Difference between pages "Training Courses and Providers" and "Proxy server"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
(NON-COMMERCIAL TRAINING)
 
m (removed category: Encryption :))
 
Line 1: Line 1:
This is the list of Training Course Providers, who offer training courses at specific dates/times and locations (referred to by [[Upcoming_events]]). 
+
{{expand}}
  
<b>PLEASE READ BEFORE YOU EDIT THE LIST BELOW</b><br>
+
'''Proxy server''' is a server which services the requests of its clients by forwarding requests to other servers.
Providers of scheduled training courses should be listed in alphabetical order, and should be listed in only one section.  Non-Commercial training is typically offered by governmental agencies or organizations that directly support law enforcement.  Tool Vendor training is training offered directly by a specific tool vendor, which may apply broadly, but generally is oriented to the vendor's specific tool (or tool suite).  Commercial Training is training offered by commercial companies which may or may not be oriented to a specific tool/tool suite, but is offered by a company other than a tool vendor.
+
  
<i>Some training opportunities may be <u>limited</u> to <b>Law Enforcement Only</b> or to a specific audience.  Such restrictions should be noted when known.</i>
+
== Overview ==
  
The Conference and Training List is provided by the American Academy of Forensic Sciences (AAFS) Digital and Multi-media Listserv. 
+
Proxy servers are widely used by organizations and individuals for different purposes:
<i> (Subscribe by sending an email to listserv@lists.mitre.org with message body containing SUBSCRIBE AAFS-DIGITAL-MULTIMEDIA-LIST)</i>
+
Requests for additions, deletions or corrections to this list may be sent by email to David Baker <i>(bakerd AT mitre.org)</i>.
+
  
==NON-COMMERCIAL TRAINING==
+
* Internet sharing (like [[NAT]]);
{| border="0" cellpadding="2" cellspacing="2" align="top"
+
* Traffic compression;
|- style="background:#bfbfbf; font-weight: bold"
+
* Accelerating service requests by retrieving content from cache;
! width="40%"|Title
+
* and many others.
! width="40%"|Website
+
! width="20%"|Limitation
+
|-
+
|Defense Cyber Investigations Training Academy (DCITA)
+
|http://www.dc3.mil/dcita/dcitaAbout.php
+
|Limited To Certain Roles within US Government Agencies[http://www.dc3.mil/dcita/dcitaRegistration.php (1)]
+
|-
+
|Federal Law Enforcement Training Center
+
|http://www.fletc.gov/training/programs/computer-financial-intelligence/technical-operations
+
|Limited To Law Enforcement
+
|-
+
|MSU National Forensics Training Center
+
|http://www.security.cse.msstate.edu/ftc
+
|Limited To Law Enforcement
+
|-
+
|IACIS
+
|http://www.cops.org/training
+
|Limited To Law Enforcement and Affiliate Members of IACIS
+
|-
+
|SEARCH
+
|http://www.search.org/programs/hightech/calendar.asp
+
|Limited To Law Enforcement
+
|-
+
|National White Collar Crime Center
+
|http://www.nw3c.org/ocr/courses_desc.cfm
+
|Limited To Law Enforcement
+
|-
+
|}
+
  
==TOOL VENDOR TRAINING==
+
Proxy servers are often used for malicious purposes (such as fraud).
{| border="0" cellpadding="2" cellspacing="2" align="top"
+
|- style="background:#bfbfbf; font-weight: bold"
+
! width="40%"|Title
+
! width="40%"|Website
+
! width="20%"|Limitation
+
|-
+
|AccessData (Forensic Tool Kit FTK)
+
|http://www.accessdata.com/courses.html
+
|-
+
|ASR Data (SMART)
+
|http://www.asrdata.com/training/
+
|-
+
|BlackBag Technologies (Macintosh Forensic Suite and MacQuisition Boot Disk)
+
|http://www.blackbagtech.com/products/training.htm
+
|-
+
|CPR Tools (Data Recovery)
+
|http://www.cprtools.net/training.php
+
|-
+
|Guidance Software (EnCase)
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|Nuix (eDiscovery)
+
|http://www.nuix.com.au/eDiscovery.asp?active_page_id=147
+
|-
+
|Paraben (Paraben Suite)
+
|http://www.paraben-training.com/training.html
+
|-
+
|Technology Pathways(ProDiscover)
+
|http://www.techpathways.com/DesktopDefault.aspx?tabindex=6&tabid=9
+
|-
+
|SubRosaSoft (MacForensicsLab)
+
|http://www.macforensicslab.com/ProductsAndServices/index.php?main_page=index&cPath=2
+
|-
+
|WetStone Technologies (Gargoyle, Stego Suite, LiveWire Investigator)
+
|https://www.wetstonetech.com/trainings.html
+
|-
+
|X-Ways Forensics (X-Ways Forensics)
+
|http://www.x-ways.net/training/
+
|-
+
|}
+
  
==COMMERCIAL TRAINING==
+
== HTTP proxies ==
{| border="0" cellpadding="2" cellspacing="2" align="top"
+
 
|- style="background:#bfbfbf; font-weight: bold"
+
''These proxy servers are using HTTP.''
! width="40%"|Title
+
 
