FORENSICS 508

Computer Forensic Investigations and Incident Response

Data breaches and advanced intrusions are occurring daily. Sensitive data and intellectual property is stolen from systems that are protected by sophisticated network and host based security. A motivated criminal group or nation state can and will always find a way inside enterprise networks. In the commercial and government sectors, hundreds of victims responded to serious intrusions costing millions of dollars and loss of untold terabytes of data. Cyber attacks originating from China dubbed the Advanced Persistent Threat have proved difficult to suppress. Forensics 508 will help you respond to and investigate these incidents.

Forensics 508: COMPUTER FORENSIC INVESTIGATIONS AND INCIDENT RESPONSE will give you a firm understanding of advanced incident response and computer forensics tools and techniques to investigate data breach intrusions, tech-savvy rogue employees, advanced persistent threats, and complex digital forensic cases.

Utilizing advances in spear phishing, web application attacks, and persistent malware these new sophisticated attackers advance rapidly through your network. Incident Responders and Digital Forensic investigators must master a variety of operating systems, investigation techniques, incident response tactics, and even legal issues in order to solve challenging intrusion cases. Forensics 508: COMPUTER FORENSIC INVESTIGATIONS AND INCIDENT RESPONSE will teach you critical forensic analysis techniques and tools in a hands-on setting for both Windows- and Linux-based investigations.

Attackers will use anti-forensic techniques to hide their tracks. They use rootkits, file wiping, timestamp adjustments, privacy cleaners, and complex malware to hide in plain sight avoiding detection by standard host-based security measures. Everything leaves will leave a trace; you merely need to know where to look.

Learning more than just how to use a forensic tool, by taking this course you will be able to demonstrate how the tool functions at a low level. You will become skilled with new tools, such as the Sleuthkit, Foremost, and the HELIX3 Pro Forensics Live CD. SANS hands-on technical course arms you with a deep understanding of the forensic methodology, tools, and techniques to solve advanced computer forensics cases.

FIGHT CRIME. UNRAVEL INCIDENTS... ONE BYTE AT A TIME.

You Will Receive With This Course

Free SANS Investigative Forensic Toolkit (SIFT) Advanced

As a part of this course you will receive a SANS Investigative Forensic Toolkit (SIFT) Advanced, you will gain first-hand experience in collecting and analyzing evidence recovered from a system under investigation.

The Toolkit Consists Of:

• Hard Drive adapter kit for SATA/IDE hard drives 1.8"/2.5"/3.5"/5.25" (Read and Write)
• SANS Forensic Analysis Workstation 2.0 (Course Version)
• Course DVD loaded with case examples, tools, and documentation
• Best-selling book "File System Forensic Analysis" by Brian Carrier
• Helix3 Pro: individually licensed to each student.
• Works on Mac OS X, Windows, and Linux.
• Simplified Live Analysis with both Memory and Disk Acquisition
• Built in Memory Analysis
• Boots most Intel x86 machines including Mac OS X

Who Should Attend

• Incident Response Team Members who are responding to complex security incidents/intrusions from sophisticated threats
• Computer Forensic Professionals who want to solidify and expand their understanding of file system forensic and incident response related topics
• Law enforcement officers, federal agents, or detectives who want to master computer forensics and expand their investigative skill set to include data breach investigations, intrusion cases, and tech-savvy cases
• Information security professionals with some background in hacker exploits, penetration testing, and incident response
• Information security managers who would like to master digital forensics in order to understand information security implications and potential litigation related issues or manage investigative teams
• Anyone with a firm technical background who might be asked to investigate a data breach incident, intrusion case, or investigates individuals that are considered technical savvy

Computer Forensic Course Prerequisites

Strong recommendation: Each student should attend Forensics 408: Computer Forensic Essentials prior to taking this course or have equivalent digital forensic experience in the field. This course is a designed to be a perfect follow on for those that have already attended Forensics 408: Computer Forensic Essentials.

Trying to decide whether FOR 408 or FOR 508 is right for you? Take the computer forensic assessment to help guide you to the best course for your needs. The test can be found at this link: http://computer-forensics.sans.org/course/assessment.php

If you are just beginning in computer forensics or information security, then this course is not appropriate for you as the basics of computer forensics, system administration, and hacker techniques will not be covered.

SANS Computer Forensic Website

The learning does not end when class is over. SANS Computer Forensic Website is a community-focused site offering digital forensics professionals a one-stop forensic resource to learn, discuss and share current developments in the field. It also provides information regarding SANS forensics training, GIAC certification, and upcoming events. Visit the Computer Forensic website. New content is added regularly, so please visit often. In addition, do not forget to share this information with your fellow forensic professionals.

After 9 years of doing forensics work and 14 seminars/conferences on computer forensics, this is proving to be the best.
-Frank Grindstaff, Home Depot

Author Statement

There are people smarter than you, they have more resources than you, and they are coming for you. Good luck with that. Matt Olney said when describing the Advanced Persistent Threat. He was not joking. The results over the past several years clearly indicate that hackers employed by nation states and organized crime are racking up success after success. The Advanced Persistent Threat has compromised hundreds of organizations. Organized crime utilizing botnets are exploiting ACH fraud daily. Similar groups are penetrating banks and merchants stealing credit card data daily. Fortune 500 companies are beginning to detail data breaches and hacks in their annual stockholders reports.

The enemy is getting better, bolder, and their success rate is impressive.

We can stop them. We need to field more sophisticated incident responders and digital forensic investigators. We need lethal digital forensic experts that can detect and eradicate advanced threats immediately. A properly trained incident responder could be the only defense your organization has left in place during a compromise. Forensics 508: COMPUTER FORENSIC INVESTIGATIONS AND INCIDENT RESPONSE is crucial training for you to become a lethal forensicator to step up to these advanced threats. The enemy is good. We are better. This course will help you become one of the best.
- Rob Lee