Computer Forensics for the Security Practitioner

About This Training:

Accidental/intentional destruction of data, hardware failure or cyber attacks can happen at any time and you may be called upon to respond, investigate, document, handle, and escalate the analysis to a formal investigation. In this two day hands-on workshop, you'll consider when investigations are appropriate or warranted, and learn how and when to recover lost or deleted information from the Recycler Bin (Info2 file), Disk Directory/Master-File-Table and hard drive free space, and how to examine the operating system artifacts that connect the user to the actions taken on the computer (including event logs, SID info, link files, pre-fetch files, auto-complete files, email NK2 files, index files, external devices attached and much more).

The workshop will include a hands-on investigative scenarios and attendees will be provided with awareness, training and tools to locate and properly examine important user and operating system sources of information. This course material is often taught to law enforcement personnel.

This training is for the individual who will respond to actual or suspected cyber incidents involving sensitive data. It will outline the role of the system administrator or security practitioner in the investigation and prosecution of cyber crimes.

This training is a HOW To program on evidence preservation and computer forensics. It IS about the development of hand on knowledge for the system administrator or security practitioner.

What You Will Learn:

• Forensic processing
• Procedural guidelines for analysis of information
• To avoid common pitfalls in the investigative process
• To acquire a forensic image
• What is the chain of custody, and what does it mean to investigator within the first few hours/minutes of a known or suspected event?
• A basic understanding of disk structures
• Recovery of data from Recycler Bin (info2 file), Directory/Master-file-Table and Hard Drive unallocated space
• The tools and methods to examine operating system and application artifacts
• Examine link, pre-fetch and USB-store files to determine what external devices have been attached
• Examine Outlook NK2 and PST email artifacts and Outlook Express DBX and older MDX files

As part of the course you will receive the necessary shareware/freeware tools to conduct the required analysis.

Who Should Attend:

• System Administrators
• Security practitioners
• IT
• Data Center
• Data Storage
• Citizen Records Managers
• Chief Technology Officers and Staff
• Computer Security Officers and staff
• Program Managers
• Law Enforcement Community that are responsible for investigations involving computers and electronic devices
• Homeland Defense and First Responder Communities
• Legal Staff involved in technology and technology related cases
• Inspector General Staff