Home Study Online Training
and Exam Prep
Sale Ends Soon.
Order Today!

ORDER ONLINE AND GET FREE   SHIPPING* except diagnostics

training on DVD-ROM and online  trainingplanet.com

"I did it and so can you. Self-Study can and does work"

Ask a Question

TRAINING PLANET HOME


IT TRAINING CATEGORIES:
 

MICROSOFT SPECIFIC
MCSE Server Admin FREE CLOUD
MCTS Windows 7 Certification Training
Microsoft Project
Microsoft Exchange Server
Microsoft Office 2013 2010
Microsoft Sharepoint

Who is affected by
DoD Directive 8570
?

PC DIAGNOSTICS
Micro 2000 Microscope
PC Check by Eurosoft

DOD 8570.1 Dept. of Defense
A+
Network+
Security+
CISSP
CEH
SSCP

COMPTIA ENTRY LEVELS
A+ Certification PC Repair and Support UPDATED!
CDIA+ Document Imaging
Network+
Linux+
Security+
Project+

CISCO
Cisco CCNA Training
Cisco Wireless
Cisco VOIP Training
CCNA Voice Certification

Cisco CCNA Security Training
CCNP Certification
CCIE Certification
CCNA Voice over IP Training

SECURITY
Security+ Get DoD Certified!
Cisco CCNA Security Training
Certified Ethical Hacker (CEH) FREE LINUX+ DoD
CISSP Exam Training - Shon Harris DoD
Penetration Testing (LPT / ECSA) -
Certified Security Analyst - DoD
Computer Forensics CHFI
FREE SECURITY+ 
ENSA Network Security Administrator
SSCP Systems Security Certified Practitioner - DoD

OFFICE AND PAPER FLOW
Microsoft Office MOS Certification
Document Imaging 101 Fundamentals Training Course
CDIA+ Document Imaging
Microsoft Sharepoint

PROJECT / WORKFLOW MANAGEMENT
Microsoft Project
ITIL Orientation Basics
ITIL Foundations Training
Introduction to Project Management
CAPM Certified Associate in Project Management
PMP Project Management Professional

NETWORKING
Linux Training
VMWare Vsphere Training 5.0 Certified Virtualization Expert (CVE)
MCSE 2012 Windows Server
Cisco Wireless Networking
ENSA Network Security Administrator

BEGINNER
IT Beginner Basic Training
A+ Certification PC Help Desk and Support
Network+
Security+
EC-Council ENSA Network Security Administrator
Microsoft Office
Help Desk / Job Getter Bundle
Document Imaging 101 Fundamentals Training Course


AUTOCAD
Autocad Training 2006 FREE 3D
 


LIVE BOOT CAMP CLASSES

NETWORKED / ONLINE & SITE LICENSE VERSIONS

EXAM SIMULATORS

EXAM TAKING FAQ

FINANCING

IT JOBS IN YOUR AREA

IT JOB SALARY SURVEYS

- PURCHASE ORDERS


CONTACT US

POLICIES

PRIVACY


 

Ask a Question

From Interactive Online Training to Boot Camp Classes...
      at Training Planet it's all about choice.™

training course classes boot camps online cd dvd

 

OUR ENTIRE PRODUCT LINE ON SALE!

Computer Forensics Training
Certified Hacking Forensic Investigator CHFI  v8
 

 

Computer Forensics Training!
Advance Your Career!
PREPARES YOU FOR THE EC0 312-49 EXAM!

This computer forensics online and DVD training will benefit Police and other law enforcement personnel, Defense, Military, e-Business security professionals, system administrators, legal professionals, Government agencies, banking, insurance, IT managers and other professionals.


 

Certified Hacking Forensic Investigator CHFI
 


Computer hacking forensic investigation is the process of detecting hacking attacks and properly extracting evidence to report the crime and conduct audits to prevent future attacks. Computer forensics is simply the application of computer investigation and analysis techniques in the interests of determining potential legal evidence. Evidence might be sought in a wide range of computer crime or misuse, including but not limited to theft of trade secrets, theft of or destruction of intellectual property, and fraud. CHFI investigators can draw on an array of methods for discovering data that resides in a computer system, or recovering deleted, encrypted, or damaged file information. This course will prepare you to pass the EC0 312-49 exam and achieve Computer Hacking Forensics Investigator (CHFI) certification.

Career Academy, the maker, is an EC-Council endorsed training provider. We have invited the best security trainers in the industry to help us develop the ultimate training and certification program which includes everything you will need to fully prepare for and pass your certification exams. This officially endorsed product gives our students access to the exam by providing you with a Voucher Number. The EC-Council Voucher Number can be used at any Prometric center, this voucher number is required and mandatory for you to schedule and pay for your exam. Without this voucher number Prometric will not entertain any of your requests to schedule and take the exam.  Note: The cost of the exam is not included in this package.

Instructor-led video lectures
Like training one-on-one with an expert with full motion video allows you to see the steps, listen to the explanations, and perform the hands-on lab exercises. Video instruction provides one of the most flexible and comfortable training experiences. The users are able to work at their own pace, in their choice of area - including training room or home. Our training is media-rich, interactive and engaging. We incorporate live video instructions, screen shots, PowerPoint presentations, whiteboard, and lab simulations to give our customers an engaging learning experience. Our teaching methodology capitalizes on the skills and knowledge of industry experts, providing real-world insight from recognized and Certified IT professionals. It's like having an expert in your living room, patiently explaining until you thoroughly understand all the concepts.

Printable Courseware
Combining Instructor Keynotes, training outlines and training PowerPoint slides, Our Printable study guide with reference support to help you focus on areas of need and chart your progress.

Investigate Computer Crimes
Computer forensic investigation is the process of detecting hacking attacks and properly extracting evidence to report the crime and conduct audits to prevent future attacks. Computer forensics is simply the application of computer investigation and analysis techniques in the interests of determining potential legal evidence. Evidence might be sought in a wide range of computer crime or misuse, including but not limited to theft of trade secrets, theft of or destruction of intellectual property, and fraud. With this training, you can draw on many methods for discovering data that resides in a computer system, or recovering deleted, encrypted, or damaged file information.



Securing and analyzing electronic evidence is a central theme in an ever-increasing number of conflict situations and criminal cases.
Electronic evidence is critical in the following situations:


--Disloyal employees
--Computer break-ins
--Possession of pornography
--Breach of contract
--Industrial espionage
--E-mail Fraud
--Bankruptcy
--Disputed dismissals
--Web page defacements
--Theft of company documents



Computer forensics training will enable you to have systematic and careful identification of evidence in computer related crime and abuse cases. This may range from tracing the tracks of a hacker through a client's systems, to tracing the originator of defamatory emails, to recovering signs of fraud.






Course Coverage:

Module 00 - Student Introduction
 
Student Introduction
 CHFIv8 Course Outline
 EC-Council Certification Program
 Computer Hacking Forensic Investigator Track
 CHFIv8 Exam Information
 What Does CHFI Teach You?
 CHFI Class Speed
 Let's Start Forensics Investigation!


Module 01 - Computer Forensics in Today's World
 
Module Flow: Computer Forensics
 Computer Forensics
 Security Incident Report
 Aspects of Organizational Security
 Evolution of Computer Forensics (Cont'd)
 Evolution of Computer Forensics
 Objective of Computer Forensics
 Need for Computer Forensics
 Module Flow: Forensics Readiness
 Benefits of Forensics Readiness
 Goals of Forensics Readiness
 Forensics Readiness Planning
 Module Flow: Cyber Crimes
 Cyber Crime
 Computer Facilitated Crimes
 Modes of Attacks
 Examples of Cyber Crime (Cont'd)
 Examples of Cyber Crime
 Types of Computer Crimes
 Cyber Criminals
 Organized Cyber Crime: Organizational Chart
 How Serious are Different Types of Incidents?
 Disruptive Incidents to the Business
 Cost Expenditure Responding to the Security Incident
 Module Flow: Cyber Crime Investigation
 Cyber Crime Investigation
 Key Steps in Forensics Investigation (Cont'd)
 Key Steps in Forensics Investigation
 Rules of Forensics Investigation
 Need for Forensics Investigator
 Role of Forensics Investigator
 Accessing Computer Forensics Resources
 Role of Digital Evidence
 Module Flow: Corporate Investigations
 Understanding Corporate Investigations
 Approach to Forensics Investigation: A Case Study (Cont'd)
 Approach to Forensics Investigation: A Case Study
 Instructions for the Forensic Investigator to Approach the Crime Scene
 Why and When Do You Use Computer Forensics?
 Enterprise Theory of Investigation (ETI)
 Legal Issues
 Reporting the Results
 Module Flow: Reporting a Cyber Crime
 Why you Should Report Cybercrime?
 Reporting Computer-Related Crimes (Cont'd)
 Reporting Computer-Related Crimes
 Person Assigned to Report the Crime
 When and How to Report an Incident?
 Who to Contact at the Law Enforcement
 Federal Local Agents Contact (Cont'd)
 Federal Local Agents Contact
 More Contacts
 CIO Cyberthreat Report Form
 Module 01 Review
 

Module 02 - Computer Forensics Investigation Process
 
Computer Forensics Investigation Process
 Investigating Computer Crime
 Before the Investigation
 Build a Forensics Workstation
 Building the Investigation Team
 People Involved in Computer Forensics
 Review Policies and Laws
 Forensics Laws (Cont'd)
 Forensics Laws
 Notify Decision Makers and Acquire Authorization
 Risk Assessment
 Build a Computer Investigation Toolkit
 Steps to Prepare for a Computer Forensics Investigation (Cont'd)
 Steps to Prepare for a Computer Forensics Investigation
 Computer Forensics Investigation Methodology: Obtain Search Warrant
 Obtain Search Warrant
 Example of Search Warrant
 Searches Without a Warrant
 Computer Forensics Investigation Methodology: Evaluate and Secure the Scene
 Forensics Photography
 Gather the Preliminary Information at the Scene
 First Responder
 Computer Forensics Investigation Methodology: Collect the Evidence
 Collect Physical Evidence
 Evidence Collection Form
 Collect Electronic Evidence (Cont'd)
 Collect Electronic Evidence
 Guidelines for Acquiring Evidence
 Computer Forensics Investigation Methodology: Secure the Evidence
 Secure the Evidence
 Evidence Management
 Chain of Custody
 Chain of Custody Form
 Computer Forensics Investigation Methodology: Acquire the Data
 Original Evidence Should NEVER Be Used for Analysis
 Duplicate the Data (Imaging)
 Verify Image Integrity
 Demo - HashCalc
 MD5 Hash Calculators: HashCalc, MD5 Calculator and HashMyFiles
 Recover Lost or Deleted Data
 Data Recovery Software
 Computer Forensics Investigation Methodology: Analyze the Data
 Data Analysis
 Data Analysis Tools
 Computer Forensics Investigation Methodology: Assess Evidence and Case
 Evidence Assessment
 Case Assessment (Cont'd)
 Case Assessment
 Processing Location Assessment
 Best Practices to Assess the Evidence
 Computer Forensics Investigation Methodology: Prepare the Final Report
 Documentation in Each Phase
 Gather and Organize Information
 Writing the Investigation Report (Cont'd)
 Writing the Investigation Report
 Sample Report (1 of 7)
 Sample Report (2 of 7)
 Sample Report (3 of 7)
 Sample Report (4 of 7)
 Sample Report (5 of 7)
 Sample Report (6 of 7)
 Sample Report (7 of 7)
 Computer Forensics Investigation Methodology: Testify as an Expert Witness
 Expert Witness
 Testifying in the Court Room
 Closing the Case
 Maintaining Professional Conduct
 Investigating a Company Policy Violation
 Computer Forensics Service Providers (Cont'd)
 Computer Forensics Service Providers
 Module 02 Review
 

