CPE Credits: 7.5
Description: This course will provide the attendee with the initial foundation of computer forensics/incident response techniques. This course is a "hands-on" training lab and lab exercises will simulate host and/or network intrusions utilizing forensically sound techniques to gather and analyze digital evidence. During this course, various forensic tools will be utilized to ensure the integrity of the collected data and the proper analysis of the evidence. Upon completion of this course, attendees will have a thorough understanding of the depth of responding to an incident that involves digital information, as well as hands-on experience utilizing forensic tools.
Audience: This seminar is intended for internal and external audit professionals, InfoSec professionals, law enforcement personnel, General Counsels, Chief Security Officers, Controllers, Human Resource managers, and anyone interested in obtaining a better understanding of forensic tools and techniques.
Prerequisites: It is highly recommended that professionals interested in attending this seminar, complete FOR100 (Fundamental Forensics for Auditors and Info Security Professionals), prior to enrolling in FOR200.
Objectives:
After completing this seminar, participants will have been exposed to:
- Pre-Incident Preparation
- Identifying, establishing and maintaining a physical "chain of custody"
- Gathering of all pertinent "Live" information:
— Volatile Data
— Photos
— Physical Media
— Log Files - Forensic Acquisition of physical media
- Forensic Toolkits and Methodologies
- Sound forensic analysis of the collected information
- Report Writing
— Communicating findings to non-technical audiences
Course Outline:
Incident Response and Digital Forensics Defined
Addresses the differences between incident response and digital forensics
Forensic Toolkits/Methodologies
Discusses the different tools used during host-based and network forensic investigations. We will cover the various toolkits and conduct a mock response to an incident.
- Host/Server
- Encase
- FTK
- STD Knoppix
- Helix
- Network
- Network Forensics - SilentRunner
- Ethereal
- Iris
Evidence Handling
Focuses on one of the primary issues that must be addressed during a forensic examination, the proper handling of evidence during the entire life cycle of an investigation.
- Chain of Custody
- Data Acquisition
- Live Response
Report Writing
Discusses the correct and unbiased presentation of the facts must be completed with a solid methodology that utilizes strong analytics skills and concise report writing.
- Forensic Analysis
- Time-Event Charting
- Link-Analysis
Summary
Seminar Leader: Jarrett Kolthoff, CISSP
In leading this intensive seminar, Mr. Kolthoff, Managing Partner at SpearTip Technologies (
www.speartip.net) will draw upon his extensive experience as a former U.S. Counterintelligence Agent and his present assignment, as an independent computer forensic examiner.