• Home
• About Us
• Locations
• Registration

Courses

• CISSP
• Security Expert Bootcamp
• Top Two - CISSP & CEH
• Certified Web Application Security Tester
• Certified Hacking Forensics Investigator
• Certified Ethical Hacker
• Enterprise Security
• Writing ISO & BS Security policies
• Security Awareness for Senior Managers
• Wireless CWNA
• Wireless CWSP

 

Course Description

Designed to train investigators on how to assemble the evidence and the correct procedures to employ when investigating computer crime and misuse. You will learn detailed, legally sound procedures and techniques for dealing with computer forensic investigation and intrusions. You will discover the different types of computer threats and crimes, and investigate computer crime prevention techniques. You'll also learn proper procedures for initial response, collection of evidence and continuity of custody. Using industry standard tools and techniques you will find out how to identify, investigate, capture, analyse, preserve and process evidence. You will perform forensic analysis of Internet history and Email using best of breed tools and applications. You'll learn the UK laws and previous judgements relating to computer misuse and e-crime. You will learn how to design corporate security policies to facilitate forensic evidence gathering and current best practice for incident resolution.

This course prepares you for the EC Council Computer Hacking Forensic Investigator (CHFI) Exam EC0 312-49 which may be taken at the end of the course

Here's what some of our recent students thought about the course...

"I found the Forensic Investigations & Response course provided by IT Security Training well structured and extremely informative. The course was presented in an open way giving others the opportunity to pitch in and share their own experiences. The presenter was very well researched in the course topic and also on broad general information security issues. I found the hands-on exercises conducted during the course useful and felt that by the end of the week we were well prepared to sit the certification exam. The course was presented in a vendor independent manner and was delivered very professionally. If you are interested in getting more involved in IT forensic investigations and have four days to spare, I would recommend attending the course." - Ryan Rubin, CISSP, CHFI

"I found the course very well prepared and with up to date practical references to the real world of forensics. The course was demanding but very rewarding as gaining skills and qualifications worth attaining should be. Most of all the presentation throughout the course was in an informal environment with great interactive discussions, which for me made the week an enjoyable but enlightening experience. The small class with good clear instruction allowed me to develop the basics of this complex subject during the week. Gaining the basics was my main objective and the bonus was passing the exam."
-Alan Austin CISSP, CHFI

Who should attend? This course will significantly benefit Security officers, Auditors, Security professionals, Information Security Officers, Information Systems Managers, Consultants, Systems and Data Security Analysts,  Site administrators, and anyone who wants to gain competence in Forensic analysis and incident response.

Prerequisites: A good knowledge of file systems, computer operations, DOS and Microsoft Windows

Delivery Method: Instructor-led, classroom-delivery with structured, hands-on activities.

Course Contents

Types of computer crimes What constitutes computer crimes Why you should be concerned about computer crime Reasons for forensics Civil, criminal and internal investigations Forensic ethical standards> Setting up a forensics team What are the issues to be considered Key roles and responsibilities What technical skills are required What training will be needed Incident response Planning before the incident occurs What you will need Who should be on your response team Step by step computer incident response procedure The Forensics Process Preparation Protection Imaging Examination Documentation Crime scene procedures Processing the crime scene Legal evidence acquisition Shutdown vs. pulling the plug Why it is important for a controlled boot when required Evidence handling procedures and issues Chain of custody Removal transportation and storage

Processing and Evidence recovery Types of evidence Scope of the forensics examination Forensic examination procedures. Preparing and verifying forensically sterile examination media Preservation of the original media Creating a boot disk Imaging the original media Proving data integrity with Checksums and Hashing File Systems Fat NTFS Forensic examination Forensic tools Issues to be considered in selecting tools Finding and documenting normal data or graphical files Typical methods used to conceal data Locating data in unallocated space Examining the "slack" area of each file for lost or hidden data Swap file analysis Finding hidden data File type mismatches Password cracking techniques Temporary Files Internet Cache Files The various types of Email files Internet Cookies  Internet Sites Visited Documenting the process Incident reports Forensics reports Types of cases

Working with the Law Civil or criminal investigation UK Laws and rules of evidence Civil litigation and restitution> Business records and their status in law Recovery expenses Legal Issues Internal evidence gathering Network forensics Logfile analysis Dealing with a compromised system Avoiding logic bombs Monitoring suspicious behaviour Detecting an intrusion Tracing the attacker Forensic procedures Presenting the evidence The status of the expert witness The role of the expert witness> Expert witness testimony> Presentation of evidence Featured Tools Encase Forensic Toolkit Net Analysis Email Examiner WinHex TDS Ethereal BCwipe

Contact us now on +44 (0)8451305486

or email: enquiries@itsecuritytraining.com