Module 03 - Searching and Seizing Computers
 
Module Flow: Searching and Seizing Computers without a Warrant
 Searching and Seizing Computers without a Warrant
 Fourth Amendment's "Reasonable Expectation of Privacy" in Cases Involving Computers: Principles
 Reasonable Expectation of Privacy in Computers as Storage Devices
 Reasonable Expectation of Privacy and Third-Party Possession
 Private Searches
 Use of Technology to Obtain Information
 Exceptions to the Warrant Requirement in Cases Involving Computers
 Consent
 Scope of Consent
 Third-Party Consent
 Implied Consent
 Exigent Circumstances
 Plain View
 Search Incident to a Lawful Arrest
 Inventory Searches
 Border Searches
 International Issues
 Special Case: Workplace Searches
 Private Sector Workplace Searches
 Public-Sector Workplace Searches
 Module Flow: Searching and Seizing Computers with a Warrant
 Searching and Seizing Computers with a Warrant
 Successful Search with a Warrant
 Basic Strategies for Executing Computer Searches
 When Hardware Is Itself Contraband, Evidence, or an Instrumentality or Fruit of Crime
 When Hardware Is Merely a Storage Device for Evidence of Crime
 The Privacy Protection Act
 The Terms of the Privacy Protection Act
 Application of the PPA to Computer Searches and Seizures (Cont'd)
 Application of the PPA to Computer Searches and Seizures
 Civil Liability Under the Electronic Communications Privacy Act (ECPA)
 Considering the Need for Multiple Warrants in Network Searches
 No-Knock Warrants
 Sneak-and-Peek Warrants
 Privileged Documents
 Drafting the Warrant and Affidavit
 Accurately and Particularly Describe the Property to Be Seized in the Warrant and/or Attachments
 Defending Computer Search Warrants Against Challenges Based on the "Things to be Seized"
 Establish Probable Cause in the Affidavit
 Explanation of the Search Strategy and Practical & Legal Considerations
 Post-Seizure Issues
 Searching Computers Already in Law Enforcement Custody
 The Permissible Time Period for Examining Seized Computers
 Rule 41(e) Motions for Return of Property
 Module Flow: The Electronic Communications Privacy Act
 The Electronic Communications Privacy Act
 Providers of Electronic Communication Service vs. Remote Computing Service
 Classifying Types of Information Held by Service Providers
 Compelled Disclosure Under ECPA
 Voluntary Disclosure
 Working with Network Providers
 Module Flow: Electronic Surveillance in Communications Networks
 Electronic Surveillance in Communications Networks
 Content vs. Addressing Information
 The Pen/Trap Statute
 The Wiretap Statute ("Title III")
 Exceptions to Title III
 Remedies For Violations of Title III and the Pen/Trap Statute
 Module Flow: Evidence
 Evidence (Cont'd)
 Evidence
 Authentication
 Hearsay
 Other Issues
 Module 03 Review
 

Module 04 - Digital Evidence

Module Flow: Digital Data
 Definition of Digital Evidence
 Increasing Awareness of Digital Evidence
 Challenging Aspects of Digital Evidence
 The Role of Digital Evidence
 Characteristics of Digital Evidence
 Fragility of Digital Evidence
 Anti-Digital Forensics (ADF)
 Module Flow: Types of Digital Data
 Types of Digital Data (Cont'd)
 Types of Digital Data (Cont'd)
 Types of Digital Data
 Module Flow: Rules of Evidence
 Rules of Evidence
 Best Evidence Rule
 Federal Rules of Evidence (Cont'd)
 Federal Rules of Evidence (Cont'd)
 Federal Rules of Evidence (Cont'd)
 Federal Rules of Evidence (Cont'd)
 Federal Rules of Evidence (Cont'd)
 Federal Rules of Evidence
 International Organization on Computer Evidence (IOCE)
 IOCE International Principles for Digital Evidence
 Scientific Working Group on Digital Evidence (SWGDE)
 SWGDE Standards for the Exchange of Digital Evidence (Cont'd)
 SWGDE Standards for the Exchange of Digital Evidence (Cont'd)
 SWGDE Standards for the Exchange of Digital Evidence
 Module Flow: Electronic Devices: Types and Collecting Potential Evidence
 Electronic Devices: Types and Collecting Potential Evidence (Cont'd)
 Electronic Devices: Types and Collecting Potential Evidence (Cont'd)
 Electronic Devices: Types and Collecting Potential Evidence (Cont'd)
 Electronic Devices: Types and Collecting Potential Evidence (Cont'd)
 Electronic Devices: Types and Collecting Potential Evidence (Cont'd)
 Electronic Devices: Types and Collecting Potential Evidence (Cont'd)
 Electronic Devices: Types and Collecting Potential Evidence (Cont'd)
 Electronic Devices: Types and Collecting Potential Evidence (Cont'd)
 Electronic Devices: Types and Collecting Potential Evidence (Cont'd)
 Electronic Devices: Types and Collecting Potential Evidence (Cont'd)
 Electronic Devices: Types and Collecting Potential Evidence
 Module Flow: Digital Evidence Examination Process
 Digital Evidence Examination Process - Evidence Assessment
 Evidence Assessment
 Prepare for Evidence Acquisition
 Digital Evidence Examination Process - Evidence Acquisition
 Preparation for Searches
 Seizing the Evidence
 Imaging
 Demo - Disk Sterilization with DD
 Bit-Stream Copies
 Write Protection
 Evidence Acquisition
 Evidence Acquisition from Crime Location
 Acquiring Evidence from Storage Devices
 Demo - Utilizing HD PARM for HD Information
 Collecting Evidence (Cont'd)
 Collecting Evidence (Cont'd)
 Collecting Evidence (Cont'd)
 Collecting Evidence
 Collecting Evidence from RAM (Cont'd)
 Collecting Evidence from RAM
 Collecting Evidence from a Standalone Network Computer
 Chain of Custody
 Chain of Evidence Form
 Digital Evidence Examination Process - Evidence Preservation
 Preserving Digital Evidence: Checklist (Cont'd)
 Preserving Digital Evidence: Checklist (Cont'd)
 Preserving Digital Evidence: Checklist (Cont'd)
 Preserving Digital Evidence: Checklist
 Preserving Removable Media (Cont'd)
 Preserving Removable Media
 Handling Digital Evidence
 Store and Archive
 Digital Evidence Findings
 Digital Evidence Examination Process - Evidence Examination and Analysis
 DO NOT WORK on the Original Evidence
 Evidence Examination (Cont'd)
 Evidence Examination
Physical Extraction
 Logical Extraction
 Analyze Host Data
 Analyze Storage Media
 Analyze Network Data
 Analysis of Extracted Data
 Timeframe Analysis
 Data Hiding Analysis
 Application and File Analysis
 Ownership and Possession
 Digital Evidence Examination Process - Evidence Documentation and Reporting
 Documenting the Evidence
 Evidence Examiner Report
 Final Report of Findings
 Computer Evidence Worksheet (Cont'd)
 Computer Evidence Worksheet
Hard Drive Evidence Worksheet (Cont'd)
 Hard Drive Evidence Worksheet
 Removable Media Worksheet
 Module Flow: Electronic Crime and Digital Evidence Consideration by Crime Category
 Electronic Crime and Digital Evidence Consideration by Crime Category (Cont'd)
 Electronic Crime and Digital Evidence Consideration by Crime Category (Cont'd)
 Electronic Crime and Digital Evidence Consideration by Crime Category (Cont'd)
 Electronic Crime and Digital Evidence Consideration by Crime Category (Cont'd)
 Electronic Crime and Digital Evidence Consideration by Crime Category (Cont'd)
 Electronic Crime and Digital Evidence Consideration by Crime Category
 Module 04 Review
 

Module 05 - First Responder Procedures

Module Flow: First Responder
 Electronic Evidence
 First Responder
 Roles of First Responder
 Electronic Devices: Types and Collecting Potential Evidence (Cont' d)
 Electronic Devices: Types and Collecting Potential Evidence
Module Flow: First Responder Toolkit
 First Responder Toolkit
 Creating a First Responder Toolkit
 Evidence Collecting Tools and Equipment (Cont'd)
 Evidence Collecting Tools and Equipment (Cont'd)
 Evidence Collecting Tools and Equipment
 Module Flow: First Response Basics
 First Response Rule
 Incident Response: Different Situations
 First Response for System Administrators
 First Response by Non-Laboratory Staff
 First Response by Laboratory Forensics Staff (Cont'd)
 First Response by Laboratory Forensics Staff
 Module Flow: Securing and Evaluating Electronic Crime Scene
 Securing and Evaluating Electronic Crime Scene: A Checklist (Cont'd)
 Securing and Evaluating Electronic Crime Scene: A Checklist
 Securing the Crime Scene
 Warrant for Search and Seizure
 Planning the Search and Seizure (Cont'd)
 Planning the Search and Seizure
 Initial Search of the Scene
 eNotes
 eNotes
 Health and Safety Issues
 Module Flow: Conducting Preliminary Interviews
 Questions to Ask When Client Calls the Forensic Investigator
 Consent
 Sample of Consent Search Form
 Witness Signatures
 Conducting Preliminary Interviews
 Conducting Initial Interviews
 Witness Statement Checklist
 Module Flow: Documenting Electronic Crime Scene
 Documenting Electronic Crime Scene
 Photographing the Scene
 Sketching the Scene
 Video Shooting the Crime Scene
 Module Flow: Collecting and Preserving Electronic Evidence
 Collecting and Preserving Electronic Evidence (Cont'd)
 Collecting and Preserving Electronic Evidence
 Order of Volatility
 Dealing with Powered On Computers (Cont'd)
 Demo - Imaging RAM
 Demo - Parsing RAM
 Dealing with Powered On Computers
 Dealing with Powered Off Computers
 Dealing with Networked Computer
 Dealing with Open Files and Startup Files
 Operating System Shutdown Procedure (Cont'd)
 Operating System Shutdown Procedure Example
 Computers and Servers
 eNotes
 Preserving Electronic Evidence
 Seizing Portable Computers
 Switched On Portables
 Collecting and Preserving Electronic Evidence Wrap-up
 Module Flow: Packaging and Transporting Electronic Evidence
 Evidence Bag Contents List
 Packaging Electronic Evidence
 Exhibit Numbering
 Transporting Electronic Evidence
 Handling and Transportation to the Forensics Laboratory
 Storing Electronic Evidence
 Chain of Custody
 Simple Format of the Chain of Custody Document
 Chain of Custody Forms (Cont'd)
 Chain of Custody Forms (Cont'd)
 Chain of Custody Forms
 Chain of Custody on Property Evidence Envelope/Bag and Sign-out Sheet
 Demo - Hardware Inventories
 Module Flow: Reporting the Crime Scene
 Reporting the Crime Scene
 Note Taking Checklist (Cont'd)
 Note Taking Checklist
 First Responder Common Mistakes
 Module 05 Review
 

