- Training
- Training Live Events
- Training Without Travel
- Security Courses
- Security Curricula
- Certified Instructors
- Training Calendars
- SANS vLive! / SANS @Home
- SANS OnDemand
- Community SANS
- SANS Mentor Program
- Coins
- SANS Onsite
- SANS SelfStudy
- SANS Summit Series
- SANS Partnership Series
- Webcasts
- Work Study
- Events Archive
- DoD 8570
- Voucher Credit Program
- group discounts
- Certification
- Resources
- List of Resources
- Top 20 List
- Top 25 Programming Errors
- 20 Coolest Jobs
- Application Security Procurement Language
- Top 10 Security Trends
- Top 5 Essential Log Reports
- Reading Room
- Webcasts
- AudioCasts
- WhatWorks
- Newsletters
- RSS Feeds
- Calendar Feeds
- Security Thought Leaders
- Security Policy Project
- Security+ Study Guide
- SANS Buyers Guide
- Security Tool Demos
- 2008 Salary Survey
- Vendor
- Portal
- Storm Center
- College
- Developer
- About
The most trusted source for computer security training, certification and research.
select a course
Copenhagen, Denmark - March 26 - 31, 2007
- Hotel & Travel Info
- Faculty
- Vendor Expo
- General Info
- Vendor Events
- Special Events
- SANS @Night
- Brochure (PDF)
Intense, fast paced. Modern day Sherlock Holmes!
-Cody Drake, Allstate Ins. Co.
Security 508
6 Day Course
(Portal Account Required)
(SelfStudy Available)
For GIAC Certification
If you register for the full course, you may register to seek your GCFA Certification.
Online exam issued with 4-month deadline 7-10 days following conference.
Additional information:
GCFA Information
GIAC FAQ
Fee Information
For OnDemand Bundles
You can bundle SANS OnDemand online training and assessment package for an additional €379.00 EURO when registering for the full course. Additional information can be found at the OnDemand Bundles page and the OnDemand FAQ.
VAT Info
Danish VAT registration number: DK 30798309
Danish VAT registration number: DK 30798309
Course PDF
SANS Cyber
Guardian Program
Click here to Learn More.
System Forensics, Investigation & Response
Monday, March 26, 2007 - Saturday, March 31, 2007Jess Garcia, SANS Certified Instructor
6 CPE Credits per day
This advanced course is perfect for the diligent student conversant with Linux System Administration, Windows System Administration, TCP/IP, and Intrusion Detection Methodologies. If you are just beginning in information security, this course is not appropriate for you as the basics of the Linux and Windows operating systems are not covered in this program.
Unpatched, unprotected computers connected to the Internet are being compromised in 3 days or less. The Blaster Worm proves systems behind a firewall can become the victim of a successful attack. Security professionals must master a variety of operating systems, investigation techniques, incident response tactics, and even legal issues. Learn forensic techniques and tools in a lab-style, hands-on setting for both Windows and Linux investigations. This course emphasizes a "try-it-by-hand" approach so that any student attending will take with them a solid grasp of how open source and commercial forensic tools complete their tasks, without having to merely have faith in the tool. This is accomplished by teaching the fundamental concepts of computer forensics in a tool-independent manner.
Beginning with foundation concepts such as file system structures, MAC times, and forensic auditing, the content and difficulty level of this track advances rapidly. You will learn more than just how to use a tool; you will be able to show how the tool is able to recover data, find the smoking gun, and present your data in a format that can be easily understood by others. You'll learn how and when to use various tools such as the Sleuthkit, Autopsy Forensic Browser, the Windows Forensic Toolchest (WFT), and then quickly move on to advanced forensic and incident response topics and techniques. Five days of intense, hands-on courses, and a deep-knowledge education into legal challenges and issues culminate with an over-the-shoulder view of an investigation performed on a real-world compromised system collected by the Honeynet Project.
- Who Should Attend
- System administrators and incident handling personnel who are looking for an integration of forensics and investigative methodologies and legal issues
- Anyone who wants to understand the technical side of incident response
- Anyone who wants to learn how to image and analyze Windows and Linux systems involved in an investigation
- Anyone who wants to learn how forensically recover and analyze data without relying on a tool to automatically accomplish the task
- Anyone who wants to learn how filesystems are structured and store their data so that they can understand where evidence exists on any type of hard drive
- A Sampling of Topics
- Core Forensic Filesystems Knowledge
- Incident Response
- Forensic Preparation
- Windows Forensics
- Unix and Linux Forensics
- Data Recovery and Analysis
- Malicious Code Analysis
- Law Enforcement Interaction and Case Law
- Corporate and Managerial Legal Concerns and Direction
- The Honeynet Project's Forensic Challenge
- © 2000-2009 The SANS™ Institute
- Web Privacy Policy | Web Contact |
- Press Room | Trademark Usage Policy