Difference between pages "SANS" and "Forensic 408-Windows in Depth"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
(Created page with "The SANS Institute was established in 1989 as a cooperative research and education organization. Its programs now reach more than 165,000 security professionals around the wor...")
 
(Created page with "FOR408: COMPUTER FORENSIC INVESTIGATIONS - WINDOWS IN-DEPTH focuses on the critical knowledge of the Windows Operating System that every digital forensic analyst needs to inve...")
 
Line 1: Line 1:
The SANS Institute was established in 1989 as a cooperative research and education organization. Its programs now reach more than 165,000 security professionals around the world. A range of individuals from auditors and network administrators, to chief information security officers are sharing the lessons they learn and are jointly finding solutions to the challenges they face. At the heart of SANS are the many security practitioners in varied global organizations from corporations to universities working together to help the entire information security community.
+
FOR408: COMPUTER FORENSIC INVESTIGATIONS - WINDOWS IN-DEPTH focuses on the critical knowledge of the Windows Operating System that every digital forensic analyst needs to investigate computer incidents successfully. You will learn how computer forensic analysts focus on collecting and analyzing data from computer systems to track user-based activity that can be used in internal investigations or civil/criminal litigation.
  
SANS is the most trusted and by far the largest source for information security training and security certification in the world. It also develops, maintains, and makes available at no cost, the largest collection of research documents about various aspects of information security, and it operates the Internet's early warning system - the Internet Storm Center.
+
This course covers the methodology of in-depth computer forensic examinations, digital investigative analysis, and media exploitation so each student will have complete qualifications to work as a computer forensic investigator helping to solve and fight crime. In addition to in-depth technical knowledge of Windows Digital Forensics (Windows XP through Windows 8 and Server 2012), you will learn about well-known computer forensic tools such as Access Datas Forensic Toolkit (FTK), Guidance Softwares EnCase, Registry Analyzer, FTK Imager, Prefetch Analyzer, and much more. Many of the tools covered in the course are freeware, comprising a full-featured forensic laboratory that students can take with them.
  
Computer Security Training & Certification
+
Computer Forensic Investigations - Windows In-Depth course topics
  
SANS provides intensive, immersion training designed to help you and your staff master the practical steps necessary for defending systems and networks against the most dangerous threats - the ones being actively exploited. The courses are full of important and immediately useful techniques that you can put to work as soon as you return to your offices. They were developed through a consensus process involving hundreds of administrators, security managers, and information security professionals, and address both security fundamentals and awareness, and the in-depth technical aspects of the most crucial areas of IT security.
 
  
SANS training can be taken in a classroom setting from SANS-certified instructors, self-paced over the Internet, or in mentored settings in cities around the world. Each year, SANS programs educate more than 12,000 people in the US and internationally. To find the best teachers in each topic in the world, SANS runs a continuous competition for instructors. Last year more than 90 people tried out for the SANS faculty, but only five new people were selected.
+
'''COMPUTER FORENSIC INVESTIGATIONS - WINDOWS IN-DEPTH COURSE TOPICS'''
  
SANS also offers a Work Study Program through which, in return for acting as an important extension of SANS' conference staff, facilitators may attend classes at a greatly reduced rate. Facilitators are most definitely expected to pull their weight and the educational rewards for their doing so are substantial.
+
Windows File System Foundations
 +
 
 +
Evidence Acquisition Tools and Techniques
 +
 
 +
Law Enforcement Bag and Tag
 +
 
 +
Evidence Integrity
 +
 
 +
Registry Forensics
 +
 
 +
 
 +
'''Windows Artifact Analysis'''
 +
 
 +
Facebook, Gmail, Hotmail, Yahoo Chat and Webmail Analysis
 +
 
 +
E-Mail Forensics (Host, Server, Web)
 +
 
 +
Microsoft Office Document Analysis
 +
 
 +
Windows Link File Investigation
 +
 
 +
Windows Recycle Bin Analysis
 +
 
 +
File and Picture Metadata Tracking and Examination
 +
 
 +
Prefetch Analysis
 +
 
 +
Event Log File Analysis
 +
 
 +
Firefox, Chrome, and Internet Explorer Browser Forensics
 +
 
 +
Deleted File Recovery
 +
 
 +
String Searching and Data Carving
 +
 
 +
Examination of Cases involving Windows XP, VISTA, and Windows 7, and Windows 8
 +
 