Module 06 - Computer Forensics Lab

Module Flow: Setting a Computer Forensics Lab
 Computer Forensics Lab
 Planning for a Forensics Lab
 Budget Allocation for a Forensics Lab
 Physical Location Needs of a Forensics Lab
 Structural Design Considerations
 Environmental Conditions
 Electrical Needs
 Communication Needs
 Work Area of a Computer Forensics Lab
 Ambience of a Forensics Lab
 Ambience of a Forensics Lab: Ergonomics
 Physical Security Recommendations
 Fire-Suppression Systems
 Evidence Locker Recommendations
 Computer Forensic Investigator
 Law Enforcement Officer
 Lab Director
 Forensics Lab Licensing Requisite
 Features of the Laboratory Imaging System
 Technical Specifications of the Laboratory Based Imaging System
 Forensics Lab (1 of 3)
 Forensics Lab (2 of 3)
 Forensics Lab (3 of 3)
 Auditing a Computer Forensics Lab (Cont'd)
 Auditing a Computer Forensics Lab
 Recommendations to Avoid Eyestrain
Module Flow: Investigative Services in Forensics
 Computer Forensics Investigative Services
 Computer Forensic Investigative Service Sample
 Computer Forensics Services: PenrodEllis Forensic Data Discovery
 Data Destruction Industry Standards
 Computer Forensics Services (Cont'd)
 Computer Forensics Services
 Module Flow: Computer Forensics Hardware
 Equipment Required in a Forensics Lab
 Forensic Workstations
 Basic Workstation Requirements in a Forensics Lab
 Stocking the Hardware Peripherals
 Paraben Forensics Hardware: Handheld First Responder Kit
 Paraben Forensics Hardware: Wireless StrongHold Bag
 Paraben Forensics Hardware: Wireless StrongHold Box
 Paraben Forensics Hardware: Passport StrongHold Bag
 Paraben Forensics Hardware: Device Seizure Toolbox
 Paraben Forensics Hardware: Project-a-Phone
 Paraben Forensics Hardware: Lockdown
 Paraben Forensics Hardware: iRecovery Stick
 Paraben Forensics Hardware: Data Recovery Stick
 Paraben Forensics Hardware: Chat Stick
 Paraben Forensics Hardware: USB Serial DB9 Adapter
 Paraben Forensics Hardware: Mobile Field Kit
 Portable Forensic Systems and Towers: Forensic Air-Lite VI MK III Laptop
 Portable Forensic Systems and Towers: Original Forensic Tower II and Forensic Solid Steel Tower
 Portable Forensic Workhorse V: Tableau 335 Forensic Drive Bay Controller
 Portable Forensic Systems and Towers: Forensic Air-Lite IV MK II
 Portable Forensic Systems and Towers: Forensic Air-Lite V MK III
 Portable Forensic Systems and Towers: Forensic Tower IV Duel Xeon
 Portable Forensic Systems and Towers: Ultimate Forensic Machine
 Forensic Write Protection Devices and Kits: Ultimate Forensic Write Protection Kit II-ES
 Tableau T3u Forensic SATA Bridge Write Protection Kit
 Tableau T8 Forensic USB Bridge Kit/Addonics Mini DigiDrive READ ONLY 12-in-1 Flash Reader
 Tableau TACC 1441 Hardware Accelerator
 Multiple TACC1441 Units
 Tableau TD1 Forensic Duplicator
 Power Supplies and Switches
 Digital Intelligence Forensic Hardware: FRED SR (Duel Xeon)
 Digital Intelligence Forensic Hardware: FRED-L
 Digital Intelligence Forensic Hardware: FRED SC
 Digital Intelligence Forensic Hardware: Forensic Recovery of Evidence Data Center (FREDC)
 Digital Intelligence Forensic Hardware: Rack-A-TACC
 Digital Intelligence Forensic Hardware: FREDDIE
 Digital Intelligence Forensic Hardware: UltraKit
 Digital Intelligence Forensic Hardware: UltraBay II
 Digital Intelligence Forensic Hardware: UltraBlock SCSI
 Digital Intelligence Forensic Hardware: Micro Forensic Recovery of Evidence Device
 Digital Intelligence Forensic Hardware: HardCopy 3P
 Wiebetech: Forensics DriveDock v4
 Wiebetech: Forensic UltraDock v4
 Wiebetech: Drive eRazer
 Wiebetech: v4 Combo Adapters
 Wiebetech: ProSATA SS8
 Wiebetech: HotPlug
 CelleBrite: UFED System
 CelleBrite: UFED Physical Pro
 CelleBrite: UFED Ruggedized
 DeepSpar: Disk Imager Forensic Edition
 DeepSpar: 3D Data Recovery
 Phase 1 Tool: PC-3000 Drive Restoration System
 Phase 2 Tool: DeepSpar Disk Imager
 Phase 3 Tool: PC-3000 Data Extractor
 InfinaDyne Forensic Products: Robotic Loader Extension for CD/DVD Inspector
 InfinaDyne Forensic Products: Robotic System Status Light
 Image MASSter: Solo-4 (Super Kit)
 Image MASSter: RoadMASSter- 3
 Image MASSter: WipeMASSter
 Image MASSter: WipePRO
 Image MASSter: Rapid Image 7020CS IT
 Logicube: Forensic MD5
 Logicube: Forensic Talon
 Logicube: Portable Forensic Lab
 Logicube: CellDEK
 Logicube: Forensic Quest-2
 Logicube: NETConnect
 Logicube: RAID I/O Adapter
 Logicube: GPStamp
 Logicube: OmniPort
 Logicube: Desktop WritePROtects
 Logicube: USB Adapter
 Logicube: CloneCard Pro
 Logicube: EchoPlus
 OmniClone IDE Laptop Adapters
 Logicube: Cables
 VoomTech: HardCopy 3P
 VoomTech: SHADOW 2
 Module Flow: Computer Forensics Software
 Basic Software Requirements in a Forensics Lab
 Main Operating System and Application Inventories
 Imaging Software: R-drive Image
 Demo - R-Drive Image
 Imaging Software: P2 eXplorer Pro
 Imaging Software: AccuBurn-R for CD/DVD Inspector
 Imaging Software: Flash Retriever Forensic Edition
 File Conversion Software: FileMerlin
 File Conversion Software: SnowBatch
 File Conversion Software: Zamzar
 File Viewer Software: File Viewer
 File Viewer Software: Quick View Plus 11 Standard Edition
 Demo - File Viewers
 Analysis Software: P2 Commander
 P2 Commander Screenshot
 Analysis Software: DriveSpy
 Analysis Software: SIM Card Seizure
 Analysis Software: CD/DVD Inspector
 Analysis Software: Video Indexer (Vindex)
 Monitoring Software: Device Seizure
 Device Seizure Screenshots
 Monitoring Software: Deployable P2 Commander (DP2C)
 Monitoring Software: ThumbsDisplay
 ThumbsDisplay Screenshot
 Monitoring Software: Email Detective
 Computer Forensics Software: DataLifter
 Computer Forensics Software: X-Ways Forensics
 Demo - X-Ways Forensics
 Computer Forensics Software: LiveWire Investigator
 Module 06 Review
 

Module 07 - Understanding Hard Disks and File Systems

Module Flow: Hard Disk Drive Overview
 Disk Drive Overview (Cont'd)
 Disk Drive Overview
 Hard Disk Drive
 Solid-State Drive (SSD)
 Physical Structure of a Hard Disk (Cont'd)
 Physical Structure of a Hard Disk (Cont'd)
 Physical Structure of a Hard Disk (Cont'd)
 Physical Structure of a Hard Disk
 Logical Structure of Hard Disk
 Types of Hard Disk Interfaces
 Hard Disk Interfaces: ATA
 Hard Disk Interfaces: SCSI (Cont'd)
 Hard Disk Interfaces: SCSI
 Hard Disk Interfaces: IDE/EIDE
 Hard Disk Interfaces: USB
 Hard Disk Interfaces: Fibre Channel
 Disk Platter
 Tracks
 Track Numbering
 Sector
 Advanced Format: Sectors
 Sector Addressing
 Cluster
 Cluster Size
 Changing the Cluster Size
 Demo - Cluster Size
 Slack Space ( Cont'd)
 Slack Space
 Demo - Slack Space
 Lost Clusters
 Bad Sector
 Hard Disk Data Addressing
 Disk Capacity Calculation
 Demo - Calculating Disk Capacity
 Measuring the Performance of the Hard Disk
 Module Flow: Disk Partitions and Boot Process
 Disk Partitions
 Demo - Partitioning Linux
 Master Boot Record
 Structure of a Master Boot Record (Cont'd)
 Demo - Backing Up the MBR
 Structure of a Master Boot Record
 What is the Booting Process?
 Essential Windows System Files
 Windows 7 Boot Process (Cont'd)
 Windows 7 Boot Process (Cont'd)
 Windows 7 Boot Process
 Macintosh Boot Process (Cont'd)
 Macintosh Boot Process (Cont'd)
 Macintosh Boot Process (Cont'd)
 Macintosh Boot Process
 http://www.bootdisk.com
 Module Flow: Understanding File Systems
 Understanding File Systems
 Types of File Systems
 List of Disk File Systems (Cont'd)
 List of Disk File Systems (Cont'd)
 List of Disk File Systems
 List of Network File Systems
 List of Special Purpose File Systems
 List of Shared Disk File Systems
 Windows File Systems
 Popular Windows File Systems
 File Allocation Table (FAT)
 FAT File System Layout
 FAT Partition Boot Sector
 FAT Structure
 FAT Folder Structure
 Directory Entries and Cluster Chains
 Filenames on FAT Volumes
 Examining FAT
 FAT32
 New Technology File System (NTFS) (Cont'd)
 NTFS (Cont'd)
 NTFS
 NTFS Architecture
 NTFS System Files
 NTFS Partition Boot Sector
 Cluster Sizes of NTFS Volume
 NTFS Master File Table (MFT) (Cont'd)
 NTFS Master File Table (MFT) (Cont'd)
 NTFS Master File Table (MFT)
 Metadata Files Stored in the MFT
 NTFS Files and Data Storage
 NTFS Attributes
 NTFS Data Stream (Cont'd)
 NTFS Data Stream
 NTFS Compressed Files
 Setting the Compression State of a Volume
 Encrypting File Systems (EFS)
 Components of EFS
 Operation of Encrypting File System
 EFS Attribute
 Encrypting a File
 EFS Recovery Key Agent (Cont'd)
 EFS Recovery Key Agent
 Tool: Advanced EFS Data Recovery
 Tool: EFS Key
 Sparse Files
 Deleting NTFS Files
 Registry Data (Cont'd)
 Registry Data
 Examining Registry Data
 FAT vs. NTFS
 Linux File Systems
 Popular Linux File Systems
 Linux File System Architecture
 Ext2 (Cont'd)
 Ext2 (Cont'd)
 Ext2
 Ext3 (Cont'd)
 Ext3
 Mac OS X File Systems
 Mac OS X File Systems
 HFS vs. HFS Plus
 HFS
 HFS Plus
 HFS Plus Volumes
 HFS Plus Journal
 Sun Solaris 10 File System: ZFS
 CD-ROM / DVD File System
 CDFS
 Demo - Multi-sessions Discs
 Module Flow: RAID Storage System
 RAID Storage System
 RAID Level 0: Disk Striping
 RAID Level 1: Disk Mirroring
 RAID Level 3: Disk Striping with Parity
 RAID Level 5: Block Interleaved Distributed Parity
 RAID Level 10: Blocks Striped and Mirrored
 RAID Level 50: Mirroring and Striping across Multiple RAID Levels
 Different RAID Levels
 Comparing RAID Levels
 Recover Data from Unallocated Space Using File Carving Process
 Module Flow: File System Analysis Using the Sleuth Kit (TSK)
 Tool: The Sleuth Kit (TSK)
 The Sleuth Kit (TSK): fsstat
 The Sleuth Kit (TSK): istat (1 of 4)
 The Sleuth Kit (TSK): istat (2 of 4)
 The Sleuth Kit (TSK): istat (3 of 4)
 The Sleuth Kit (TSK): istat (4 of 4)
 The Sleuth Kit (TSK): fls and img_stat
 Demo - TSK and Autopsy
 Module 07 Review
 

