This 5 day instructor-led training class is presented by EC Council training partners to their end customers. Training partners in North America and the UK hire proven AMS Subject Matter Expert EC Council Certified Instructors to teach on-site and on-line classes.
This class will give students the necessary skills to identify an intruder’s footprints and to properly gather the necessary evidence to prosecute. Many of today’s top tools of the forensic trade will be taught during this class, including software, hardware and specialized techniques. The need for businesses to become more efficient and integrated with one another, as well as the home user, has given way to a new type of criminal, the “cyber-criminal.” It is no longer a matter of “will your organization be comprised (hacked)?” but, rather, “when?” Today’s battles between corporations, governments, and countries are no longer fought only in the typical arenas of boardrooms or battlefields using physical force. Now the battlefield starts in the technical realm, which ties into most every facet of modern day life. If you or your organization requires the knowledge or skills to identify, track, and prosecute the cybercriminal, then this is the class for you.
The CHFI is a very advanced security-training program. Proper preparation is required before conducting the CHFI class.
Class Audience:
• Forensic Investigators
• System Administrators
• e-Business Security professionals
• Programmers
• Students
• IT Security Professionals
• Government agencies
• IT managers
Class Objectives:
• The process of investigating cyber-crime, laws involved, and the details in obtaining a search warrant.
• Different types of digital evidence, rules of evidence, digital evidence examination process, and electronic crime and digital evidence consideration by crime category
• Roles of first responder, first responder toolkit, securing and evaluating electronic crime scene, conducting preliminary interviews, documenting electronic crime scene, collecting and preserving electronic evidence, packaging and transporting electronic evidence, reporting the crime scene
• How to recover deleted files and deleted partitions in Windows, Mac OS X, and Linux
• The process involved in forensic investigation using Access Data FTK and Encase Steganography and its techniques, Steganalysis, and image file forensics
• Password Cracking Concepts, tools, types of password attacks and how to investigate password protected file breach
• Different types of log capturing techniques, log management, time synchronization, log capturing tools
• How to investigate logs, network traffic, wireless attacks, and web attacks
• How to track e-mails and investigate e-mail crimes and many more.
Class Outline:
I. Module 01: Computer Forensics in Today’s World
1. Forensics Science
2. Computer Forensics
3. Forensics Readiness
4. Cyber Crime
5. Cost Expenditure Responding to the Security Incident
6. Cyber Crime Investigation
7. Corporate Investigations
8. Reporting a Cyber Crime
II. Module 02: Computer Forensics Investigation Process
1. Investigating Computer Crime
2. Evaluate and Secure the Scene
3. Collect the Evidence
4. Secure the Evidence
5. Acquire the Data
6. Analyze the Data
7. Assess Evidence and Case
8. Prepare the Final Report
9. Testifying as an Expert Witness
III. Module 03: Searching and Seizing Computers
1. Searching and Seizing Computers without a Warrant
2. Searching and Seizing Computers with a Warrant
3. The Electronic Communications Privacy Act
4. Electronic Surveillance in Communications Networks
5. Evidence
IV. Module 04: Digital Evidence
1. Digital Data
2. Types of Digital Data
3. Rules of Evidence
4. Electronic Devices: Types and Collecting Potential Evidence
5. Digital Evidence Examination Process
6. Electronic Crime and Digital Evidence Consideration by Crime Categor
V. Module 05: First Responder Procedures
1. Electronic Evidence
2. First Responder
3. Roles of First Responder
4. Electronic Devices: Types and Collecting Potential Evidence
5. First Responder Toolkit
6. First Response Basics
7. Securing and Evaluating Electronic Crime Scene
8. Conducting Preliminary Interviews
9. Documenting Electronic Crime Scene
10. Collecting and Preserving Electronic Evidence
11. Packaging and Transporting Electronic Evidence
12. Reporting the Crime Scene
13. Note Taking Checklist
14. First Responder Common Mistakes
VI. Module 06: Computer Forensics Lab
1. Setting a Computer Forensics Lab
