EC-Council Computer Hacking Forensics Investigator (CHFI) v10

Základní info

This course will provide participants the necessary skills to identify an intruders footprints and to properly gather the necessary evidence to prosecute in the court of law.

Who Should Attend

The CHFI course will benefit: Police and other laws enforcement personnel, Defense and Military personnel, e-Business Security professionals, Systems administrators, Legal professionals, Banking, Insurance and other professionals, Government agencies.

Prerequisite Courses Recommended

  • EC-Council Certified Ethical Hacker (CEH)

Next Course Recommendations

  • Certified Information Systems Security Professional (CISSP)

Course Objectives

Computer forensics enables the systematic and careful identification of evidence in computer related crime and abuse cases. This may range from tracing the tracks of a hacker through a client’s systems, to tracing the originator of defamatory emails, to recovering signs of fraud.

Agenda

  1. Computer Forensics and Investigations as a Profession
    1. Understanding Computer Forensics
    2. Comparing Definitions of Computer Forensics
    3. Exploring a Brief History of Computer Forensics
    4. Developing Computer Forensics Resources
    5. Preparing for Computing Investigations
    6. Understanding Enforcement Agency Investigations
    7. Understanding Corporate Investigations
    8. Maintaining Professional Conduct
  2. Understanding Computer Investigations
    1. Preparing a Computer Investigation
    2. Examining a Computer Crime
    3. Examining a Company-Policy Violation
    4. Taking a Systematic Approach
    5. Assessing the Case
    6. Planning Your Investigation
    7. Securing Your Evidence
    8. Understanding Data-Recovery Workstations and Software
    9. Setting Up Your Workstation for Computer Forensics
    10. Executing an Investigation
    11. Gathering the Evidence
    12. Copying the Evidence Disk
    13. Analyzing Your Digital Evidence
    14. Completing the Case
    15. Critiquing the Case
  3. Working with Windows and DOS Systems
    1. Understanding File Systems
    2. Understanding the Boot Sequence
    3. Examining Registry Data
    4. Disk Drive Overview
    5. Exploring Microsoft File Structures
    6. Disk Partition Concerns
    7. Boot Partition Concerns
    8. Examining FAT Disks
    9. Examining NTFS Disks
    10. NTFS System Files
    11. NTFS Attributes
    12. NTFS Data Streams
    13. NTFS Compressed Files
    14. NTFS Encrypted File Systems (EFS)
    15. EFS Recovery Key Agent
    16. Deleting NTFS Files
    17. Understanding Microsoft Boot Tasks
    18. Windows XP, 2000, and NT Startup
    19. Windows XP System Files
    20. Understanding MS-DOS Startup Tasks
    21. Other DOS Operating Systems
  4. Macintosh and Linux Boot Processes and Disk Structures
    1. Understanding the Macintosh File Structure
    2. Understanding Volumes
    3. Exploring Macintosh Boot Tasks
    4. Examining UNIX and Linux Disk Structures
    5. UNIX and Linux Overview
    6. Understanding modes
    7. Understanding UNIX and Linux Boot Processes
    8. Understanding Linux Loader
    9. UNIX and Linux Drives and Partition Scheme
    10. Examining Compact Disc Data Structures
    11. Understanding Other Disk Structures
    12. Examining SCSI Disks
    13. Examining IDE/EIDE Devices
  5. The Investigators Office and Laboratory
    1. Understanding Forensic Lab Certification Requirements
    2. Identifying Duties of the Lab Manager and Staff
    3. Balancing Costs and Needs
    4. Acquiring Certification and Training
    5. Determining the Physical Layout of a Computer Forensics Lab
    6. Identifying Lab Security Needs
    7. Conducting High-Risk Investigations
    8. Considering Office Ergonomics
    9. Environmental Conditions
    10. Lighting
    11. Structural Design Considerations
    12. Electrical Needs
    13. Communications
    14. Fire-suppression Systems
    15. Evidence Lockers
    16. Facility Maintenance
    17. Physical Security Needs
    18. Auditing a Computer Forensics Lab
    19. Computer Forensics Lab Floor Plan Ideas
    20. Selecting a Basic Forensic Workstation
    21. Selecting Workstations for Police Labs
    22. Selecting Workstations for Private and Corporate Labs
