How to detect the crime, track the criminal, and assemble the evidence.
Finally, a tactical Forensics class that provides everything you need to know to be a Qualified/ Forensic Expert with an online exam at the end of the course with a 90 day practical to validate & prove your forensic skills. Learn everything relating to computer forensics & digital forensics rights. From how to establish a proper chain of custody that is admissible in a court of law to recovering files from intentionally damaged media.
Cyber crime is out performing traditional crime. Qualified/ Forensics Experts are needed by today's companies to determine the root cause of a hacker attack, collect evidence legally admissible in court, and protect corporate assets and reputation.
High-profile cases of corporate malfeasance have elevated electronic evidence discovery as indispensable to your company. A recent law review claims: A lawyer or legal team without a Forensic Expert on their case is sure to lose in today's courtroom!
Learn more about SU's Federation of Q/FE's Qualified/ Forensic Experts & Examiners
Discover the root of how computer crimes are committed.
Learn how to find traces of illegal or illicit activities left on disk with forensics tools and manual techniques.
Learn how to recover data intentionally destroyed or hidden.
How to recover encrypted data.
Steps to collect evidence from hard drives and live systems.
How to recover data from digital cameras and cell phones.
You will create an effective computer crime policy, and gain the hands on skills to implement it.
|Contact Hours:||42 hr Lecture 30 hr labs|
|Prerequisites:||Understanding of TCP/IP Protocols|
|Credits:||72 CPE / 3 CEU|
|Method of Delivery:||Residential (100% face-to-face) or Hybrid|
|Method of Evaluation:||95 % attendance 2. 100 % completion of Lab|
|Grading:||Pass = Attendance+ labs & quizzes Fail > 95% Attendance|
Sample Job Titles:
Computer Crime Investigator
Incident Response Analyst
Incident Response Coordinator
Computer Forensic Analyst
Computer Network Defense Forensic Analyst
Digital Forensic Examiner
Digital Media Collector
Forensic Analyst (Cryptologic)
Network Forensic Examiner
This 72 hour accelerated class is taught using face to face modality or hybrid modality. Class includes 72 hours of contact studies, labs, reading assignments and final exam - passing the final exam is a requirement for graduation.
Text Materials: labs, QFE Investigation Materials, resource CD’s and threat vector and investigation attack handouts. Machines a Dual Core 4M Ram, 350 Gig drives, running MS OS, linux, and VMWare Workstation
Whois, Google Hacking, Nslookup, Sam Spade, Traceroute, NMap, HTTrack, Superscan, Nessus, PSTool, Nbtstat, Solarwinds, Netcat, John the ripper, Nikto/Wikto, Web Scarab, HTTP Tunnel (hts.exe), LCP , Cain and Abel, Ettercap system hacking, John the Ripper Wireshark sniffers, TCP dump, D sniff, tcpdump, Metasploit, ISS exploit, web app,Core Impact, Snort, Infostego, Etherape, Firefox with plugins (Hackbar, XSSme...), ebgoat, X Wget, Cyrpto tool, 'Curl', Access Data,
Who Should Attend: Information Security Officers, Information Systems Managers, Telecommunications and Network Administrators, Consultants, Systems and Data Security Analysts, and others concerned with enhanced information security.
- Students will be able to describe potential system attacks and the actors that might perform them.
- Students will be able to describe cyber defense tools, methods and components.
- Students will be able to apply cyber defense methods to prepare a system to repel attacks.
- Students will be able to describe appropriate measures to be taken should a system compromise occur.
- The basics of computer forensics
- Proven investigative strategies
- Tracking an offender on the Internet and intranets
- Tips and techniques for incident response
- Proper handling of evidence
- Working with law enforcement
Lesson Plan: 20 hrs lecture/ 20 hrs labs
Lesson Plan 1
Intro to Computer Crimes
If you don’t know exactly what computer crime is, you can’t effectively protect your organization. Knowledge and understanding
2 hr Lecture 1 hr labs
Detecting Computer Crime
• Factors affecting detection
• Intrusion indicators
• Detection Methods
• Digital Forensics defined
• Data Hiding
• Text Searching
2 hr Lecture 2 hr labs
Setting Up a Forensics Group
A crucial part of any computer crime prevention
strategy is deciding who’s going to be responsible…
and how they’re going to achieve their goals.
• Staffing recommendations
• Establishing policies
• Providing the right training
• Time-proven best practices
• Sample policies and reports
Lesson Plan 2
4 hr Lecture 5 hr labs
When a criminal strikes, the right incident response strategy
and investigative tactics can spell the difference between
a business writE-off and a civil judgment or criminal conviction.
• Investigating Computer Crimes and Incidents
• Objectives/basics of investigations
• Scoping the investigation
• Classifying the investigation
• Determining how the crime was committed
• Discerning which questions you are trying to answer
• Data capture, discovery, and recovery
• Analyzing evidence
• Following accepted forensics protocols
• Organizing the investigation
• Investigative challenges
• Performing the investigation
• Civil litigation and restitution
• Criminal prosecution: dealing with suspects
• Planning for an incident before it occurs
• Recommended response team members
• Determining the ROI of an investigation
• Developing a computer incident flow chart
Lesson Plan 3
3 hr Lecture 3 hr lab
Advanced Computer Forensics
An advanced look at computer crime evidence and
the best methods for retrieving it.
• Types of forensics — field vs. lab
• Forensics basics — Acquire, Authenticate, Analyze
• Acquiring legally sufficient evidence
• Authenticating the evidence
• Analyzing the evidence
• Windows and UNIX/Linux forensics
• Hardware and software recommendations
Tracking an Offender
If you can’t locate the offender — and, even more
important, the offending computer — you’re back
to square one. Tips, tools, and techniques for locating
the offending computer on the network,
on an intranet, and the Internet.
• Determining civil, criminal, and internal “proof”
• Processing a scene that includes digital evidence
• Proper seizure techniques
Lesson Plan 4
3 hr Lecture 6 hr labs
Digital Forensics Tools (Hands-On Labs)
• Misc. Software tools
• Traveling computer forensics kit
• Secure forensics laboratory
• EnCase demo
• Access data demo
• Diskscrub from NTI,
• SMART image program
• Nature of the media
• Quick preview of content
• Image acquisition
Lesson Plan 5
2 hr Lecture 2 hr labs
Proper Evidence Handling
Once you’ve decided to devote time and manpower
to investigating an incident, you’ll want to ensure the
evidence you collect is viable for civil, criminal, or
• Processing the evidence
• Maintaining chain of custody
• The role of image backups
2 hr Lecture 1 hr labs
• Rules of evidence
• Legal recovery
• Types/classification of evidence
• Analyzing computer evidence
• Chain of custody and evidence life cycle
• Search and seizure
• Pulling the plug
• Removing the hardware
• Hardware check
• On-site backup
• On-site searches
• Executing search and seizure
1 hr Lecture 0 hr lab
Working with Law Enforcement
A good working relationship with law enforcement
is an important part of every corporate computer
How to work with law enforcement — before and
after the crime — to achieve optimal results.
• Omnibus Act
• Privacy Protection Act and Electronic Communications
• Fourth Amendment
• Privacy and other laws
• Search warrants
• What law enforcement can do to help
• When, how, and why to contact law enforcement
• Pertinent laws and rules of evidence
• Statement of damages — actual and projected
• Jurisdictional issues
Hands-On Class Exercises
• Analysis of operating systems, hard drives, and PDAs
• Locating, handling, and processing digital evidence
• Important case studies
• Tools and sources for updated learning