Unpatched, unprotected computers connected to the internet are compromised in less than three days. Government regulations and organizational policy might require computer forensic investigators to investigate intellectual property theft, harassment, and regulatory compliance. Investigators must master a variety of operating systems, investigation techniques, incident response tactics, and even legal issues in order to solve their cases. This course will teach you forensic techniques and tools in a hands-on setting for both Windows- and Linux-based investigations. This course emphasizes a hands-on approach where you will learn in-depth forensic functionality and how to solve a variety of incidents.

Most incident response and security personnel will need to be familiar with core forensic techniques in order to respond to a variety of incidents for their organizations. This course teaches investigators how to follow the trail typical for intrusions and incidents that they might encounter. Incident responders should learn how intruders breached the infrastructure to identify additional systems/networks that are compromised. You will learn how to investigate traces left by complex attacks using the latest exploit methodologies.

Learning more than just how to use a forensic tool, you will be able to demonstrate how the tool functions step-by-step. You will become skilled with tools, such as the Sleuthkit, Foremost, and the HELIX Forensics Live CD. We will rapidly move on to advanced forensic and investigation analysis topics and techniques. This SANS hands-on technical course arms you with a deep understanding of the forensic methodology, tools, and techniques to solve even the most difficult case.

FIGHT CRIME. UNRAVEL INCIDENTS... ONE BYTE AT A TIME. We not only teach a firm understanding of the computer forensics tools and techniques, we also teach you the legally approved forensic methodology that will result in success.

You Will Receive With This Course

As part of the course, you will receive the SANS Investigative Forensic Toolkit (SIFT). Using the hardware and software in this toolkit, you will gain first-hand experience in collecting and analyzing evidence recovered from a system under investigation. You will learn best practices on how to investigate and recover deleted data. The course will demonstrate how forensic tools recover evidence so you can articulate how the tool works in depth. We will examine various investigation methodologies and techniques discovering new places to find evidence and discover the tracks of a motivated suspect who is trying to stay hidden.

The SIFT Toolkit consists of:

• Hard Drive USB evidence acquisition kit for SATA/IDE hard drives 1.8"/2.5"/3.5"/5.25"
• HELIX incident response & computer forensics live CD
• SANS VMware-based forensic analysis workstation equipped to investigate forensic data
• Course DVD loaded with case examples, tools, and documentation
• Best-selling book File System Forensic Analysis by Brian Carrier

Prerequisites

This course is perfect for the diligent student conversant with Linux system administration, Windows system administration, intrusion, or hacker techniques. If you are just beginning in system administration, this course is not appropriate for you as the basics of the Linux and Windows operating systems will not be covered in this program. This course is also a perfect follow on for those that have taken Security 408.