Learn how to isolate evidence and catch the bad guys with this training course!The dramatic increase in computer-related crime requires corporate security personnel and law enforcement agents to understand how to legally obtain electronic evidence stored in computers.
Electronic records such as computer network logs, e-mails, word processing files, and “.jpg” picture files increasingly provide the government and corporations with important (and sometimes essential) evidence in criminal and civil cases.
One of the purposes of this course is to provide law enforcement agents and corporate security personnel with systematic guidance that can help them understand some of the issues that arise when they seek electronic evidence in criminal and civil investigations.
Table Of Content:
Module 1 - Computer Forensic Investigative Theory
* History of Digital Forensics
* Digital Evidence
* Three Main Aspects to Digital Evidence Reconstruction
* “Attack” Guidelines for the Recovery of Digital Data
* Classification
* Reconstruction
* Demo - TimeStomping
* Behavioral evidence analysis (BEA)
* Equivocal forensic analysis (EFA)
* Victimology
* Demo - Following the Clues from an Email Header
* Important Questions Regarding the Victim's Cybertrail
* Module 1 Review
Module 2 - Computer Forensic Laboratory Protocols
* Overview
* QA
* SOP
* Notes
* Reports
* Peer Review
* Admin Review
* Annual Review
* Deviation
* Lab Intake
* Tracking
* Storage
* Discovery
* Module 2 Review
Module 3 - Computer Forensic Processing Techniques
* Goal of Digital Evidence Processing
* Demo - Logical Review with FTK
* Duplication
* Documenting and Identifying
* Disassembling the Device
* Disconnecting the Device
* Document the Boot Sequence
* Removing and Attaching the Storage Device to Duplicated System
* Circumstances Preventing the Removal of Storage Devices
* Write Protection via Hardware/Software
* Geometry of a Storage Device
* Host Protected Area (HPA)
* Tools for Duplicating Evidence to Examiner's Storage Device
* EnCase for Windows Acquisition Tool
* Demo - Hashing and Duplicating a Drive
* Preparing Duplication for Evidence Examination
* Recording the Logical Drive Structure
* Using “Sandra” and “WinHex”
* File Allocation Tables
* Logical Processes
* Known Files
* Reference Lists
* Verify that File Headers Match Extensions
* Demo - Introduction to FTK
* “Regular Expressions”
* Demo - Using Regular Expressions
* File Signatures
* Demo - Hex Workshop Analysis of Graphic Files
* Module 3 Review
Module 4 - Crypto and Password Recovery
* Background
* Demo - Stegonography
* History
* Concepts 1
* Demo - Cracking a Windows Hashed Password
* Concepts 2
* File Protection
* Options 1
* Demo - Recovering Passwords from a Zip File
* Options 2
* Rainbow Tables
* Demo - Brute Force/Dictionary Cracks with Lophtcrack
* Demo - Password Cracking with Rainbow Tables
* Module 4 Review
Module 5 - Specialized Artifact Recovery
* Overview
* Exam Preparation Stage
* Windows File Date/Time Stamps
* File Signatures
* Image File Databases
* Demo - Thumbs.DB
* The Windows OS
* Windows Operating Environment
* Windows Registry
* Windows Registry Hives 1
* Demo - Registry Overview
* Windows Registry Hives 2
* Windows 98 Registry
* Windows NT/2000/XP Registry
* Windows Registry ID Numbers
* Windows Alternate Data Streams
* Demo - Alternate Data Streams
* Windows Unique ID Numbers
* Other ID’s
* Historical Files 1
* Demo - Real Index.dat
* Historical Files 2
* Demo - Review of Event Viewer
* Historical Files 3
* Demo - Historical Entries in the Registry
* Historical Files 4
* Windows Recycle Bin
* Demo - INFO Files
* Outlook E-Mail
* Outlook 2k/Workgroup E-Mail
* Outlook Express 4/5/6
* Web E-Mail
* Module 5 Review
only registered users with at least 25 hack challenge points can see links: click here in order to visit the hack challengeshttp://hotfile.com/dl/75966625/f34ffc0/CAADF.rar.html