! width="40%"|Website
+
Example request (direct; with relative URI):
! width="20%"|Limitation
+
<pre>
|-
+
GET / HTTP/1.1
|Computer Forensic Training Center Online (CFTCO)
+
Host: cryptome.org
|http://www.cftco.com/
+
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en; rv:1.9.0.3) Gecko/20080528 Epiphany/2.22 Firefox/3.0
|-
+
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
|CCE Bootcamp
+
Accept-Encoding: gzip,deflate
|http://www.cce-bootcamp.com/
+
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
|-
+
Keep-Alive: 300
|e-fense Training
+
Connection: keep-alive
|http://www.e-fense.com/training.php
+
If-Modified-Since: Tue, 14 Oct 2008 13:59:19 GMT
|-
+
If-None-Match: "e01922-62e9-45937059ec2de"
|H-11 Digital Forensics
+
Cache-Control: max-age=0
|http://www.h11-digital-forensics.com/training/viewclasses.php
+
</pre>
|-
+
Example request (using proxy; with absolute URI):
|High Tech Crime Institute
+
<pre>
|http://www.gohtci.com
+
GET http://cryptome.org/ HTTP/1.1
|-
+
Host: cryptome.org
|Infosec Institute
+
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en; rv:1.9.0.3) Gecko/20080528 Epiphany/2.22 Firefox/3.0
|http://www.infosecinstitute.com/courses/security_training_courses.html
+
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
|-
+
Accept-Encoding: gzip,deflate
|ManTech Computer Security Training
+
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
|http://www.mantech.com/msma/isso.asp
+
Keep-Alive: 300
|-
+
Proxy-Connection: keep-alive
|Mobile Forensics, Inc
+
If-Modified-Since: Tue, 14 Oct 2008 13:59:19 GMT
|http://mobileforensicsinc.com/
+
If-None-Match: "e01922-62e9-45937059ec2de"
|-
+
Cache-Control: max-age=0
|NTI (an Armor Forensics Company)
+
</pre>
|http://www.forensics-intl.com/training.html
+
''Note:'' this HTTP request was intercepted on the way to proxy server.
|-
+
 
|Security University
+
According to RFC 2068 (section 5.1.2):
|http://www.securityuniversity.net/classes.php
+
<pre>
|-
+
The absoluteURI form is required when the request is being made to a proxy.
|Steganography Analysis and Research Center (SARC)
+
</pre>
|http://www.sarc-wv.com/training.aspx
+
 
|-
+
== HTTPS proxies ==
|SysAdmin, Audit, Network, Security Institute (SANS)
+
 
|http://www.sans.org/training/courses.php
+
''The same as above, but using HTTPS (HTTP over SSL/TLS).''
|-
+
 
|Vigilar
+
Sometimes HTTP proxies that support CONNECT method are called ''"HTTPS proxies"''. These HTTP proxies can tunnel almost every TCP-based protocol.
|http://www.vigilar.com/training/
+
 
|-
+
Example request:
|}
+
<pre>
 +
CONNECT home.netscape.com:443 HTTP/1.0
 +
User-agent: Mozilla/1.1N
 +
</pre>
 +
 
 +
== SOCKS proxies ==
 +
 
 +
SOCKS is an Internet protocol that allows client-server applications to transparently use the services of a network firewall.
 +
 
 +
== Web proxies (CGI proxies) ==
 +
 
 +
These are web sites that allow a user to access a site through them. They generally use PHP or CGI to implement the proxy functionality.
 +
 
 +
== Proxy detection ==
 +
 
 +
[[Category:Anti-Forensics]]
 +
[[Category:Network Forensics]]

Revision as of 14:06, 15 October 2008

Information icon.png

Please help to improve this article by expanding it.
Further information might be found on the discussion page.

Proxy server is a server which services the requests of its clients by forwarding requests to other servers.

Overview

Proxy servers are widely used by organizations and individuals for different purposes:

  • Internet sharing (like NAT);
  • Traffic compression;
  • Accelerating service requests by retrieving content from cache;
  • and many others.

Proxy servers are often used for malicious purposes (such as fraud).

HTTP proxies

These proxy servers are using HTTP.

Example request (direct; with relative URI):

GET / HTTP/1.1
Host: cryptome.org
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en; rv:1.9.0.3) Gecko/20080528 Epiphany/2.22 Firefox/3.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
If-Modified-Since: Tue, 14 Oct 2008 13:59:19 GMT
If-None-Match: "e01922-62e9-45937059ec2de"
Cache-Control: max-age=0

Example request (using proxy; with absolute URI):

GET http://cryptome.org/ HTTP/1.1
Host: cryptome.org
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en; rv:1.9.0.3) Gecko/20080528 Epiphany/2.22 Firefox/3.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Proxy-Connection: keep-alive
If-Modified-Since: Tue, 14 Oct 2008 13:59:19 GMT
If-None-Match: "e01922-62e9-45937059ec2de"
Cache-Control: max-age=0

Note: this HTTP request was intercepted on the way to proxy server.

According to RFC 2068 (section 5.1.2):

The absoluteURI form is required when the request is being made to a proxy.

HTTPS proxies

The same as above, but using HTTPS (HTTP over SSL/TLS).

Sometimes HTTP proxies that support CONNECT method are called "HTTPS proxies". These HTTP proxies can tunnel almost every TCP-based protocol.

Example request:

CONNECT home.netscape.com:443 HTTP/1.0
User-agent: Mozilla/1.1N 

SOCKS proxies

SOCKS is an Internet protocol that allows client-server applications to transparently use the services of a network firewall.

Web proxies (CGI proxies)

These are web sites that allow a user to access a site through them. They generally use PHP or CGI to implement the proxy functionality.

Proxy detection