Training Courses

WIN100 Conducting Cyber Forensic Investigations under Windows Vista

CPE 3.0 (NOTE - This seminar is designed for a 1/2 day or less presentation.)

Description

Today's digital world is both exciting and at times overwhelming. Although the tools for managing digital information have grown in capability and richness, they still require an investment in time to determine what effect these tools will have on existing core business activities.

Windows Vista first introduce in 2007, aims to increase the level of communication between machines on a home network, using peer-to-peer technology to simplify sharing files and digital media between computers and devices, and to help ensure that company PCs are more secure and reliable. New with Vista, is BitLocker, an innovative drive encryption technology, which when enabled, automatically encrypts all files on a personal computer’s hard disk drive, to prevent information from being read by others if a computer is lost, stolen or sold.

This session will address what impact Microsoft's new operating system, Vista, and its new encryption utility, BitLocker, will have on computer forensics investigations.

Audience

This seminar is intended for internal and external audit professionals, General Counsels, Chief Security Officers, Controllers, InfoSec professionals, anyone interested in obtaining a better understanding of and general introduction to the impact which Vista may have on conducting successful cyber forensic investigations.

Prerequisites

Attendees should possess a basic understanding of information technology concepts. Learning level – basic. No advanced preparation is required for this seminar.

Learning Outcomes

After completing this seminar, participants will be able to:

Identify the various Vista versions and the specific features of each version.
Pinpoint computer security risks and remedies associated with the Vista operating system with respect to forensic investigations.
Determine necessary modifications of an incident response plan resulting from Vista’s treatment of forensically important files
Reassess priorities in a cyber forensic investigation.
Develop policies for the preservation of computer evidence under this new IT operating environment.
Implement solid computer forensics processing methods and procedures which work within the boundaries and limitations presented by Vista
Develop the documentation of computer forensics findings for executive management review.
Coordinate Forensic Pre-Incident Preparation.
Identify volatile data, photos, physical media, and log files through Vista
Determine procedures necessary to conduct sound forensic analysis of the collected information.

Course Outline:

File structure changes

BitLocker issues affecting search and seizure

Considerations for changes to incident response procedures

Can a BitLockered drive be imaged?

Vista enhancements to Thumbs.db

Diving into the Recycle bin

Internet Explorer feature—clearing all evidence with one click

Disk clean up utility

Event logs and the .evtx file format

Restore points

Previous versions and Shadow copies

Vista and The registry

Prefetch under Vista

Back to training courses.

IT Management Consulting, Training Services, and Audit & Security Reviews Since 1984