    23. Stocking Hardware Peripherals
    24. Maintaining Operating Systems and Application Software Inventories
    25. Using a Disaster Recovery Plan
    26. Planning for Equipment Upgrades
    27. Using Laptop Forensic Workstations
    28. Building a Business Case for Developing a Forensics Lab
    29. Creating a Forensic Boot Floppy Disk
    30. Assembling the Tools for a Forensic Boot Floppy Disk
    31. Retrieving Evidence Data Using a Remote Network Connection
  6. Current Computer Forensics Tools
    1. Evaluating Your Computer Forensics Software Needs
    2. Using National Institute of Standards and Technology (NIST) Tools
    3. Using National Institute of Justice (NU) Methods
    4. Validating Computer Forensics Tools
    5. Using Command-Line Forensics Tools
    6. Exploring NTI Tools
    7. Exploring Ds2dump
    8. Reviewing DriveSpy
    9. Exploring PDBlock
    10. Exploring PDWipe
    11. Reviewing Image
    12. Exploring Part
    13. Exploring SnapBack DatArrest
    14. Exploring Byte Back
    15. Exploring MaresWare
    16. Exploring DIGS Mycroft v3
    17. Exploring Graphical User Interface (GUI) Forensics Tools
    18. Exploring AccessData Programs
    19. Exploring Guidance Software EnCase
    20. Exploring Ontrack
    21. Using BIAProtect
    22. Using LC Technologies Software
    23. Exploring WinHex Specialist Edition
    24. Exploring DIGS Analyzer Professional Forensic Software
    25. Exploring ProDiscover DFT
    26. Exploring DataLifter
    27. Exploring ASRData
    28. Exploring the Internet History Viewer
    29. Exploring Other Useful Computer Forensics Tools
    30. Exploring LTOOLS
    31. Exploring Mtools
    32. Exploring R-Tools
    33. Using Explore2fs
    34. Exploring @stake
    35. Exploring TCT and TCTUTILs
    36. Exploring ILook
    37. Exploring HashKeeper
    38. Using Graphic Viewers
    39. Exploring Hardware Tools
    40. Computing-Investigation Workstations
    41. Building Your Own Workstation
    42. Using a Write-blocker
    43. Using LC Technology International Hardware
    44. Forensic Computers
    45. DIGS
    46. Digital Intelligence
    47. Image MASSter Solo
    48. FastBloc
    49. Acard
    50. NoWrite
    51. Wiebe Tech Forensic DriveDock
    52. Recommendations for a Forensic Workstation
  7. Digital Evidence Controls
    1. Identifying Digital Evidence
    2. Understanding Evidence Rules
    3. Securing Digital Evidence at an Incident Scene
    4. Cataloging Digital Evidence
    5. Lab Evidence Considerations
    6. Processing and Handling Digital Evidence
    7. Storing Digital Evidence
    8. Evidence Retention and Media Storage Needs
    9. Documenting Evidence
    10. Obtaining a Digital Signature
  8. Processing Crime and Incident Scenes
    1. Processing Private-Sector Incident Scenes
    2. Processing Law Enforcement Crime Scenes
    3. Understanding Concepts and Terms Used in Warrants
    4. Preparing for a Search
    5. Identifying the Nature of the Case
    6. Identifying the Type of Computing System
    7. Determining Whether You Can Seize a Computer
    8. Obtaining a Detailed Description of the Location
    9. Determining Who Is in Charge
    10. Using Additional Technical Expertise
    11. Determining the Tools You Need
    12. Preparing the Investigation Team
    13. Securing a Computer Incident or Crime Scene
    14. Seizing Digital Evidence at the Scene
    15. Processing a Major Incident or Crime Scene
    16. Processing Data Centers with an Array of RAIDS
    17. Using a Technical Advisor at an Incident or Crime Scene
    18. Sample Civil Investigation
    19. Sample Criminal Investigation
    20. Collecting Digital Evidence
  9. Data Acquisition
    1. Determining the Best Acquisition Method
    2. Planning Data Recovery Contingencies
    3. Using MS-DOS Acquisition Tools
    4. Understanding How DriveSpy Accesses Sector Ranges
    5. Data Preservation Commands
    6. Using DriveSpy Data Manipulation Commands
    7. Using Windows Acquisition Tools
    8. AccessData FTK Explorer
    9. Acquiring Data on Linux Computers
    10. Using Other Forensics Acquisition Tools
    11. Exploring SnapBack DatArrest
    12. Exploring SafeBack
    13. Exploring EnCase
  10. Computer Forensic Analysis