2. Investigative Services in Computer Forensics
3. Computer Forensics Hardware
4. Computer Forensics Software
VII. Module 07: Understanding Hard Disks and File Systems
1. Hard Disk Drive Overview
2. Disk Partitions and Boot Process
3. Understanding File Systems
4. RAID Storage System
5. File System Analysis Using The Sleuth Kit (TSK)
VIII. Module 08: Windows Forensics
1. Collecting Volatile Information
2. Collecting Non-volatile Information
3. Windows Memory Analysis
4. Windows Registry Analysis
5. Cache, Cookie, and History Analysis
6. MD5 Calculation
7. Windows File Analysis
8. Metadata Investigation
9. Text Based Logs
10. Other Audit Events
11. Forensic Analysis of Event Logs
12. Windows Password Issues
13. Forensic Tools
IX. Module 09: Data Acquisition and Duplication
1. Data Acquisition and Duplication Concepts
2. Data Acquisition Types
3. Disk Acquisition Tool Requirements
4. Validation Methods
5. RAID Data Acquisition
6. Acquisition Best Practices
7. Data Acquisition Software Tools
8. Data Acquisition Hardware Tools
X. Module 10: Recovering Deleted Files and Deleted Partitions
1. Recovering the Deleted Files
2. File Recovery Tools for Windows
3. File Recovery Tools for MAC
4. File Recovery Tools for Linux
5. Recovering the Deleted Partitions
6. Partition Recovery Tools
XI. Module 11: Forensics Investigation using AccessData FTK
1. Overview and Installation of FTK
2. FTK Case Manager User Interface
3. FTK Examiner User Interface
4. Starting with FTK
5. FTK Interface Tabs
6. Adding and Processing Static, Live, and Remote Evidence
7. Using and Managing Filters
8. Using Index Search and Live Search
9. Decrypting EFS and other Encrypted Files
10. Working with Reports
XII. Module 12: Forensics Investigation Using EnCase
1. Overview of EnCase Forensic
2. Installing EnCase Forensic
3. EnCase Interface
4. Case Management
5. Working with Evidence
6. Source Processor
7. Analyzing and Searching Files
8. Viewing File Content
9. Bookmarking Items
10. Reporting
XIII. Module 13: Steganography and Image File Forensics
1. Steganography
2. Steganography Techniques
3. Steganalysis
4. Image Files
5. Data Compression
6. Locating and Recovering Image Files
7. Image File Forensics Tools
XIV. Module 14: Application Password Crackers
1. Password Cracking Concepts
2. Types of Password Attacks
3. Classification of Cracking Software
4. Systems Software vs. Applications Software
5. System Software Password Cracking
6. Application Software Password Cracking
7. Password Cracking Tools
XV. Module 15: Log Capturing and Event Correlation
1. Computer Security Logs
2. Logs and Legal Issues
3. Log Management
4. Centralized Logging and Syslogs
5. Time Synchronization
6. Event Correlation
7. Log Capturing and Analysis Tools
XVI. Module 16: Network Forensics, Investigating Logs and Investigating Network Traffic
1. Network Forensics
2. Network Attacks
3. Log Injection Attacks
4. Investigating and Analyzing Logs
5. Investigating Network Traffic
6. Traffic Capturing and Analysis Tools
7. Documenting the Evidence Gathered on a Network
XVII. Module 17: Investigating Wireless Attacks
1. Wireless Technologies
2. Wireless Attacks
3. Investigating Wireless Attacks
4. Features of a Good Wireless Forensics Tool
5. Wireless Forensics Tools
6. Traffic Capturing and Analysis Tools
XVIII. Module 18: Investigating Web Attacks
1. Introduction to Web Applications and Webservers
2. Web Logs
3. Web Attacks
4. Web Attack Investigation
5. Web Attack Detection Tools
6. Tools for Locating IP Address
XIX. Module 19: Tracking Emails and Investigating Email Crimes
1. Email System Basics
2. Email Crimes
3. Email Headers
4. Steps to Investigate
5. Email Forensics Tools
6. Laws and Acts against Email Crimes
XX. Module 20: Mobile Forensics
1. Mobile Phone
2. Mobile Operating Systems
3. Mobile Forensics
4. Mobile Forensic Process
5. Mobile Forensics Software Tools
6. Mobile Forensics Hardware Tools
XXI. Module 21: Investigative Reports
1. Computer Forensics Report
2. Computer Forensics Report Template
3. Investigative Report Writing
4. Sample Forensics Report
5. Report Writing Using Tools
XXII. Module 22: Becoming an Expert Witness
1. Expert Witness
2. Types of Expert Witnesses
3. Computer Forensics Experts
4. Scope of Expert Witness Testimony
5. Evidence Processing
6. Rules for Expert Witness
7. General Ethics While Testifying
To Hire an AMS Computer Hacking Forensic Investigator (CHFI) Subject Matter Expert Consultant and Instructor who also teaches this class, call 800-798-3901 today!