Module 08 - Windows Forensics
 
Module Flow: Collecting Volatile Information
 Volatile Information
 System Time
 Logged-On Users
 Logged-On Users: PsLoggedOn Tool
 Logged-On Users: net sessions Command
 Logged-On Users: LogonSessions Tool
 Open Files
 Open Files: net file Command
 Open Files: PsFile Utility
 Open Files: Openfiles Command
 Network Information (Cont'd)
 Network Information
 Network Connections (Cont'd)
 Demo - Netstat Command
 Network Connections
Process Information (Cont'd)
 Process Information (Cont'd)
 Process Information (Cont'd)
 Process Information (Cont'd)
 Process Information (Cont'd)
 Process Information
 Process-to-Port Mapping (Cont'd)
 Process-to-Port Mapping
 Process Memory
 Network Status (Cont'd)
 Demo - ipconfig
 Network Status
 Other Important Information (Cont'd)
 Demo - Clipboard Viewer
 Other Important Information
 Module Flow: Collecting Non-Volatile Information
 Non-Volatile Information
 Examine File Systems
 Registry Settings
 Microsoft Security ID
 Event Logs
 Index.dat File (Cont'd)
 Index.dat File
 Demo - Grabbing Registry Files
 Devices and Other Information
 Slack Space
 Virtual Memory
 Swap File
 Windows Search Index
 Collecting Hidden Partition Information
 Demo - Gparted
 Hidden ADS Streams
 Investigating ADS Streams: StreamArmor
 Other Non-Volatile Information
 Module Flow: Windows Memory Analysis
 Memory Dump (Cont'd)
 Memory Dump
 EProcess Structure
 Process Creation Mechanism
 Parsing Memory Contents
 Parsing Process Memory
 Extracting the Process Image (Cont'd)
 Extracting the Process Image
 Collecting Process Memory
 Module Flow: Windows Registry Analysis
 Inside the Registry (Cont'd)
 Inside the Registry (Cont'd)
 Inside the Registry
 Registry Structure within a Hive File
 The Registry as a Log File
 Registry Analysis
 System Information (Cont'd)
 System Information
 TimeZone Information
 Shares
 Audit Policy
 Wireless SSIDs
 Autostart Locations
 System Boot
 User Login
 User Activity
 Enumerating Autostart Registry Locations
 USB Removable Storage Devices (Cont'd)
 USB Removable Storage Devices (Cont'd)
 USB Removable Storage Devices (Cont'd)
 USB Removable Storage Devices
 Mounted Devices (Cont'd)
 Mounted Devices
 Finding Users (Cont'd)
 Finding Users (Cont'd)
 Finding Users: Screenshots
 Tracking User Activity
 The UserAssist Keys
 MRU Lists (Cont'd)
 MRU Lists (Cont'd)
 MRU Lists
 Search Assistant
 Connecting to Other Systems
 Analyzing Restore Point Registry Settings (Cont'd)
 Analyzing Restore Point Registry Settings
 Determining the Startup Locations (Cont'd)
 Determining the Startup Locations (Cont'd)
 Determining the Startup Locations (Cont'd)
 Determining the Startup Locations (Cont'd)
 Determining the Startup Locations (Cont'd)
 Determining the Startup Locations
 Demo - Reg Ripper
 Module Flow: Cache, Cookie, and History Analysis
 Cache, Cookie, and History Analysis in IE
 Cache, Cookie, and History Analysis in Firefox
 Cache, Cookie, and History Analysis in Chrome
 Analysis Tool: IECookiesView
 Analysis Tool: IECacheView
 Analysis Tool: IEHistoryView
 Analysis Tool: MozillaCookiesView
 Analysis Tool: MozillaCacheView
 Analysis Tool: MozillaHistoryView
 Analysis Tool: ChromeCookiesView
 Analysis Tool: ChromeCacheView
 Analysis Tool: ChromeHistoryView
 Module Flow: MD5 Calculation
 Message Digest Function: MD5
 Why MD5 Calculation?
 MD5 Hash Calculators: HashCalc, MD5 Calculator and HashMyFiles
 MD5 Checksum Verifier
 ChaosMD5
 Module Flow: Windows File Analysis
 Recycle Bin (Cont'd)
 Recycle Bin
 System Restore Points (Rp.log Files)
 System Restore Points (Change.log.x Files)
 Prefetch Files (Cont'd)
 Prefetch Files
 Shortcut Files
 Word Documents
 PDF Documents
 Image Files
 File Signature Analysis
 NTFS Alternate Data Streams
 Executable File Analysis
 Documentation Before Analysis
 Static Analysis Process
 Search Strings
 PE Header Analysis
 Import Table Analysis
 Export Table Analysis
 Dynamic Analysis Process
 Creating Test Environment
 Collecting Information Using Tools
 Process of Testing the Malware
 Module Flow: Metadata Investigation
 Metadata
 Types of Metadata (Cont'd)
 Types of Metadata
 Metadata in Different File Systems (Cont'd)
 Metadata in Different File Systems
Metadata in PDF Files
 Metadata in Word Documents
 Tool: Metadata Analyzer
 Module Flow: Text Based Logs
 Understanding Events
 Event Logon Types (Cont'd)
 Event Logon Types (Cont'd)
 Event Logon Types
 Event Record Structure (Cont'd)
 Event Record Structure (Cont'd)
 Event Record Structure (Cont'd)
 Event Record Structure
 Vista Event Logs (Cont'd)
 Vista Event Logs: Screenshots
 IIS Logs
 Parsing IIS Logs (Cont'd)
 Parsing IIS Logs (Cont'd)
 Parsing IIS Logs (Cont'd)
 Parsing IIS Logs (Cont'd)
 Parsing IIS Logs
 Parsing FTP Logs
 FTP sc-status Codes (Cont'd)
 FTP sc-status Codes (Cont'd)
 FTP sc-status Codes
 Parsing DHCP Server Logs (Cont'd)
 Parsing DHCP Server Logs
 Parsing Windows Firewall Logs
 Using the Microsoft Log Parser
 Module Flow: Other Audit Events
 Evaluating Account Management Events (Cont'd)
 Evaluating Account Management Events
 Examining Audit Policy Change Events
 Examining System Log Entries
 Examining Application Log Entries
 Examining Application Log Entries (Screenshot)
 Module Flow: Forensic Analysis of Event Logs
 Searching with Event Viewer
 Using EnCase to Examine Windows Event Log Files
 Windows Event Log Files Internals
 Module Flow: Windows Password Issues
 Understanding Windows Password Storage (Cont'd)
 Understanding Windows Password Storage
 Cracking Windows Passwords Stored on Running Systems (Cont'd)
 Cracking Windows Passwords Stored on Running Systems
 Exploring Windows Authentication Mechanisms
 LanMan Authentication Process
 NTLM Authentication Process
 Kerberos Authentication Process
 Sniffing and Cracking Windows Authentication Exchanges
 Cracking Offline Passwords
 Module Flow: Forensics Tools
 Windows Forensics Tool: OS Forensics
 Windows Forensics Tool: Helix3 Pro
 Helix3 Pro Screenshot
 Helix3 Pro Screenshot
 Integrated Windows Forensics Software: X-Ways Forensics
 X-Ways Forensics Screenshot
 X-Ways Trace
 Windows Forensic Toolchest (WFT)
 Built-in Tool: Sigverif
 Computer Online Forensic Evidence Extractor (COFEE)
 System Explorer
 Tool: System Scanner
 SecretExplorer
 Registry Viewer Tool: Registry Viewer
 Registry Viewer Tool: RegScanner
 Registry Viewer Tool: Alien Registry Viewer
 MultiMon
 CurrProcess
 Process Explorer
 Security Task Manager
 PrcView
 ProcHeapViewer
 Memory Viewer
 Tool: PMDump
 Word Extractor
 Belkasoft Evidence Center
 Belkasoft Browser Analyzer
 Metadata Assistant
 HstEx
 XpoLog Center Suite
 XpoLog Center Suite Screenshot
 LogViewer Pro
 Event Log Explorer
 LogMeister
 ProDiscover Forensics
 PyFlag
 LiveWire Investigator
 ThumbsDisplay
 ThumbsDisplay Screenshot
 DriveLook
 Module 08 Review
 

Module 09 - Data Acquisition and Duplication

Module Flow: Data Acquisition and Duplication Concepts
 Data Acquisition
 Forensic and Procedural Principles
 Types of Data Acquisition Systems
 Data Acquisition Formats (Cont'd)
 Data Acquisition Formats (Cont'd)
 Data Acquisition Formats
 Bit Stream vs. Backups
 Why to Create a Duplicate Image?
 Issues with Data Duplication
 Data Acquisition Methods (Cont'd)
 Data Acquisition Methods
 Determining the Best Acquisition Method (Cont'd)
 Determining the Best Acquisition Method
 Contingency Planning for Image Acquisitions (Cont'd)
 Contingency Planning for Image Acquisitions
 Data Acquisitions Mistakes
 Module Flow: Data Acquisition Types
 Rules of Thumb
 Static Data Acquisition
 Collecting Static Data
 Demo - Forensic Imaging Using Linux
 Demo - Forensic Imaging Using Windows
 Static Data Collection Process
 Live Data Acquisition
 Why Volatile Data is Important?
 Volatile Data (Cont'd)
 Volatile Data
 Order of Volatility
 Common Mistakes in Volatile Data Collection
 Volatile Data Collection Methodology (Cont'd)
 Volatile Data Collection Methodology (Cont'd)
 Volatile Data Collection Methodology
 Basic Steps in Collecting Volatile Data
 Types of Volatile Information (Cont'd)
 Types of Volatile Information (Cont'd)
 Types of Volatile Information (Cont'd)
 Types of Volatile Information (Cont'd)
 Types of Volatile Information (Cont'd)
 Types of Volatile Information (Cont'd)
 Types of Volatile Information (Cont'd)
 Types of Volatile Information (Cont'd)
 Types of Volatile Information (Cont'd)
 Types of Volatile Information (Cont'd)
 Types of Volatile Information
 Demo - WinTaylors
 Module Flow: Disk Acquisition Tool Requirements
 Disk Imaging Tool Requirements
 Disk Imaging Tool Requirements: Mandatory (Cont'd)
 Disk Imaging Tool Requirements: Mandatory
 Disk Imaging Tool Requirements: Optional (Cont'd)
 Disk Imaging Tool Requirements: Optional
 Module Flow: Validation Methods
 Validating Data Acquisitions
 Linux Validation Methods (Cont'd)
 Linux Validation Methods (Cont'd)
 Linux Validation Methods (Cont'd)
 Linux Validation Methods
 Windows Validation Methods
 Module Flow: Raid Data Acquisition
 Understanding RAID Disks (Cont'd)
 Understanding RAID Disks (Cont'd)
 Understanding RAID Disks
 Acquiring RAID Disks (Cont'd)
 Acquiring RAID Disks
 Remote Data Acquisition
 Module Flow: Acquisition Best Practices
 Acquisition Best Practices (Cont'd)
 Acquisition Best Practices (Cont'd)
 Acquisition Best Practices (Cont'd)
 Acquisition Best Practices
 Module Flow: Data Acquisition Software Tools
 Acquiring Data on Windows
 Acquiring Data on Linux
 dd Command
 dcfldd Command
 Extracting the MBR
 Netcat Command
 EnCase Forensic
 EnCase Forensic Screenshot
 Analysis Software: DriveSpy
 ProDiscover Forensics
 AccessData FTK Imager
 Mount Image Pro
 Data Acquisition Toolbox
 SafeBack
 ILookPI
 ILookPI Screenshot
 RAID Recovery for Windows
 R-Tools R-Studio
 F-Response
 PyFlag
 LiveWire Investigator
 ThumbsDisplay
 ThumbsDisplay Screenshot
 DataLifter
 X-Ways Forensics
 R-drive Image
 Demo - Forensic Imaging
 DriveLook
 DiskExplorer
 P2 eXplorer Pro
 Flash Retriever Forensic Edition
 Module Flow: Data Acquisition Hardware Tools
 US-LATT
 Image MASSter: Solo-4 (Super Kit)
 Image MASSter: RoadMASSter- 3
 Tableau TD1 Forensic Duplicator
 Logicube: Forensic MD5
 Logicube: Portable Forensic Lab
 Logicube: Forensic Talon
 Logicube: RAID I/O Adapter
 DeepSpar: Disk Imager Forensic Edition
 Logicube: USB Adapter
 Disk Jockey PRO
 Logicube: Forensic Quest-2
 Logicube: CloneCard Pro
 Logicube: EchoPlus
 Paraben Forensics Hardware: Chat Stick
 Image MASSter: Rapid Image 7020CS IT
 Digital Intelligence Forensic Hardware: UltraKit
 Digital Intelligence Forensic Hardware: UltraBay II
 Digital Intelligence Forensic Hardware: UltraBlock SCSI
 Digital Intelligence Forensic Hardware: HardCopy 3P
 Wiebetech: Forensics DriveDock v4
 Wiebetech: Forensics UltraDock v4
 Image MASSter: WipeMASSter
 Image MASSter: WipePRO
 Portable Forensic Systems and Towers: Forensic Air-Lite V MK III
 Forensic Tower IV Dual Xeon
 Digital Intelligence Forensic Hardware: FREDDIE
 DeepSpar: 3D Data Recovery
 Phase 1 Tool: PC-3000 Drive Restoration System
 Phase 2 Tool: DeepSpar Disk Imager
 Phase 3 Tool: PC-3000 Data Extractor
 Logicube: Cables
 Logicube: Adapters
 Logicube: GPStamp
 Logicube: OmniPort
 Logicube: CellDEK
 Paraben Forensics Hardware: Project-a-Phone
 Paraben Forensics Hardware: Mobile Field Kit
 Paraben Forensics Hardware: iRecovery Stick
 CelleBrite: UFED System
 CelleBrite: UFED Physical Pro
 Module 09 Review
 

Module 10 - Recovering Deleted Files and Deleted Partition

Module Flow: Recovering the Deleted Files
 Deleting Files
 What Happens When a File is Deleted in Windows?
 Recycle Bin in Windows (Cont'd)
 Recycle Bin in Windows
 Storage Locations of Recycle Bin in FAT and NTFS Systems
 How the Recycle Bin Works (Cont'd)
 How the Recycle Bin Works
 Demo - Recycle Bins
 Damaged or Deleted INFO File
 Damaged Files in Recycle Bin Folder
 Damaged Recycle Folder
 File Recovery in Mac OS X (Cont'd)
 File Recovery in Mac OS X
 File Recovery in Linux
 Module Flow: File Recovery Tools for Windows
 Recover My Files
 EASEUS Data Recovery Wizard
 PC INSPECTOR File Recovery
 Demo - PC INSPECTOR File Recovery
 Recuva
 DiskDigger
 Handy Recovery
 Quick Recovery
 Stellar Phoenix Windows Data Recovery
 Tools to Recover Deleted Files
 Tools to Recover Deleted Files
 Tools to Recover Deleted Files
 Module Flow: File Recovery Tools for Mac
 Mac File Recovery
 Mac Data Recovery
 Boomerang Data Recovery Software
 VirtualLab
 File Recovery Tools for Mac OS X
 Module Flow: File Recovery Tools for Linux
 R-Studio for Linux
 Quick Recovery for Linux
 Kernal for Linux Data Recovery
 TestDisk for Linux
 Demo - File Carving
 Module Flow: Recovering the Deleted Partitions
 Disk Partition
 Deletion of Partition
 Recovery of the Deleted Partition (Cont'd)
 Recovery of the Deleted Partition (Cont'd)
Recovery of the Deleted Partition (Cont'd)
Recovery of the Deleted Partition
 Module Flow: Partition Recovery Tools
 Active@ Partition Recovery for Windows
 Acronis Recovery Expert
 DiskInternals Partition Recovery
 NTFS Partition Data Recovery
 GetDataBack
 EASEUS Partition Recovery
 Advanced Disk Recovery
 Power Data Recovery
 Remo Recover (Mac) - Pro
 Mac Data Recovery Software
 Quick Recovery for Linux
 Stellar Phoenix Linux Data Recovery Software
 Tools to Recover Deleted Partitions
 Tools to Recover Deleted Partitions
 Demo - Partition Recovery
 Module 10 Review
 