    1. Understanding Computer Forensic Analysis
    2. Refining the Investigation Plan
    3. Using DriveSpy to Analyze Computer Data
    4. DriveSpy Command Switches
    5. DriveSpy Keyword Searching
    6. DriveSpy Scripts
    7. DriveSpy Data-Integrity Tools
    8. DriveSpy Residual Data Collection Tools
    9. Other Useful DriveSpy Command Tools
    10. Using Other Digital Intelligence Computer Forensics Tools
    11. Using PDBlock and PDWipe
    12. Using AccessDatas Forensic Toolkit
    13. Performing a Computer Forensic Analysis
    14. Setting Up Your Forensic Workstation
    15. Performing Forensic Analysis on Microsoft File Systems
    16. UNIX and Linux Forensic Analysis
    17. Macintosh Investigations
    18. Addressing Data Hiding Techniques
    19. Hiding Partitions
    20. Marking Bad Clusters
    21. Bit-Shifting
    22. Using Steganography
    23. Examining Encrypted Files
    24. Recovering Passwords
  11. E-mail Investigations
    1. Understanding Internet Fundamentals
    2. Understanding Internet Protocols
    3. Exploring the Roles of the Client and Server in E-mail
    4. Investigating E-mail Crimes and Violations
    5. Identifying E-mail Crimes and Violations
    6. Examining E-mail Messages
    7. Copying an E-mail Message
    8. Printing an E-mail Message
    9. Viewing E-mail Headers
    10. Examining an E-mail Header
    11. Examining Additional E-mail Files
    12. Tracing an E-mail Message
    13. Using Network Logs Related to E-mail
    14. Understanding E-mail Servers
    15. Examining UNIX E-mail Server Logs
    16. Examining Microsoft E-mail Server Logs
    17. Examining Novell GroupWise E-mail Logs
    18. Using Specialized E-mail Forensics Tools
  12. Recovering Image Files
    1. Recognizing an Image File
    2. Understanding Bitmap and Raster Images
    3. Understanding Vector Images
    4. Metafle Graphics
    5. Understanding Image File Formats
    6. Understanding Data Compression
    7. Reviewing Lossless and Lossy Compression
    8. Locating and Recovering Image Files
    9. Identifying Image File Fragments
    10. Repairing Damaged Headers
    11. Reconstructing File Fragments
    12. Identifying Unknown File Formats
    13. Analyzing Image File Headers
    14. Tools for Viewing Images
    15. Understanding Steganography in Image Files
    16. Using Steganalysis Tools
    17. Identifying Copyright Issues with Graphics
  13. Writing Investigation Reports
    1. Understanding the Importance of Reports
    2. Limiting the Report to Specifics
    3. Types of Reports
    4. Expressing an Opinion
    5. Designing the Layout and Presentation
    6. Litigation Support Reports versus Technical Reports
    7. Writing Clearly
    8. Providing Supporting Material
    9. Formatting Consistently
    10. Explaining Methods
    11. Data Collection
    12. Including Calculations
    13. Providing for Uncertainty and Error Analysis
    14. Explaining Results
    15. Discussing Results and Conclusions
    16. Providing References
    17. Including Appendices
    18. Providing Acknowledgments
    19. Formal Report Format
    20. Writing the Report
    21. Using FTK Demo Version
  14. Becoming an Expert Witness
    1. Comparing Technical and Scientific Testimony
    2. Preparing for Testimony
    3. Documenting and Preparing Evidence
    4. Keeping Consistent Work Habits
    5. Processing Evidence
    6. Serving as a Consulting Expert or an Expert Witness
    7. Creating and Maintaining Your CV
    8. Preparing Technical Definitions
    9. Testifying in Court
    10. Understanding the Trial Process
    11. Qualifying Your Testimony and Voir Dire
    12. Addressing Potential Problems
    13. Testifying in General
    14. Presenting Your Evidence
    15. Using Graphics in Your Testimony
    16. Helping Your Attorney
    17. Avoiding Testimony Problems
    18. Testifying During Direct Examination
    19. Using Graphics During Testimony
    20. Testifying During Cross-Examination
    21. Exercising Ethics When Testifying
    22. Understanding Prosecutorial Misconduct
    23. Preparing for a Deposition
    24. Guidelines for Testifying at a Deposition
    25. Recognizing Deposition Problems
    26. Public Release: Dealing with Reporters
    27. Forming an Expert Opinion