 +
'''Media Analysis And Exploitation involving:'''
 +
 
 +
Tracking user communications using a Windows PC (e-mail, chat, IM, webmail)
 +
 
 +
Identifying if and how the suspect downloaded a specific file to the PC
 +
 
 +
Determining the exact time and number of times a suspect executed a program
 +
 
 +
Showing when any file was first and last opened by a suspect
 +
 
 +
Determining if a suspect had knowledge of a specific file
 +
 
 +
Showing the exact physical location of the system
 +
 
 +
Tracking and analysis of USB devices
 +
 
 +
Showing how the suspect logged on to the machine via the console, RDP, or network
 +
 
 +
Recovering and examining browser artifacts, even those used in private browsing mode
 +
 
 +
Forensic Analysis Report Writing
 +
 
 +
Fully Updated to include Windows 8 and Server 2012 Examinations

Revision as of 19:44, 21 June 2013

FOR408: COMPUTER FORENSIC INVESTIGATIONS - WINDOWS IN-DEPTH focuses on the critical knowledge of the Windows Operating System that every digital forensic analyst needs to investigate computer incidents successfully. You will learn how computer forensic analysts focus on collecting and analyzing data from computer systems to track user-based activity that can be used in internal investigations or civil/criminal litigation.

This course covers the methodology of in-depth computer forensic examinations, digital investigative analysis, and media exploitation so each student will have complete qualifications to work as a computer forensic investigator helping to solve and fight crime. In addition to in-depth technical knowledge of Windows Digital Forensics (Windows XP through Windows 8 and Server 2012), you will learn about well-known computer forensic tools such as Access Datas Forensic Toolkit (FTK), Guidance Softwares EnCase, Registry Analyzer, FTK Imager, Prefetch Analyzer, and much more. Many of the tools covered in the course are freeware, comprising a full-featured forensic laboratory that students can take with them.

Computer Forensic Investigations - Windows In-Depth course topics


COMPUTER FORENSIC INVESTIGATIONS - WINDOWS IN-DEPTH COURSE TOPICS

Windows File System Foundations

Evidence Acquisition Tools and Techniques

Law Enforcement Bag and Tag

Evidence Integrity

Registry Forensics


Windows Artifact Analysis

Facebook, Gmail, Hotmail, Yahoo Chat and Webmail Analysis

E-Mail Forensics (Host, Server, Web)

Microsoft Office Document Analysis

Windows Link File Investigation

Windows Recycle Bin Analysis

File and Picture Metadata Tracking and Examination

Prefetch Analysis

Event Log File Analysis

Firefox, Chrome, and Internet Explorer Browser Forensics

Deleted File Recovery

String Searching and Data Carving

Examination of Cases involving Windows XP, VISTA, and Windows 7, and Windows 8

Media Analysis And Exploitation involving:

Tracking user communications using a Windows PC (e-mail, chat, IM, webmail)

Identifying if and how the suspect downloaded a specific file to the PC

Determining the exact time and number of times a suspect executed a program

Showing when any file was first and last opened by a suspect

Determining if a suspect had knowledge of a specific file

Showing the exact physical location of the system

Tracking and analysis of USB devices

Showing how the suspect logged on to the machine via the console, RDP, or network

Recovering and examining browser artifacts, even those used in private browsing mode

Forensic Analysis Report Writing

Fully Updated to include Windows 8 and Server 2012 Examinations