Module 11 - Forensics Investigation Using AccessData FTK

Module Flow: Overview and Installation of FTK
 Overview of Forensic Toolkit (FTK)
 Features of FTK
 Software Requirement
 Configuration Option
 Database Installation (Cont'd)
 Database Installation
 FTK Application Installation (1 of 6)
 FTK Application Installation (2 of 6)
 FTK Application Installation (3 of 6)
 FTK Application Installation (4 of 6)
 FTK Application Installation (5 of 6)
 FTK Application Installation (6 of 6)
 Module Flow: FTK Case Manager User Interface
 Case Manager Window
 Case Manager Database Menu
 Setting Up Additional Users and Assigning Roles
 Case Manager Case Menu
 Assigning Users Shared Label Visibility
 Case Manager Tools Menu
 Recovering Processing Jobs
 Restoring an Image to a Disk
 Case Manager Manage Menu
 Managing Carvers
 Managing Custom Identifiers
 Module Flow: FTK Examiner User Interface
 FTK Examiner User Interface
 Menu Bar: File Menu
 Exporting Files
 Exporting Case Data to a Custom Content Image
 Exporting the Word List
 Menu Bar: Edit Menu
 Menu Bar: View Menu
 Menu Bar: Evidence Menu
 Menu Bar: Tools Menu
 Verifying Drive Image Integrity
 Demo - Verifying Image Integrity
 Mounting an Image to a Drive
 File List View
 Using Labels
 Creating and Applying a Label
 Module Flow: Starting with FTK
 Creating a case
 Selecting Detailed Options: Evidence Processing (Cont'd)
 Selecting Detailed Options: Evidence Processing
 Selecting Detailed Options: Fuzzy Hashing (Cont'd)
 Selecting Detailed Options: Fuzzy Hashing
 Selecting Detailed Options: Data Carving
 Selecting Detailed Options: Custom File Identification (Cont'd)
 Selecting Detailed Options: Custom File Identification
 Selecting Detailed Options: Evidence Refinement (Advanced) (Cont'd)
 Selecting Detailed Options: Evidence Refinement (Advanced)
Selecting Detailed Options: Index Refinement (Advanced) (Cont'd)
 Selecting Detailed Options: Index Refinement (Advanced)
 Module Flow: FTK Interface Tabs
 Demo - FTK Imaging and Adding
 FTK Interface Tabs
 Explore Tab
 Overview Tab
 Email Tab
 Graphics Tab
 Bookmarks Tab
 Live Search Tabs
 Volatile Tab
 Demo - File Overview Tab
 Module Flow: Adding and Processing Static, Live, and Remote Evidence
 Adding Evidence to a Case
 Evidence Groups
 Acquiring Local Live Evidence
 FTK Role Requirements For Remote Acquisition
 Types of Remote Information
 Acquiring Data Remotely Using Remote Device Management System (RDMS) (Cont'd)
 Acquiring Data Remotely Using Remote Device Management System (RDMS)
 Imaging Drives
 Mounting and Unmounting a Device
 Module Flow: Using and Managing Filters
 Accessing Filter Tools
 Using Filters
 Customizing Filters
 Using Predefined Filters
 Demo - Filtering
 Module Flow: Using Index Search and Live Search
 Conducting an Index Search
 Selecting Index Search Options
 Viewing Index Search Results
 Documenting Search Results
 Conducting a Live Search: Live Text Search
 Conducting a Live Search: Live Hex Search
 Conducting a Live Search: Live Pattern Search
 Demo - Indexed and Live Searches
 Demo - FTK File Carving
 Module Flow: Decrypting EFS and other Encrypted Files
 Decrypting EFS Files and Folders
 Decrypting MS Office Files
 Viewing Decrypted Files
 Decrypting Domain Account EFS Files from Live Evidence (Cont'd)
 Decrypting Domain Account EFS Files from Live Evidence
 Decrypting Credant Files
 Decrypting Safeboot Files
 Demo - FTK File Encryption
 Module Flow: Working with Reports
 Creating a Report
 Entering Case Information
 Managing Bookmarks in a Report
 Managing Graphics in a Report
 Selecting a File Path List
 Adding a File Properties List
 Making Registry Selections
 Selecting the Report Output Options
 Customizing the Formatting of Reports
 Viewing and Distributing a Report
 Demo - Reporting
 Module 11 Review
 

Module 12 - Forensics Investigation Using EnCase

Module Flow: Overview of EnCase Forensic
 Official Licensed Content Provided by EnCase to EC-Council
 Overview of EnCase Forensic
 EnCase Forensic Features (Cont'd)
 EnCase Forensic Features
 EnCase Forensic Platform
 EnCase Forensic Modules (Cont'd)
 EnCase Forensic Modules
 Module Flow: Installing EnCase Forensic
 Minimum Requirements
 Installing the Examiner
 Installed Files
 Installing the EnCase Modules
 Configuring EnCase
 Configuring EnCase: Case Options Tab
 Configuring EnCase: Global Tab
 Configuring EnCase: Debug Tab
 Configuring EnCase: Colors Tab and Fonts Tab
 Configuring EnCase: EnScript Tab and Storage Paths Tab
 Sharing Configuration (INI) Files
 Module Flow: EnCase Interface
 Demo - EnCase Options
 Main EnCase Window
 System Menu Bar
 Toolbar
 Panes Overview (Cont'd)
 Panes Overview
 Tree Pane
 Table Pane
 Table Pane: Table Tab
 Table Pane: Report Tab
 Table Pane: Gallery Tab
 Table Pane: Timeline Tab
 Table Pane: Disk Tab and Code Tab
 View Pane (Cont'd)
 View Pane
 Filter Pane
 Filter Pane Tabs
 Creating a Filter
 Creating Conditions
 Status Bar
 Demo - EnCase Tabs and Views
 Module Flow: Case Management
 Overview of Case Structure
 Case Management
 Indexing a Case (Cont'd)
 Indexing a Case
 Case Backup
 Options Dialog Box
 Logon Wizard
 New Case Wizard
 Setting Time Zones for Case Files
 Setting Time Zone Options for Evidence Files
 Module Flow: Working with Evidence
 Types of Entries
 Adding a Device (Cont'd)
 Adding a Device
 Adding a Device using Tableau Write Blocker (Cont'd)
 Adding a Device using Tableau Write Blocker
Performing a Typical Acquisition
 Acquiring a Device (Cont'd)
 Acquiring a Device
Canceling an Acquisition
 Verifying Evidence Files
 Demo - Imaging with EnCase
 Delayed Loading of Internet Artifacts
 Hashing the Subject Drive
 Logical Evidence File (LEF)
 Creating a Logical Evidence File (Cont'd)
 Creating a Logical Evidence File
 Recovering Folders on FAT Volumes
 Restoring a Physical Drive
 Demo - Restoring a Drive from an Image
 Module Flow: Source Processor
 Source Processor
 Starting to Work with Source Processor
 Setting Case Options
 Collection Jobs
 Creating a Collection Job (Cont'd)
 Creating a Collection Job
 Copying a Collection Job
 Running a Collection Job (Cont'd)
 Running a Collection Job
Analysis Jobs
 Creating an Analysis Job
 Running an Analysis Job (Cont'd)
 Running an Analysis Job
 Creating a Report (Cont'd)
 Creating a Report
 Demo - Enscripts
 Module Flow: Analyzing and Searching Files
 Viewing the File Signature Directory
 Performing a Signature Analysis
 Hash Analysis
 Hashing a New Case
 Demo - Signature Analysis and Hashing
 Creating a Hash Set
 Keyword Searches
 Creating Global Keywords
 Adding Keywords
 Importing and Exporting Keywords
 Searching Entries for Email and Internet Artifacts
 Viewing Search Hits
 Generating an Index
 Tag Records
 Demo - Keyword Searcher
 Module Flow: Viewing File Content
 Viewing Files
 Copying and Unerasing Files (Cont'd)
 Copying and Unerasing Files
Adding a File Viewer
 Demo - Adding a File Viewer
 Viewing File Content Using View Pane
 Viewing Compound Files
 Viewing Base64 and UUE Encoded Files
 Demo - Compound Files
 Module Flow: Bookmarking Items
 Bookmarks Overview
 Creating a Highlighted Data Bookmark
 Creating a Note Bookmark
 Creating a Folder Information/Structure Bookmark
 Creating a Notable File Bookmark
 Creating a File Group Bookmark
 Creating a Log Record Bookmark
 Creating a Snapshot Bookmark
 Organizing Bookmarks
 Copying/Moving a Table Entry into a Folder
 Viewing a Bookmark on the Table Report Tab
 Excluding Bookmarks (Cont'd)
 Excluding Bookmarks
 Copying Selected Items from One Folder to Another
 Demo - Bookmarks
 Module Flow: Reporting
Reporting
 Report User Interface
 Creating a Report Using the Report Tab
 Report Single/Multiple Files
 Viewing a Bookmark Report
 Viewing an Email Report
 Viewing a Webmail Report
 Viewing a Search Hits Report
 Creating a Quick Entry Report
 Creating an Additional Fields Report
 Exporting a Report
 Demo - Reporting
 Module 12 Review
 

Module 13 - Steganography and Image File Forensics

Module Flow: Steganography
 What is Steganography?
 How Steganography Works
 Legal Use of Steganography
 Unethical Use of Steganography
 Module Flow: Steganography Techniques
 Steganography Techniques
 Application of Steganography
 Classification of Steganography
 Technical Steganography
 Linguistic Steganography (Cont'd)
 Linguistic Steganography
 Types of Steganography
 Image Steganography
 Least Significant Bit Insertion
 Masking and Filtering
 Algorithms and Transformation
 Image Steganography: Hermetic Stego
 Steganography Tool: S-Tools
 Image Steganography Tools
 Audio Steganography
 Audio Steganography Methods (Cont'd)
 Audio Steganography Methods
 Audio Steganography: Mp3stegz
 Audio Steganography Tools
 Video Steganography
 Video Steganography: MSU StegoVideo
 Video Steganography Tools
 Document Steganography: wbStego
 Byte Shelter I
 Document Steganography Tools
 Whitespace Steganography Tool: SNOW
 Folder Steganography: Invisible Secrets 4
 Demo - Invisible Secrets
 Folder Steganography Tools
 Spam/Email Steganography: Spam Mimic
 Steganographic File System
 Issues in Information Hiding
 Module Flow: Steganalysis
 Steganalysis
 How to Detect Steganography (Cont'd)
 How to Detect Steganography
 Detecting Text, Image, Audio, and Video Steganography (Cont'd)
 Detecting Text, Image, Audio, and Video Steganography
Steganalysis Methods/Attacks on Steganography
 Disabling or Active Attacks
 Steganography Detection Tool: Stegdetect
 Steganography Detection Tools
 Demo - Steg Detection
 Module Flow: Image Files
 Image Files
 Common Terminologies
 Understanding Vector Images
 Understanding Raster Images
 Metafile Graphics
 Understanding Image File Formats
 GIF (Graphics Interchange Format) (Cont'd)
 GIF (Cont'd)
 GIF
 JPEG (Joint Photographic Experts Group)
 JPEG Files Structure (Cont'd)
 JPEG Files Structure
 JPEG 2000
 BMP (Bitmap) File
 BMP File Structure
 PNG (Portable Network Graphics)
 PNG File Structure
 TIFF (Tagged Image File Format)
 TIFF File Structure (Cont'd)
 TIFF File Structure
 Module Flow: Data Compression
 Understanding Data Compression
 How Does File Compression Work?
 Lossless Compression
 Huffman Coding Algorithm (Cont'd)
 Huffman Coding Algorithm
 Lempel-Ziv Coding Algorithm (Cont'd)
 Lempel-Ziv Coding Algorithm
 Lossy Compression
 Vector Quantization
 Module Flow: Locating and Recovering Image Files
 Best Practices for Forensic Image Analysis
 Forensic Image Processing Using MATLAB
 Advantages of MATLAB
 MATLAB Screenshot
 Locating and Recovering Image Files
 Analyzing Image File Headers
 Repairing Damaged Headers (Cont'd)
 Repairing Damaged Headers
 Reconstructing File Fragments
 Identifying Unknown File Formats
 Identifying Image File Fragments
 Identifying Copyright Issues on Graphics
 Picture Viewer: IrfanView
 Picture Viewer: ACDSee Photo Manager 12
 Picture Viewer: Thumbsplus
 Picture Viewer: AD Picture Viewer Lite
 Picture Viewer Max
 Picture Viewer: FastStone Image Viewer
 Picture Viewer: XnView
 Demo - Picture Viewers
 Faces - Sketch Software
 Digital Camera Data Discovery Software: File Hound
 Module Flow: Image File Forensics Tools
 Hex Workshop
 GFE Stealth - Forensics Graphics File Extractor
 Ilook
 Adroit Photo Forensics 2011
 Digital Photo Recovery
 Digital Photo Recovery Screenshots
 Stellar Phoenix Photo Recovery Software
 Zero Assumption Recovery (ZAR)
 Photo Recovery Software
 Forensic Image Viewer
 File Finder
 DiskGetor Data Recovery
 DERescue Data Recovery Master
 Recover My Files
 Universal Viewer
 Module 13 Review
 