    28. Determining the Origin of a Floppy Disk
  15. Computer Security Incident Response Team
    1. Incident Response Team
    2. Incident Reporting Process
    3. Low-level incidents
    4. Mid-level incidents
    5. High-level incidents
    6. What is a Computer Security Incident Response Team (CSIRT)?
    7. Why would an organization need a CSIRT?
    8. What types of CSIRTs exist?
    9. Other Response Teams Acronyms
    10. What does a CSIRT do?
    11. What is Incident Handling?
    12. Need for CSIRT in Organizations
    13. Best Practices for Creating a CSIRT?
  16. Logfile Analysis
    1. Secure Audit Logging
    2. Audit Events
    3. Syslog
    4. Message File
    5. Setting Up Remote Logging
    6. Linux Process Tracking
    7. Windows Logging
    8. Remote Logging in Windows
    9. ntsyslog
    10. Application Logging
    11. Extended Logging
    12. Monitoring for Intrusion and Security Events
    13. Importance of Time Synchronization
    14. Passive Detection Methods
    15. Dump Event Log Tool (Dumpel.exe)
    16. EventCombMT
    17. Event Collection
    18. Scripting
    19. Event Collection Tools
    20. Forensic Tool: fwanalog
    21. Elements of an End-to-End Forensic Trace
    22. Log Analysis and Correlation
    23. TCPDump logs
    24. Intrusion Detection Log (RealSecure)
    25. Intrusion Detection Log (SNORT)
  17. Recovering Deleted Files
    1. The Windows Recycle Bin
    2. Digital evidence
    3. Recycle Hidden Folder
    4. How do I undelete a file?
    5. e2undel
    6. O&O UnErase
    7. Restorer2000
    8. BadCopy Pro
    9. File Scavenger
    10. Mycroft v3
    11. PC ParaChute
    12. Search and Recover
    13. Stellar Phoenix Ext2,Ext3
    14. Zero Assumption Digital Image Recovery
    15. FileSaver
    16. VirtualLab Data Recovery
    17. R-Linux
    18. Drive & Data Recovery
    19. Active@ UNERASER - DATA Recovery
  18. Application Password Crackers
    1. Advanced Office XP Password Recovery
    2. AOXPPR
    3. Accent Keyword Extractor
    4. Advanced PDF Password Recovery
    5. APDFPR
    6. Distributed Network Attack
    7. Windows XP / 2000 / NT Key
    8. Passware Kit
    9. How to Bypass BIOS Passwords
    10. BIOS Password Crackers
    11. Removing the CMOS Battery
    12. Default Password Database
  19. Investigating E-Mail Crimes
    1. E-mail Crimes
    2. Sending Fakemail
    3. Sending E-mail using Telnet
    4. Tracing an e-mail
    5. Mail Headers
    6. Reading Email Headers
    7. Tracing Back
    8. Tracing Back Web Based E-mail
    9. Microsoft Outlook Mail
    10. Pst File Location
    11. Tool: R-Mail
    12. Tool: FinaleMail
    13. Searching E-mail Addresses
    14. E-mail Search Site
    15. abuse.net
    16. Network Abuse Clearing House
    17. Handling Spam
    18. Protecting your E-mail Address from Spam
    19. Tool: Enkoder Form
    20. Tool: eMailTrackerPro
    21. Tool: SPAM Punisher
  20. Investigating Web Attacks
    1. How to Tell an Attack is in Progress
    2. What to Do When You Are Under Attack?
    3. Conducting the Investigation
    4. Attempted Break-in
    5. Step 1: Identifing the System(s)
    6. Step 2: Traffic between source and destination
    7. How to detect attacks on your server?
    8. Investigating Log Files
    9. IIS Logs
    10. Log file Codes
    11. Apache Logs
    12. Access_log
    13. Log Security
    14. Log File Information
    15. Simple Request
    16. Time/Date Field
    17. Mirrored Site Detection
    18. Mirrored Site in IIS Logs
    19. Vulnerability Scanning Detection
    20. Example of Attack in Log file
    21. Web Page Defacement
    22. Defacement using DNS Compromise
    23. Investigating DNS Poisoning
    24. Investigating FTP Servers
    25. Example of FTP Compromise
    26. FTP logs
    27. SQL Injection Attacks
    28. Investigating SQL Injection Attacks
    29. Web Based Password Brute Force Attack
    30. Investigating IP Address
    31. Tools for locating IP Address
    32. Investigating Dynamic IP Address
    33. Location of DHCP Server Logfile
  21. Investigating Network Traffic
    1. Network Intrusions and Attacks
    2. Direct vs. Distributed Attacks
    3. Automated Attacks
    4. Accidental Attacks
    5. Address Spoofing
    6. IP Spoofing
    7. ARP Spoofing
    8. DNS Spoofing
    9. Preventing IP Spoofing
    10. Preventing ARP Spoofing
    11. Preventing DNS Spoofing
    12. VisualZone
    13. DShield
    14. Forensic Tools for Network Investigations
    15. TCPDump
    16. Ethereal
    17. NetAnalyst
    18. Ettercap
    19. Ethereal
  22. Investigating Router Attacks
    1. DoS Attacks
    2. Investigating DoS Attacks
    3. Investigating Router Attacks
  23. The Computer Forensics Process
    1. Evidence Seizure Methodology
    2. Before the Investigation
    3. Document Everything
    4. Confiscation of Computer Equipment
  24. Data Duplication
    1. Tool: R-Drive Image
    2. Tool: DriveLook
    3. Tool: DiskExplorer for NTFS
  25. Windows Forensics
    1. Gathering Evidence in Windows
    2. Collecting Data from Memory
    3. Collecting Evidence
    4. Memory Dump
    5. Manual Memory Dump (Windows 2000)
    6. Manual Memory Dump (Windows XP)
    7. PMDump
    8. Windows Registry
    9. Registry Data
    10. Regmon utility
    11. Forensic Tool: InCntrl5
    12. Backing Up of the entire Registry
    13. System State Backup
    14. Forensic Tool: Back4Win
    15. Forensic Tool: Registry Watch
    16. System Processes
    17. Process Monitors
    18. Default Processes in Windows NT, 2000, and XP
    19. Process-Monitoring Programs
    20. Process Explorer
    21. Look for Hidden Files
    22. Viewing Hidden Files in Windows
    23. NTFS Streams
    24. Detecting NTFS Streams
    25. Rootkits
    26. Detecting Rootkits
    27. Sigverif
    28. Detecting Trojans and Backdoors
    29. Removing Trojans and Backdoors
    30. Port Numbers Used by Trojans
    31. Examining the Windows Swap File
    32. Swap file as evidence
    33. Viewing the Contents of the Swap/Page File
    34. Recovering Evidence from the Web Browser
    35. Locating Browser History Evidence
    36. Forensic Tool: Cache Monitor
    37. Print Spooler Files
    38. Steganography
    39. Forensic Tool: StegDetect
  26. Linux Forensics
    1. Performing Memory Dump on Unix Systems
    2. Viewing Hidden Files
    3. Executing Process
    4. Create a Linux Forensic Toolkit
    5. Collect Volatile Data Prior to Forensic Duplication
    6. Executing a Trusted Shell
    7. Determining Who is logged on to the System
    8. Determining the Running Processes
    9. Detecting Loadable Kernel Module Rootkits
    10. LKM
    11. Open Ports and Listening Applications
    12. /proc file system
    13. Log Files
    14. Configuration Files
    15. Low Level Analysis
    16. Log Messages
    17. Running syslogd
    18. Investigating User Accounts
    19. Collecting an Evidential Image
    20. File Auditing Tools
  27. Investigating PDA
    1. Parabens PDA Seizure
    2. Enforcement Law and Prosecution
    3. Freedom of Information Act
    4. Reporting Security Breaches to Law Enforcement
    5. National Infrastructure Protection Center
    6. Federal Computer Crimes and Laws
    7. Federal Laws
    8. The USA Patriot Act of 2001
    9. Building the Cybercrime Case
    10. How the FBI Investigates Computer Crime
    11. Cyber Crime Investigations
    12. Computer-facilitated crime
    13. FBI
    14. Federal Statutes
    15. Local laws
    16. Federal Investigative Guidelines
    17. Gather Proprietary Information
    18. Contact law enforcement
    19. To initiate an investigation
  28. Investigating Trademark and Copyright Infringement
    1. Trademarks
    2. Trademark Eligibility
    3. What is a service mark?
    4. What is trade dress?
    5. Internet domain name
    6. Trademark Infringement
    7. Conducting a Trademark Search
    8. Using Internet to Search for Trademarks
    9. Hiring a professional firm to conduct my trademark search
    10. Trademark Registrations
    11. Benefits of Trademark Registration
    12. Copyright
    13. How long does a copyright last?
    14. Copyright Notice
    15. Copyright Fair Use Doctrine
    16. U.S. Copyright Office
    17. How are copyrights enforced?
    18. SCO vs IBM
    19. What is Plagiarism?
    20. Turnitin
    21. Plagiarism Detection Tools

EC-Council Computer Hacking Forensics Investigator (CHFI) v10

Vybraný termín:

 Praha

Cena

Kontaktovat dodavatele


Kontrola proti spamu. Kolik je pět a dvě ? Součet zapište číslicemi.