Demo – Password Cracking with Rainbow Tables
- Module 4 Review
Module 5 – Specialized Artifact Recovery
- Overview
- Exam Preparation Stage
- Windows File Date/Time Stamps
- File Signatures
- Image File Databases
- Demo – Thumbs.DB
- The Windows OS
- Windows Operating Environment
- Windows Registry
- Windows Registry Hives 1
- Demo – Registry Overview
- Windows Registry Hives 2
- Windows 98 Registry
- Windows NT/2000/XP Registry
- Windows Registry ID Numbers
- Windows Alternate Data Streams
- Demo – Alternate Data Streams
- Windows Unique ID Numbers
- Other ID’s
- Historical Files 1
- Demo – Real Index.dat
- Historical Files 2
- Demo – Review of Event Viewer
- Historical Files 3
- Demo – Historical Entries in the Registry
- Historical Files 4
- Windows Recycle Bin
- Demo – INFO Files
- Outlook E-Mail
- Outlook 2k/Workgroup E-Mail
- Outlook Express 4/5/6
- Web E-Mail
- Module 5 Review
Download
