Training Courses

FOR200: Investigative Techniques - Forensics for Auditors and Info Security Professionals

CPE credits:  7.5

Description: This course will provide the attendee with the initial foundation of computer forensics/incident response techniques. This course is a "hands-on" training lab and lab exercises will simulate host and/or network intrusions utilizing forensically sound techniques to gather and analyze digital evidence. During this course, various forensic tools will be utilized to ensure the integrity of the collected data and the proper analysis of the evidence. Upon completion of this course, attendees will have a thorough understanding of the depth of responding to an incident that involves digital information, as well as hands-on experience utilizing forensic tools.

Audience: This seminar is intended for internal and external audit professionals, InfoSec professionals, law enforcement personnel, General Counsels, Chief Security Officers, Controllers, Human Resource managers, and anyone interested in obtaining a better understanding of forensic tools and techniques.

Prerequisites: It is highly recommended that professionals interested in attending this seminar, complete FOR100 (Fundamental Forensics for Auditors and Info Security Professionals), prior to enrolling in FOR200.

Objectives: After completing this seminar, participants will have been exposed to:

• Pre-Incident Preparation
• Identifying, establishing and maintaining a physical "chain of custody"
• Gathering of all pertinent "Live" information:
  — Volatile Data
  — Photos
  — Physical Media
  — Log Files
• Forensic Acquisition of physical media
• Forensic Toolkits and Methodologies
• Sound forensic analysis of the collected information
• Report Writing
  — Communicating findings to non-technical audiences

Course Outline: 

Incident Response and Digital Forensics Defined

Addresses the differences between incident response and digital forensics 

Forensic Toolkits/Methodologies

Discusses the different tools used during host-based and network forensic investigations.  We will cover the various toolkits and conduct a mock response to an incident.

• Host/Server
  • Encase
  • FTK
  • STD Knoppix
  • Helix
• Network
  • Network Forensics - SilentRunner
  • Ethereal
  • Iris

Evidence Handling

Focuses on one of the primary issues that must be addressed during a forensic examination, the proper handling of evidence during the entire life cycle of an investigation. 

• Chain of Custody
• Data Acquisition
• Live Response

Report Writing

Discusses the correct and unbiased presentation of the facts must be completed with a solid methodology that utilizes strong analytics skills and concise report writing.

• Forensic Analysis
• Time-Event Charting
• Link-Analysis

Summary

Seminar Leader: Jarrett Kolthoff, CISSP

In leading this intensive seminar, Mr. Kolthoff, Managing Partner at SpearTip Technologies (www.speartip.net) will draw upon his extensive experience as a former U.S. Counterintelligence Agent and his present assignment, as an independent computer forensic examiner.

Back to training courses.

ABOUT US | SERVICES | PUBLISHED WORKS | LINKS & RESOURCES | CONTACT
Copyright © 2007+ Business Automation Consultants, LLC. All rights reserved.

IT Management Consulting, Training Services, and Audit & Security Reviews Since 1984

Services

• Cyber Forensics
  
• Training Courses
  
• Client Testimonials
  
• Case Studies