Computer Forensics for the Security Practitioner

Accidental/intentional destruction of data, hardware failure or cyber attacks can happen at any time and you may be called upon to respond, investigate, document, handle, and escalate the analysis to a formal investigation. In this two day hands-on workshop, you'll consider when investigations are appropriate or warranted, and learn how and when to recover lost or deleted information from the Recycler Bin (Info2 file), Disk Directory/Master-File-Table and hard drive free space, and how to examine the operating system artifacts that connect the user to the actions taken on the computer (including event logs, SID info, link files, pre-fetch files, auto-complete files, email NK2 files, index files, external devices attached and much more). The workshop will include a hands-on investigative scenarios and attendees will be provided with awareness, training and tools to locate and properly examine important user and operating system sources of information. This course material is often taught to law enforcement personnel. This training is for the individual who will respond to actual or suspected cyber incidents involving sensitive data. It will outline the role of the system administrator or security practitioner in the investigation and prosecution of cyber crimes.