Module 14 - Application Password Crackers

Module Flow: Password Cracking Concepts
 Password - Terminology
 Password Types
 Password Cracker
 How Does a Password Cracker Work?
 How Hash Passwords are Stored in Windows SAM
 Module Flow: Types of Password Attacks
 Password Cracking Techniques
 Types of Password Attacks
 Passive Online Attacks: Wire Sniffing
 Password Sniffing
 Passive Online Attack: Man-in-the-Middle and Replay Attack
 Active Online Attack: Password Guessing
 Active Online Attack: Trojan/Spyware/keylogger
 Active Online Attack: Hash Injection Attack
 Rainbow Attacks: Pre-Computed Hash
 Distributed Network Attack
 Elcomsoft Distributed Password Recovery
 Non-Electronic Attacks
 Manual Password Cracking (Guessing)
 Automatic Password Cracking Algorithm
 Time Needed to Crack Passwords
 Classification of Cracking Software
 Systems Software vs. Applications Software
 Module Flow: System Software Password Cracking
 System Software Password Cracking
 Bypassing BIOS Passwords
 Using Manufacturer's Backdoor Password to Access the BIOS
 Using Password Cracking Software
 CmosPwd
 Resetting the CMOS using the Jumpers or Solder Beads
 Removing CMOS Battery
 Overloading the Keyboard Buffer and Using a Professional Service
 Tool to Reset Admin Password: Active@ Password Changer
 Tool to Reset Admin Password: Windows Key
 Module Flow: Application Software Password Cracking
 Passware Kit Forensic
 Accent Keyword Extractor
 Distributed Network Attack
 Password Recovery Bundle
 Advanced Office Password Recovery
 Office Password Recovery
 Office Password Recovery Toolbox
 Office Multi-document Password Cracker
 Word Password Recovery Master
 Accent WORD Password Recovery
 Word Password
 PowerPoint Password Recovery
 PowerPoint Password
 Powerpoint Key
 Stellar Phoenix Powerpoint Password Recovery
 Excel Password Recovery Master
 Accent EXCEL Password Recovery
 Excel Password
 Advanced PDF Password Recovery
 PDF Password Cracker
 PDF Password Cracker Pro
 Atomic PDF Password Recovery
 PDF Password
 Recover PDF Password
 Appnimi PDF Password Recovery
 Advanced Archive Password Recovery
 KRyLack Archive Password Recovery
 Zip Password
 Atomic ZIP Password Recovery
 RAR Password Unlocker
 Demo - Office Password Cracking
 Default Passwords
 http://www.defaultpassword.com
 http://www.cirt.net/passwords
 http://default-password.info
 http://www.defaultpassword.us
 http://www.passwordsdatabase.com
 http://www.virus.org
 Module Flow: Password Cracking Tools
 L0phtCrack
 OphCrack
 Cain & Abel
 RainbowCrack
 Windows Password Unlocker
 Windows Password Breaker
 SAMInside
 PWdump7 and Fgdump
 Password Cracking Tools
 Demo - System Password Cracking
 Module 14 Review
 

Module 15 - Log Capturing and Event Correlation

Module Flow: Computer Security Logs
 Computer Security Logs
 Operating System Logs
 Application Logs
 Security Software Logs
 Router Log Files
 Honeypot Logs
 Linux Process Accounting
 Logon Event in Windows
 Windows Log File
 Configuring Windows Logging
 Analyzing Windows Logs
 Windows Log File: System Logs
 Windows Log Files: Application Logs
 Logon Events that appear in the Security Event Log (Cont'd)
 Logon Events that appear in the Security Event Log
 Demo - Windows Event Viewer
 IIS Logs
 IIS Log File Format
 Maintaining Credible IIS Log Files
 Log File Accuracy
 Log Everything
 Keeping Time
 UTC Time
 View the DHCP Logs
 Sample DHCP Audit Log File
 ODBC Logging
 Module Flow: Logs and Legal Issues
 Legality of Using Logs (Cont'd)
 Legality of Using Logs
 Records of Regularly Conducted Activity as Evidence
 Laws and Regulations
 Module Flow: Log Management
 Log Management
 Functions of Log Management
 Challenges in Log Management
 Meeting the Challenges in Log Management
 Module Flow: Centralized Logging and Syslogs
 Centralized Logging
 Centralized Logging Architecture
 Steps to Implement Central Logging
 Syslog
 Syslog in Unix-Like Systems
 Steps to Set Up a Syslog Server for Unix Systems
 Advantages of Centralized Syslog Server
 IIS Centralized Binary Logging
 Module Flow: Time Synchronization
 Why Synchronize Computer Times?
 What is NTP?
 NTP Stratum Levels (Cont'd)
 NTP Stratum Levels
 NIST Time Servers (Cont'd)
 NIST Time Servers
 Configuring Time Server in Windows Server
 Module Flow: Event Correlation
 Event Correlation
 Types of Event Correlation
 Prerequisites for Event Correlation
 Event Correlation Approaches (Cont'd)
 Event Correlation Approaches
 Module Flow: Log Capturing and Analysis Tools
 GFI EventsManager
 GFI EventsManager Screenshot
 Activeworx Security Center
 EventLog Analyzer
 EventLog Analyzer Screenshot
 Syslog-ng OSE
 Syslog-ng Screenshot
 Kiwi Syslog Server
 Kiwi Syslog Server Screenshot
 WinSyslog
 Firewall Analyzer: Log Analysis Tool
 Firewall Analyzer Architecture
 Firewall Analyzer Screenshot
 Activeworx Log Center
 EventReporter
 Kiwi Log Viewer
 Event Log Explorer
 WebLog Expert
 XpoLog Center Suite
 XpoLog Center Suite Screenshot
 ELM Event Log Monitor
 EventSentry
 LogMeister
 LogViewer Pro
 WinAgents EventLog Translation Service
 EventTracker Enterprise
 Corner Bowl Log Manager
 Ascella Log Monitor Plus
 FLAG - Forensic and Log Analysis GUI
 FLAG Screenshot
 Simple Event Correlator (SEC)
 OSSEC
 Module 15 Review
 

Module 16 - Network Forensics, Investigating Logs and Investigating Network Traffic

Module Flow: Network Forensics
 Network Attack Statistics
 Network Forensics
 Network Forensics Analysis Mechanism
 Network Addressing Schemes
 Overview of Network Protocols
 Overview of Physical and Data-Link Layer of the OSI Model
 Overview of Network and Transport Layer of the OSI Model
 OSI Reference Model
 TCP/IP Protocol
 Intrusion Detection Systems (IDS) and Their Placement
 How IDS Works
 Types of Intrusion Detection Systems
 General Indications of Intrusions
 Firewall
 Honeypot
 Module Flow: Network Attacks
 Network Vulnerabilities
 Types of Network Attacks
 IP Address Spoofing
 Man-in-the-Middle Attack
 Packet Sniffing
 How a Sniffer Works
 Enumeration
 Denial of Service Attack
 Session Sniffing
 Buffer Overflow
 Trojan Horse
 Module Flow: Log Injection Attacks
 New Line Injection Attack
 New Line Injection Attack Countermeasure
 Separator Injection Attack (Cont'd)
 Separator Injection Attack
 Defending Separator Injection Attacks
 Timestamp Injection Attack (Cont'd)
 Timestamp Injection Attack
 Defending Timestamp Injection Attacks
 Word Wrap Abuse Attack
 Defending Word Wrap Abuse Attacks
 HTML Injection Attack
 Defending HTML Injection Attacks
 Terminal Injection Attack
 Defending Terminal Injection Attacks
 Module Flow: Investigating and Analyzing Logs
 Postmortem and Real-Time Analysis
 Where to Look for Evidence
 Log Capturing Tool: ManageEngine EventLog Analyzer
 Log Capturing Tool: ManageEngine Firewall Analyzer
 Log Capturing Tool: GFI EventsManager
 GFI EventsManager Screenshot
 Log Capturing Tool: Kiwi Syslog Server
 Kiwi Syslog Server Screenshot
 Handling Logs as Evidence
 Log File Authenticity
 Demo - Kiwi Log Viewer
 Use Signatures, Encryption, and Checksums
 Work with Copies
 Ensure System's Integrity
 Access Control
 Chain of Custody
 Condensing Log File
 Module Flow: Investigating Network Traffic
 Why Investigate Network Traffic?
 Evidence Gathering via Sniffing
 Capturing Live Data Packets Using Wireshark
 Wireshark Screenshot
 Display Filters in Wireshark
 Additional Wireshark Filters
 Demo - Wireshark
 Acquiring Traffic Using DNS Poisoning Techniques
 Intranet DNS Spoofing (Local Network)
 Intranet DNS Spoofing (Remote Network)
 Proxy Server DNS Poisoning
 DNS Cache Poisoning
 Evidence Gathering from ARP Table
 Evidence Gathering at the Data-Link Layer: DHCP Database
 Gathering Evidence by IDS
 Module Flow: Traffic Capturing and Analysis Tools
 NetworkMiner
 Tcpdump/Windump
 Intrusion Detection Tool: Snort
 How Snort Works
 IDS Policy Manager
 MaaTec Network Analyzer
 Iris Network Traffic Analyzer
 NetWitness Investigator
 NetWitness Investigator Screenshot
 Colasoft Capsa Network Analyzer
 Sniff - O - Matic
 NetResident
 Network Probe
 NetFlow Analyzer
 OmniPeek Network Analyzer
 Firewall Evasion Tool: Traffic IQ Professional
 NetworkView
 CommView
 Observer
 SoftPerfect Network Protocol Analyzer
 EffeTech HTTP Sniffer
 Big-Mother
 EtherDetect Packet Sniffer
 Ntop
 EtherApe
 Demo - Nmap
 AnalogX Packetmon
 IEInspector HTTP Analyzer
 SmartSniff
 Distinct Network Monitor
 Give Me Too
 EtherSnoop
 Show Traffic
 Argus
 Documenting the Evidence Gathered on a Network
 Module 16 Review
 

