- Training
- Training Live Events
- Training Without Travel
- Security Courses
- Security Curricula
- Certified Instructors
- Training Calendars
- SANS vLive! / SANS @Home
- SANS OnDemand
- Community SANS
- SANS Mentor Program
- Coins
- SANS Onsite
- SANS SelfStudy
- SANS Summit Series
- SANS Partnership Series
- Webcasts
- Work Study
- Events Archive
- DoD 8570
- Voucher Credit Program
- group discounts
- Certification
- Resources
- List of Resources
- Top 20 List
- Top 25 Programming Errors
- 20 Coolest Jobs
- Application Security Procurement Language
- Top 10 Security Trends
- Top 5 Essential Log Reports
- Reading Room
- Webcasts
- AudioCasts
- WhatWorks
- Newsletters
- RSS Feeds
- Calendar Feeds
- Security Thought Leaders
- Security Policy Project
- Security+ Study Guide
- SANS Buyers Guide
- Security Tool Demos
- 2008 Salary Survey
- Vendor
- Portal
- Storm Center
- College
- Developer
- About
The most trusted source for computer security training, certification and research.
select a course
Amsterdam, Netherlands - May 11 - 23, 2009
- Event Location & Info
- Faculty
- Vendor Expo
- Vendor Events
- Special Events
- SANS @Night
- Brochure (PDF)
Intense, fast paced. Modern day Sherlock Holmes!
-Cody Drake, Allstate Ins. Co.
Security 508
6 Day Course
(Portal Account Required)
(SelfStudy Available)
For GIAC Certification
If you register for the full course, you may register to seek your GCFA Certification.
Online exam issued with 4-month deadline 7-10 days following conference.
Additional information:
GCFA Information
GIAC FAQ
Fee Information
For OnDemand Bundles
You can bundle SANS OnDemand online training and assessment package for an additional €375.00 EURO when registering for the full course. Additional information can be found at the OnDemand Bundles page and the OnDemand FAQ.
VAT Rate Info
19% VAT will be added to the tuition costs.
19% VAT will be added to the tuition costs.
NEW! All inclusive training packages available. The pricing includes:
- Hotel accommodations for 6 nights with breakfast
- SANS training tuition fees
- 3-course Business Lunch including 1 drink (beer, wine, soft drink)
- 2 Breaks with coffee, tea and delicacies
- 3-course dinner including 1 drink (beer, wine, soft drink)
For more details, please contact Barbara Basalgete at bbasalgete@sans.org or +44 20 80 90 46 89.
Course PDF
SANS Cyber
Guardian Program
Click here to Learn More.
Computer Forensics, Investigation, and Response
Monday 11 May - Saturday 16 May 2009Jess Garcia, SANS Certified Instructor
6 CPE Credits per day
Unpatched, unprotected computers connected to the internet are compromised in less than three days. Government regulations and organizational policy might require computer forensic investigators to investigate intellectual property theft, harassment, and regulatory compliance. Investigators must master a variety of operating systems, investigation techniques, incident response tactics, and even legal issues in order to solve their cases. This course will teach you forensic techniques and tools in a hands-on setting for both Windows- and Linux-based investigations. This course emphasizes a hands-on approach where you will learn in-depth forensic functionality and how to solve a variety of incidents.
Most incident response and security personnel will need to be familiar with core forensic techniques in order to respond to a variety of incidents for their organizations. This course teaches investigators how to follow the trail typical for intrusions and incidents that they might encounter. Incident responders should learn how intruders breached the infrastructure to identify additional systems/networks that are compromised. You will learn how to investigate traces left by complex attacks using the latest exploit methodologies.
Learning more than just how to use a forensic tool, you will be able to demonstrate how the tool functions step-by-step. You will become skilled with tools, such as the Sleuthkit, Foremost, and the HELIX Forensics Live CD. We will rapidly move on to advanced forensic and investigation analysis topics and techniques. This SANS hands-on technical course arms you with a deep understanding of the forensic methodology, tools, and techniques to solve even the most difficult case.
FIGHT CRIME. UNRAVEL INCIDENTS... ONE BYTE AT A TIME. We not only teach a firm understanding of the computer forensics tools and techniques, we also teach you the legally approved forensic methodology that will result in success.
You Will Receive With This Course
As part of the course, you will receive the SANS Investigative Forensic Toolkit (SIFT). Using the hardware and software in this toolkit, you will gain first-hand experience in collecting and analyzing evidence recovered from a system under investigation. You will learn best practices on how to investigate and recover deleted data. The course will demonstrate how forensic tools recover evidence so you can articulate how the tool works in depth. We will examine various investigation methodologies and techniques discovering new places to find evidence and discover the tracks of a motivated suspect who is trying to stay hidden.
The SIFT Toolkit consists of:
- Hard Drive USB evidence acquisition kit for SATA/IDE hard drives 1.8"/2.5"/3.5"/5.25"
- HELIX incident response & computer forensics live CD
- SANS VMware-based forensic analysis workstation equipped to investigate forensic data
- Course DVD loaded with case examples, tools, and documentation
- Best-selling book File System Forensic Analysis by Brian Carrier
Prerequisites
This course is perfect for the diligent student conversant with Linux system administration, Windows system administration, intrusion, or hacker techniques. If you are just beginning in system administration, this course is not appropriate for you as the basics of the Linux and Windows operating systems will not be covered in this program. This course is also a perfect follow on for those that have taken Security 408.
- Who Should Attend
- Information technology professionals who are responding to security incidents and need to utilize computer forensics to help solve their cases
- The information security professional who is interested in learning how to identify additional systems/networks that are compromised
- Forensic professionals who want to solidify their understanding of file system forensic and incident response related topics
- Law enforcement officers, federal agents, or detectives who want to expand their investigative skills
- System administrators and incident handling personnel who are looking for an integration of forensics and investigative methodologies and legal issues
- Anyone who wants to understand the technical side of incident response and forensics
- Information security professionals with some background in hacker exploits and incident response
- Course Topics
- Who Can Investigate and Investigative Process Laws
- Evidence Acquisition/Analysis/Preservation Laws and Guidelines
- U.S. Laws Investigators Should Know
- E.U. Laws Investigators Should Know
- Presenting Data
- Forensic Reports and Testimony
- Computer Forensics Methodology
- Forensic Investigation
- File System Essentials
- Linux/Unix File System Basics
- Windows FAT File System Basics
- Windows NTFS File System Basics
- Key Forensic Acquisition/Analysis Concepts
- Volatile Evidence Gathering and Analysis
- Evidence Integrity
- Forensic Evidence Acquisition and Imaging
- File System Timeline Analysis
- Forensic Analysis Key Methods
- File System and Data Layer Examination
- Metadata Layer Examination
- File Name Layer
- File Sorting and Hash Comparisons Windows Response and Volatile Evidence Collection
- Key Windows File System Analysis Concepts
- Windows Registry Analysis
- Windows Internal File Metadata
- Application Footprinting and Software Forensics
- Automated GUI Based Forensic Toolkits
- © 2000-2009 The SANS™ Institute
- Web Privacy Policy | Web Contact |
- Press Room | Trademark Usage Policy