1 (888) 999-9712 |
Customer Service
|
Customer Portal
Products
EnCase® Enterprise Platform
EnCase® eDiscovery
EnCase® Cybersecurity
EnCase® Forensic
EnCase® Portable
Tableau Forensic
Services
Professional Services
Advisory Program
Implementation
Casework
Security Assessment
Data Mapping
Legal Hold & ECA Jump-Start
Integration
Staff Augmentation
Training
Training Overview
Course Offerings
Course Schedule
Training Programs
Certification Programs
Certifying Organizations
Training Partners
Resources
Webinars & Demos
Whitepapers & Briefs
Events Calendar
Digital Forensics Today Blog
Threat Response Blog
Guidance on E-Discovery Blog
Real eDiscovery Magazine
EnCase® Legal Journal
CEIC Conference 2012
CISO Conference 2012
Customer Center
Customer Service
Technical Support
CEIC Conference
Training
Professional Services
Product Registration
Partners
Channel Partner Program
Channel Partners
Channel Partner Portal
Service Providers
Law Firms
About Us
Company Overview
Management
eDiscovery Legal Team
Newsroom
Careers
Investors
Contact Us
Home
/
This hands-on course is designed for investigators who want to learn more about network intrusions, the tools commonly used by attackers, and the forensic artifacts left behind. This course goes into not only the technical aspects of network intrusions, but also discusses the methodology commonly used by attackers. The course begins with an overview of networking protocols and then addresses topics such as session hijacking, capturing network traffic, and the importance of collecting volatile data (which can contain significant forensic artifacts).
The course combines forensic examinations with live response in a network environment. Students learn how to examine a compromised server or workstation in the field to obtain log files and forensic images of hard disk drives. Students examine server log files and forensic artifacts for evidence of the attacker's methods and activities. Additionally this course covers several aspects of Trojan virus infection.
Students will take part in real-world scenarios by performing several different types of attacks on a mock victim machine and then examine the victim computer using EnCase® software to identify the artifacts left behind by the attacker. Many different types of tools and programs will be discussed and used during the course.
Students will take part in real-world scenarios by performing several different types of attacks on a mock victim machine and then examining the victim computer using EnCase to identify the artifacts they left behind by the “attacker.” Many different types of tools and programs will be discussed and used during the course to familiarize the investigator with common tools and methods used to gain unauthorized access, and how those tools and methods can be readily identified during a forensic examination.
In addition to the various hacker tools, students will also utilize and discuss a variety of forensic tools, including EnCase® Enterprise and network intrusion EnScript® programs for live incident response and collection of volatile data.
Delivery method: Group-Live. NASBA defined level: advanced.
The course combines forensic examinations with live response in a network environment. Students learn how to examine a compromised server or workstation in the field to obtain log files and forensic images of hard disk drives. Students examine server log files and forensic artifacts for evidence of the attacker's methods and activities. Additionally this course covers several aspects of Trojan virus infection.
Students will take part in real-world scenarios by performing several different types of attacks on a mock victim machine and then examine the victim computer using EnCase® software to identify the artifacts left behind by the attacker. Many different types of tools and programs will be discussed and used during the course.
In addition to the various hacker tools, students will also utilize and discuss a variety of forensic tools, including EnCase® Enterprise and network intrusion EnScript® programs for live incident response and collection of volatile data.
Delivery method: Group-Live. NASBA defined level: advanced.
The course will cover the following topics:
32
Expert
EnCase® Computer Forensics II course or EnCE Certification. Students should have a good understanding of network topology and TCP/IP. Advance preparation for this course is not required.
This course is intended for corporate and government/law enforcement investigators, legal professionals, and network security personnel. Incident response supervisors and team members are encouraged to attend, as are individuals working in a penetration testing or network intrusion investigation role. An understanding of the concepts of computer forensics and familiarity with the EnCase® Forensic software is required. Knowledge of computer networking hardware, protocols, and concepts is helpful, but not required. Class curriculum is designed to provide a good overview of network security and intrusion investigation issues, both from a forensic and intruder perspective.
Tuition is $2,995.00 USD per student.
See Class Details for Actual Tuition Costs
The hacker mind and methodology
Common tool knowledge and hash sets
Incident response techniques and considerations
Understanding and processing volatile data
Networking 101
Network-based attacks
Network hardware devices
Firewall
TCP/IP overview
Core protocols and layering
Host enumeration and port and vulnerability scanning
Windows® file sharing and vulnerabilities
Hiding and manipulating data
Web server attacks
Remote access Trojans
Internet Relay Chat (IRC) bots
Windows rootkits
Buffer overflows
DCOM vulnerabilities
The Metasploit framework
SQL database attacks
Binary analysis
SELECT LOCATION
SELECT DATE
COURSE INFORMATION
Chicago, IL
Houston, TX
Melbourne, Australia (invest-e-gate)
Pasadena, CA
United Kingdom
Washington, DC
DIRECTIONS
For more information regarding refund concerns and program cancellation policies, contact Guidance Software Training at
training@guidancesoftware.com
or call 626.229.9191 ext. 566.