Module 17 - Investigating Wireless Attacks

Module Flow: Wireless Technologies
 Wi-Fi Usage Statistics in the US
 Wireless Networks
 Wireless Terminologies
 Wireless Components
 Types of Wireless Networks
 Wireless Standards
 MAC Filtering
 Service Set Identifier (SSID)
 Types of Wireless Encryption: WEP
 Types of Wireless Encryption: WPA
 Types of Wireless Encryption: WPA2
 WEP vs. WPA vs. WPA2
 Module Flow: Wireless Attacks
 Wi-Fi Chalking
 Wi-Fi Chalking Symbols
 Access Control Attacks (Cont'd)
 Access Control Attacks
 Integrity Attacks (Cont'd)
 Integrity Attacks
 Confidentiality Attacks (Cont'd)
 Confidentiality Attacks
 Availability Attacks (Cont'd)
 Availability Attacks
 Authentication Attacks (Cont'd)
 Authentication Attacks
 Module Flow: Investigating Wireless Attacks
 Key Points to Remember
 Steps for Investigation
 Obtain a Search Warrant
 Identify Wireless Devices at Crime Scene (Cont'd)
 Identify Wireless Devices at Crime Scene
 Search for Additional Devices
 Detect Rogue Access Point
 Document the Scene and Maintain a Chain of Custody
 Detect the Wireless Connections
 Methodologies to Detect Wireless Connections
 Wi-Fi Discovery Tool: inSSIDer
 GPS Mapping
 GPS Mapping Tool: WIGLE
 GPS Mapping Tool: Skyhook
 How to Discover Wi-Fi Networks Using Wardriving
 Check for MAC Filtering (Cont'd)
 Check for MAC Filtering
 Changing the MAC Address (Cont'd)
 Changing the MAC Address
 Detect WAPs Using the Nessus Vulnerability Scanner
 Capturing Wireless Traffic
 Sniffing Tool: Wireshark
 Follow TCP Stream in Wireshark
 Display Filters in Wireshark
 Additional Wireshark Filters
 Determine Wireless Field Strength: FSM
 Determine Wireless Field Strength: ZAP Checker Products
 What is Spectrum Analysis?
 Map Wireless Zones and Hotspots
 Connect to the Wireless Access Point (Cont'd)
 Connect to the Wireless Access Point
Access Point Data Acquisition and Analysis: Attached Devices
 Access Point Data Acquisition and Analysis: LAN TCP/IP Setup
 Access Point Data Acquisition and Analysis
 Firewall Analyzer
 Firewall Log Analyzer
 Wireless Devices Data Acquisition and Analysis (Cont'd)
 Wireless Devices Data Acquisition and Analysis
 Report Generation
 Module Flow: Features of a Good Wireless Forensics Tool
 Features of a Good Wireless Forensics Tool (Cont'd)
 Features of a Good Wireless Forensics Tool
 Module Flow: Wireless Forensics Tools
 Wi-Fi Discovery Tool: NetStumbler
 Demo - inSSIDer NetStumbler
 Wi-Fi Discovery Tool: NetSurveyor
 Wi-Fi Discovery Tool: Vistumbler
 Wi-Fi Discovery Tool: WirelessMon
 Wi-Fi Discovery Tool: Kismet
 Wi-Fi Discovery Tool: AirPort Signal
 Wi-Fi Discovery Tools
 Wi-Fi Packet Sniffer: OmniPeek (Cont'd)
 Wi-Fi Packet Sniffer: OmniPeek
Wi-Fi Packet Sniffer: CommView for WiFi
 Wi-Fi USB Dongle: AirPcap
 Wi-Fi Packet Sniffer: Wireshark with AirPcap
 Wi-Fi Packet Sniffer: tcpdump
 tcpdump Commands (Cont'd)
 tcpdump Commands
 Wi-Fi Packet Sniffer: KisMAC
 Aircrack-ng Suite
 Demo - AirCrack
 AirMagnet WiFi Analyzer
 Wardriving Tools
 RF Monitoring Tools
 Wi-Fi Connection Manager Tools
 Wi-Fi Traffic Analyzer Tools
 Wi-Fi Raw Packet Capturing Tools / Wi-Fi Spectrum Analyzing Tools
 Module 17 Review
 

Module 18 - Investigating Web Attacks

Module Flow: Introduction to Web Applications and Web Servers
 Web Application Security Statistics
 Webserver Market Shares
 Introduction to Web Applications
 Web Application Components
 How Web Applications Work
 Web Application Architecture
 Open Source Web Server Architecture
 Indications of a Web Attack
 Web Attack Vectors
 Why Web Servers are Compromised
 Impact of Web Server Attacks
 Website Defacement
 Case Study
 Module Flow: Web Logs
 Overview of Web Logs
 Application Logs
 Internet Information Services (IIS) Logs
 IIS Web Server Architecture
 IIS Log File Format
 Apache Web Server Logs
 DHCP Server Logs
 Module Flow: Web Attacks
 Web Attacks - 1
 Web Attacks - 2
 Unvalidated Input
 Parameter/Form Tampering
 Directory Traversal
 Security Misconfiguration
 Injection Flaws
 SQL Injection Attacks
 Command Injection Attacks
 Command Injection Example
 File Injection Attack
 What is LDAP Injection?
 How LDAP Injection Works
 Hidden Field Manipulation Attack
 Cross-Site Scripting (XSS) Attacks
 How XSS Attacks Work
 Cross-Site Request Forgery (CSRF) Attack
 How CSRF Attacks Work
 Web Application Denial-of-Service (DoS) Attack
 Denial of Service (DoS) Examples
 Buffer Overflow Attacks
 Cookie/Session Poisoning
 How Cookie Poisoning Works
 Session Fixation Attack
 Insufficient Transport Layer Protection
 Improper Error Handling
 Insecure Cryptographic Storage
 Broken Authentication and Session Management
 Unvalidated Redirects and Forwards
 DMZ Protocol Attack/ Zero Day Attack
 Log Tampering
 URL Interpretation and Impersonation Attack
 Web Services Attack
 Web Services Footprinting Attack
 Web Services XML Poisoning
 Web Server Misconfiguration
 Example
 HTTP Response Splitting Attack
 Web Cache Poisoning Attack
 HTTP Response Hijacking
 SSH Bruteforce Attack
 Man-in-the-Middle Attack
 Defacement Using DNS Compromise
 Module Flow: Web Attack Investigation
 Investigating Web Attacks
 Investigating Web Attacks in Windows-Based Servers (Cont'd)
 Investigating Web Attacks in Windows-Based Servers
 Investigating IIS Logs
 Investigating Apache Logs (Cont'd)
 Investigating Apache Logs
 Example of FTP Compromise
 Investigating FTP Servers
 Investigating Static and Dynamic IP Addresses
 Sample DHCP Audit Log File
 Investigating Cross-Site Scripting (XSS) (Cont'd)
 Investigating Cross-Site Scripting (XSS)
 Investigating SQL Injection Attacks (Cont'd)
 Investigating SQL Injection Attacks
 Pen-Testing CSRF Validation Fields
 Investigating Code Injection Attack
 Investigating Cookie Poisoning Attack
 Detecting Buffer Overflow
 Investigating Authentication Hijacking
 Web Page Defacement
 Investigating DNS Poisoning
Intrusion Detection
 Security Strategies for Web Applications
 Checklist for Web Security
 Module Flow: Web Attack Detection Tools
 Demo - Nessus
 Web Application Security Tool: Acunetix Web Vulnerability Scanner
 Web Application Security Tool: Falcove Web Vulnerability Scanner
 Web Application Security Tool: Netsparker
 Web Application Security Tool: N-Stalker Web Application Security Scanner
 Web Application Security Tool: Sandcat
 Web Application Security Tool: Wikto
 Web Application Security Tools: WebWatchBot
 Web Application Security Tool: OWASP ZAP
 Web Application Security Tool: SecuBat Vulnerability Scanner
 Web Application Security Tool: Websecurify
 Web Application Security Tool: HackAlert
 Web Application Security Tool: WebCruiser
 Web Application Firewall: dotDefender
 Web Application Firewall: IBM AppScan
 Web Application Firewall: ServerDefender VP
 Web Log Viewer : Deep Log Analyzer
 Web Log Viewer: WebLog Expert
 Web Log Viewer: AlterWind Log Analyzer
 Web Log Viewer: Webalizer
 Web Log Viewer: eWebLog Analyzer
 Web Log Viewer: Apache Logs Viewer (ALV)
 Web Attack Investigation Tool: AWStats
 Web Attack Investigation Tools: Paros Proxy
 Web Attack Investigation Tools: Scrawlr
 Module Flow: Tools for Locating IP Addresses
 Whois Lookup (Cont'd)
 Whois Lookup Result
 SmartWhois
 ActiveWhois
 LanWhoIs
 CountryWhois
 CallerIP
 Real Hide IP
 Demo - Real Hide IP
 IP - Address Manager
 Pandora FMS
 Demo - Whois Lookup
 Module 18 Review
 

Module 19 - Tracking Emails and Investigating Email Crimes

Module Flow: Email System Basics
 Email Terminology
 Email System
 Email Clients
 Email Server
 SMTP Server
 POP3 and IMAP Servers
 Email Message
 Importance of Electronic Records Management
 Module Flow: Email Crimes
 Email Crime
 Email Spamming
 Mail Bombing/Mail Storm
 Phishing (Cont'd)
 Phishing
 Email Spoofing
 Crime via Chat Room
 Identity Fraud/Chain Letter
 Module Flow: Email Headers
 Example of Email Header
 List of Common Headers (Cont'd)
 List of Common Headers
Module Flow: Steps to Investigate
 Why to Investigate Emails
 Investigating Email Crime and Violation
 Obtain a Search Warrant and Seize the Computer and Email Account
 Obtain a Bit-by-Bit Image of Email Information
 Examine Email Headers
 Viewing Email Headers in Microsoft Outlook
 Viewing Email Headers in AOL
 Viewing Email Headers in Hotmail
 Viewing Email Headers in Gmail
 Viewing Headers in Yahoo Mail
 Forging Headers
 Analyzing Email Headers (Cont'd)
 Analyzing Email Headers
 Email Header Fields
 Received: Headers
 Demo - Email Headers
 Microsoft Outlook Mail
 Examining Additional Files (.pst or .ost Files)
 Checking the Email Validity
 Examine the Originating IP Address
 Tracing Back
 Tracing Back Web-Based Email
 Email Archives
 Content of Email Archives
 Local Archive (Cont'd)
 Local Archive
 Server Storage Archive (Cont'd)
 Server Storage Archive
 Forensic Acquisition of Email Archive (Cont'd)
 Forensic Acquisition of Email Archive
Deleted Email Recovery
 Module Flow: Email Forensics Tools
 Stellar Phoenix Deleted Email Recovery
 Recover My Email
 Outlook Express Recovery
 Zmeil
 Quick Recovery for MS Outlook
 Email Detective
 Email Trace - Email Tracking
 R-Mail
 FINALeMAIL
 eMailTrackerPro
 Forensic Tool Kit (FTK)
 Paraben's E-mail Examiner
 Paraben's Network E-mail Examiner
 DiskInternal's Outlook Express Repair
 Abuse.Net
 MailDetective Tool
 Module Flow: Laws and Acts against Email Crimes
 U.S. Laws Against Email Crime: CAN-SPAM Act (Cont'd)
 U.S. Laws Against Email Crime: CAN-SPAM Act
 18 U.S.C. - 2252A
 18 U.S.C. - 2252B
 Email Crime Law in Washington: RCW 19.190.020
 Module 19 Review


Module 20 - Mobile Forensics

Module Flow: Mobile Phones
 Smartphone Sales Statistics 2010/2011
 Mobile Phone
 Different Mobile Devices
 Hardware Characteristics of Mobile Devices
 Software Characteristics of Mobile Devices
 Components of Cellular Network
 Cellular Network
 Different Cellular Networks
 Module Flow: Mobile Operating Systems
 Mobile Operating Systems
 Types of Mobile Operating Systems
 webOS
 webOS System Architecture
 Symbian OS
 Symbian OS Architecture
 Android OS
 Android OS Architecture
 RIM Blackberry OS
 Windows Phone 7
 Windows Phone 7 Architecture
 Apple iOS
 Module Flow: Mobile Forensics
 What a Criminal Can Do with Mobile Phones
 Mobile Forensics
 Mobile Forensics Challenges
 Forensics Information in Mobile Phones
 Memory Considerations in Mobiles
 Subscriber Identity Module (SIM)
 SIM File System
 Integrated Circuit Card Identification (ICCID)
 International Mobile Equipment Identifier (IMEI)
 Electronic Serial Number (ESN)
 Precautions to Be Taken Before Investigation (Cont'd)
 Precautions to Be Taken Before Investigation
Module Flow: Mobile Forensics Process
 Mobile Forensics Process
 Collecting the Evidence
 Points to Remember while Collecting the Evidence
 Collecting an iPod/iPhone Connected to a Computer
 Demo - Mac-based iPods
 Demo - Windows-based iPods
 Document the Scene and Preserve the Evidence (Cont'd)
 Document the Scene and Preserve the Evidence
 Imaging and Profiling
 Acquire the Information
 Device Identification
 Acquire Data from SIM Cards (Cont'd)
 Acquire Data from SIM Cards
 Acquire Data from Unobstructed Mobile Devices
 Acquire the Data from Obstructed Mobile Devices
 Acquire Data from Memory Cards (Cont'd)
 Acquire Data from Memory Cards
 Acquire Data from Synched Devices
 Gather Data from Network Operator
 Check Call Data Records (CDRs)
 Gather Data from SQLite Record (Cont'd)
 Gather Data from SQLite Record
 Analyze the Information (Cont'd)
 Analyze the Information
 Generate Report
 Module Flow: Mobile Forensics Software Tools
 Oxygen Forensic Suite 2011
 MOBILedit! Forensic
 MOBILedit! Forensic: Screenshot
 BitPim
 SIM Analyzer
 SIMCon
 SIM Card Data Recovery
 Memory Card Data Recovery
 Device Seizure
 SIM Card Seizure
 ART (Automatic Reporting Tool)
 iPod Data Recovery Software
 Recover My iPod
 PhoneView
 Elcomsoft Blackberry Backup Explorer
 Oxygen Phone Manager II
 Sanmaxi SIM Recoverer
 Mobile Forensics Tools
 Demo - Mobile Forensic Software
 Module Flow: Mobile Forensics Hardware Tools
 Secure View Kit
 Deployable Device Seizure (DDS)
 Paraben's Mobile Field Kit
 PhoneBase
 XACT System
 Logicube CellDEK
 Logicube CellDEK TEK
 RadioTactics ACESO
 UME-36Pro - Universal Memory Exchanger
 Cellebrite UFED System - Universal Forensic Extraction Device
 ZRT 2
 ICD 5200
 ICD 1300
 Module 20 Review
 

Module 21 - Investigative Reports

Module Flow: Computer Forensics Report
 Computer Forensics Report
 Salient Features of a Good Report (Cont'd)
 Salient Features of a Good Report
Aspects of a Good Report
 Module Flow: Computer Forensics Report Template
 Computer Forensics Report Template (Cont'd)
 Computer Forensics Report Template
 Simple Format of the Chain of Custody Document
 Chain of Custody Forms (Cont'd)
 Chain of Custody Forms
 Evidence Collection Form
 Computer Evidence Worksheet (Cont'd)
 Computer Evidence Worksheet
 Hard Drive Evidence Worksheet (Cont'd)
 Hard Drive Evidence Worksheet
Removable Media Worksheet
 Module Flow: Investigative Report Writing
 Report Classification
 Layout of an Investigative Report
 Layout of an Investigative Report: Numbering
 Report Specifications
 Guidelines for Writing a Report
 Use of Supporting Material
 Importance of Consistency
 Investigative Report Format
 Attachments and Appendices
 Include Metadata
 Signature Analysis
 Investigation Procedures
 Collecting Physical and Demonstrative Evidence
 Collecting Testimonial Evidence
 Do's and Don'ts of Computer Forensics Investigations
 Case Report Writing and Documentation
 Creating a Report to Attach to the Media Analysis Worksheet
 Best Practices for Investigators
 Module Flow: Sample Forensics Report
 Sample Forensics Report
 Sample Forensics Report 1 (1 of 5)
 Sample Forensics Report 1 (2 of 5)
 Sample Forensics Report 1 (3 of 5)
 Sample Forensics Report 1 (4 of 5)
 Sample Forensics Report 1 (5 of 5)
 Sample Forensics Report 2 (1 of 3)
 Sample Forensics Report 2 (2 of 3)
 Sample Forensics Report 2 (3 of 3)
 Module Flow: Report Writing Using Tools
 Writing Report Using FTK (1 of 10)
 Writing Report Using FTK (2 of 10)
 Writing Report Using FTK (3 of 10)
 Writing Report Using FTK (4 of 10)
 Writing Report Using FTK (5 of 10)
 Writing Report Using FTK (6 of 10)
 Writing Report Using FTK (7 of 10)
 Writing Report Using FTK (8 of 10)
 Writing Report Using FTK (9 of 10)
 Writing Report Using FTK (10 of 10)
 Writing Report Using ProDiscover (1 of 7)
 Writing Report Using ProDiscover (2 of 7)
 Writing Report Using ProDiscover (3 of 7)
 Writing Report Using ProDiscover (4 of 7)
 Writing Report Using ProDiscover (5 of 7)
 Writing Report Using ProDiscover (6 of 7)
 Writing Report Using ProDiscover (7 of 7)
 Demo - Investigative Reports
 Module 21 Review
 

Module 22 - Becoming an Expert Witness

Module Flow: Expert Witness
 What is an Expert Witness?
 Role of an Expert Witness
 What Makes a Good Expert Witness?
 Module Flow: Types of Expert Witnesses
 Types of Expert Witnesses
 Computer Forensics Experts
 Role of Computer Forensics Expert
 Medical & Psychological Experts
 Civil Litigation Experts
 Construction & Architecture Experts
 Criminal Litigation Experts
 Module Flow: Scope of Expert Witness Testimony
 Scope of Expert Witness Testimony (Cont'd)
 Scope of Expert Witness Testimony
 Technical Witness vs. Expert Witness
 Preparing for Testimony
 Module Flow: Evidence Processing
 Evidence Preparation and Documentation
 Evidence Processing Steps (Cont'd)
 Evidence Processing Steps
 Checklists for Processing Evidence
 Examining Computer Evidence
 Prepare the Report
 Evidence Presentation
 Module Flow: Rules for Expert Witness
 Rules Pertaining to an Expert Witness's Qualifications (Cont'd)
 Rules Pertaining to an Expert Witness' Qualification
 Daubert Standard
 Frye Standard
 Importance of Resume
 Testifying in the Court
 The Order of Trial Proceedings
 Module Flow: General Ethics While Testifying
 General Ethics While Testifying
 Importance of Graphics in a Testimony
 Helping your Attorney
 Avoiding Testimony Issues
 Testifying during Direct Examination (Cont'd)
 Testifying during Direct Examination
 Testifying during Cross-Examination
 Deposing
 Recognizing Deposition Problems
 Guidelines to Testifying at a Deposition
 Dealing with Media
 Finding a Computer Forensics Expert
 Learn More…
 Module 22 Review
 Course Closure




 
About Our Expert:
Wayne Burke - CEH, EC-Council Master Certified Instructor
Wayne Burke, Founder and CIO of SecureIA, is a captain of a global operating group of penetration testers and security experts. Wayne and his group have delivered assignments and customized training for Law Enforcement, Police, various Military Units, NSA, FBI, EPA and similar government bodies from South America, Africa, Philippines, Singapore, Malaysia and numerous Gulf locations to name a few from around the world. His office has become his next 12 hour international flight….

In Europe he works for numerous government agencies, corporate institutes and the military. Wayne is the creator of many popular security training tracks and has built the Certified Penetration Testing™ series. Wayne has had considerable IT Security experience in the fields of: Penetration Testing aka Ethical Hacking, Digital Forensics and Wireless Technologies.

His experience in the public / defense sectors is equally complemented by assignments undertaken for heavyweight world renowned corporations including Yahoo, Xerox, AT&T and Texas Instruments to name but a few. He is imminently qualified in his field in that he holds a string of professional qualifications in Networking to name a few (MCT, MCSE, Cisco, Network+) and IT Security (CIW Security Analyst , Security+, CEI, CEH, CPTE, CDFI, CPTM) besides a bachelor��s degree in science.

blackberry iphone cell phone forensics lab

 
 
PREREQUISITES
The following skills are desirable:
Prospective students need to have experience with computer hardware and network administration, and configuration.


Computer Forensics Training

What is included in your Computer Forensics Training Package?
 

  • 12 Months Online Training featuring live instructor-led classroom sessions with full audio, video and demonstration components
  • PLUS
  • Official EC-Council CHFI Courseware Kit (Value at $595)
    • CHF Iv8 printed textbook volume 1
    • CHFI v8 printed textbook volume 2
    • EC-Council Computer Hacking Forensics Investigator v8.0 Lab Manual
    • CHF Iv8 DVD pack
    • ECC Computer Hacking Forensic Investigator T-Shirt
    • EC-Council Logo Backpack
  • Step-by-step hands-on-demonstrations
  • Focused on practical solutions to real-world development problems
  • PREPARES YOU FOR THE EC0 312-49 EXAM V8
    NEWLY UPDATED TO V8

     


 

ORDER TODAY AND FOR A LIMITED TIME GET COMPTIA SECURITY+ FREE
Reg.  $1795
   $1395 On Sale.
FREE SHIPPING ORDER TODAY! 

OUT OF STOCK


Upon completion of this Advanced Digital Forensic Techniques training, students will be able to attempt the following exams:

SALE TO OUT OF STOCK UNAVAILABLE

DEMO

 

 

RELATED TRAINING:
Advanced Computer Forensics - see above
Penetration Testing PEN Test
CISSP Training
CEH Certified Ethical Hacker



 

 

.
Most training is in online format at this point.

Online Certification Training
5/5 stars
" A comprehensive collection of exam prep and training materials"
Ask a Question

certification training classes boot camp bootcamp

 Training Planet, Inc. / Certification City
 
An International Computer Support Training and Certification Services Company
Purchase Order Info Click Here
FREE SHIPPING on online orders*  except diagnostics
- U.S. and Canada Orders Only - Government APO/FPO OK

Ask a Question

FINANCING Available.

WE ACCEPT PURCHASE ORDERS



 

 


 

LIVE CLASSES ALSO OFFERED IN MOST CITIES.     
Albany, New York Albuquerque, New Mexico Alexandria, Virginia and Anchorage, Alaska.  Atlanta, Georgia Austin, Texas Baltimore, Maryland Birmingham, Alabama Bismark, North Dakota Boise, Idaho Boston, Massachusets Charlotte, North Carolina and Cheyenne, Wyoming. Chicago, Illinois Cincinnati, Ohio Cleveland, Ohio Columbus, Ohio Concord, New Hampshire Dallas, Texas Denver, Colorado. Des Moines, Iowa.
Detroit, Michigan Ft. Lauderdale, Florida. Ft. Wayne, Indiana Honolulu, Hawaii Houston, Texas Huntsville, Alabama Indianapolis, Indiana Jackson, Mississippi and Jackson, Wyoming Jacksonville, Florida Lexington, Kentucky Lincoln, Nebraska Los Angeles, California Las Vegas, Nevada. Miami, Florida Milwaukee, Wisconsin Minneapolis, Minnesota Montpelier, Vermont Nashville, Tennessee New Orleans, Louisiana New York City Norfolk, Virginia. Cisco Dallas Todd Lammle.
Oklahoma City, Oklahoma and Omaha, Nebraska Orlando, Florida Philadelphia, Pennsylvania Phoenix, Arizona Pierre, South Dakota Pittsburgh, Pennsylvania and Portland, Maine. Portland, Oregon Providence, Rhode Island.
Raleigh-Durham, North Carolina Richmond, Virginia.
Rockford, Illinois Sacramento, California. St. Louis, Missouri and Salt Lake City, Utah San Antonio, Texas San Diego, California and San Francisco, California San Jose, California Sandestin, Florida. Seattle, Washington Tulsa, Oklahoma Wichita, Kansas and Wilmington, Delaware Canada Ontario British Columbia Vancouver. Toronto Montreal Calgary and Winnipeg Quebec City Ottawa Edmunton.
 training planet blog certification city blog news



 



GET CERTIFIED
IN DAYS WITH
NATIONWIDE

mcse certification training cisco classes

MCSE Boot Camps
Cisco Boot Camp
PMP Boot Camp
CISSP Class
A+ / Network+

free training review
free course training reviews

>Watch short video instead



LIKE US
AND WIN!

 

THIS MONTHS MOST POPULAR COURSES ARE NOW ALL ON SALE!

 HUGE SPECIAL SALE!

TOP IT CERTIFICATIONS 2017

PC Diagnostics Microscope

 PMP Exam Prep

Microsoft Project

CAPM Certified Associate in Project Management

Certified Hacking Forensic Investigator
FREE Security+ training

CDIA+ Document Imaging

CISSP Certification

 

EVERTHING YOU NEED TO WORK
AND SUPPORT WITH CONFIDENCE!

 HUGE SPECIAL SALE!

 NEW to IT Bundle
Big Savings
Employability course package!

This bundle consists of:
CompTIA A+ Certification
Network+ Certification
Security+ Certifications

Each of the CompTIA program contains:
- Instructor led training delivered on interactive video 1 year Online Training Access
- E-Study guides
- Practice Quizzes


PROMO $795

MORE INFO 

Train your entire company or school with any of our titles for one low price!
Check out

Site License
Online Training
and
Networkable Solutions
Details

 

 

TRAINING PLANET BLOG REAL JOB RELATED NEWS.

FACEBOOK PAGE

GOOGLE +

COMPUTER TRAINING CHANNEL

LINKEDIN

TWITTER

signup