Computer Forensic Essentials

Document Sample
Computer Forensic Essentials Powered By Docstoc
					                                                                                           Course Length
                                                                                              4 Days

                               Computer Forensic Essentials

                          This course is designed to introduce the student to concepts, techniques, and tools
  Course description:     providing a solid foundation in concepts related to the investigation, preservation,
                          and processing of computer based evidence.

                          Prior to attending this course, you will be asked to sign an agreement stating that
                          you will not use the newly acquired skills for illegal or malicious attacks and you
  Legal Agreement:        will not use such tools in an attempt to compromise any computer system. QCT
                          will not be held responsible for your wrong doing.

 Who should attend?       Systems administrators and those involved in responding to security incidents.

    Prerequisites:        The participants should have an in depth knowledge of Computer Essentials.

                          For the duration of the workshop, participants must have:
Course Requirements:
                                  a laptop with Windows XP SP2, Admin Access and USB ports

 Access is Restricted:    No Restriction.

                          In this course, you apply the latest Windows-based computer forensic techniques
Benefits of Attendance:   to uncover illicit activity and recover lost data. Every crime leaves behind clues.
                          With the right tools, you can effectively respond to and counteract security threats.

     Certification:       Computer Forensics Essentials Attendance Certificate
Course Outline

                 Lesson 1:
                 Computer crime overview and raid considerations


                 Lesson 2:
                 Operating systems and file systems

                      Difference between an Operating System and a file
                      File systems supported by DOS, Win9x and NT
                      Why we still use DOS in forensics
        Day 1
                 Lesson 3:
                 MSDOS commands

                      Internal and external commands
                      Directory structure and “Path”
                      Navigating between partitions and directories

                 Lesson 4:
                 Hardware, BIOS and CMOS

                      Types of hardware encountered
                      Role of the BIOS and CMOS
                      Information of interest in CMOS

                 Lesson 5:
                 Configuring & connecting hard drives

                      IDE
                      SCSI
                      SATA

                 Lesson 6:
                 Physical drive structure

                      Cylinder, Head, Sector addressing
        Day 2         Logical Block Addressing

                 Lesson 7:

                      Primary
                      Extended/logical drives
                      Hidden

                 Lesson 8:
                 Boot process & Drive letter assignment

                      DOS and Win9x
        Lesson 9:
        Write blockers

             Software
             Hardware
             DI's write blockers

        Lesson 10:
        Creating a control boot floppy
Day 3
        Lesson 11:
        Creating a duplicate image

        Lesson 12:
        Computer data

             Bits/Bytes
             ASCII
             Hexadecimal

        Lesson 13:
        FAT file system

             Formatting a logical drive
             Changes that occur when a file is saved
             Changes that occur when file is deleted and
                recovering deleted files

        Lesson 14:
        NTFS file system

             Formatting
             Changes that occur when a file is saved
             Changes that occur when file is deleted

Day 4   Lesson 15:
        Forensic examination topics

                 Date and time information (FAT and NTFS)
                 Long filenames
                 Recycle Bin
                 File types
                 Key word searches
                 Encryption
                       o Symmetric
                       o Asymmetric
                       o Win2K/XP EFS
                 Compression
                       o PK archives
                       o NTFS built-in compression
                 Carving from unallocated and slack space
                         Course name:     Computer Forensic Fundamentals
                         Duration:        4 day Course
                         Time:             9:00 - 16:00
                         Price:           R
                         Deposit:          R
                         Balance:         Due on first day of course
Bookings:                You can e-mail

                         You'll find the schedule dates at under the training link.

                         Course prices are subject to change due to new software releases, location, and
                         other circumstances. Classes are subject to cancellation within two weeks of the
                         class start date. Classes are guaranteed to run if not cancelled before this two week
                         period. Students can cancel up to two weeks before the class runs.

                         This course runs for 4 full days, usually from Monday to Thursday.

                         The hours are 9:00 to 14:00

                         Included in the course fee are:
Structure :
                                 Training manual
                                 Instructor led training
                                 Software DVD (freeware & trail Software)
                                 Refreshments, including lunch                                              E-mail: