SECURITY 508

Computer Forensics, Investigation, and Response

Unpatched, unprotected computers connected to the internet are compromised in less than three days! In the commercial sector, TJ Maxx, Hannaford, and TD Ameritrade are victims of large-scale data breaches and intrusions. From these attacks, personal or account information of more than 100 million individuals has been compromised. In the government sector, cyber attacks on government agencies and contractors, originating from China, have proved difficult to suppress. In both situations, incident response and mitigation, class action lawsuits, and fines place remediation costs in the billions of dollars.

Security 508: Computer Forensics, Investigation, and Response will give you a firm understanding of computer forensics tools and techniques to investigate data breach intrusions, tech-savvy rogue employees, advanced persistent threats, and complex digital forensic cases.

Utilizing advances in spear phishing, web application attacks, and persistent malware these new sophisticated attackers advance rapidly through your network. Forensic investigators must master a variety of operating systems, investigation techniques, incident response tactics, and even legal issues in order to solve challenging cases. Security 508: Computer Forensics, Investigation, and Response will teach you critical forensic analysis techniques and tools in a hands-on setting for both Windows- and Linux-based investigations.

We will examine various investigation methodologies and techniques, discovering new places to find evidence and discover the tracks of a cyber criminal or hacker, who is trying to stay hidden inside your network.

Learning more than just how to use a forensic tool, you will be able to demonstrate how the tool functions step-by-step. You will become skilled with new tools, such as the Sleuthkit, Foremost, and the HELIX3 Pro Forensics Live CD. SANS hands-on technical course arms you with a deep understanding of the forensic methodology, tools, and techniques to solve advanced computer forensics cases.

FIGHT CRIME. UNRAVEL INCIDENTS... ONE BYTE AT A TIME. We not only teach a firm understanding of the computer forensics tools and techniques, we also teach you the legally approved forensic methodology that will result in success.

Computer Forensics Course Prerequisites

Strong recommendation: Each student should attend Security 408: Computer Forensic Essentials prior to taking this course or have equivalent digital forensic experience in the field. This course is a designed to be a perfect follow on for those that have already attended Security 408: Computer Forensic Essentials.

If you are just beginning in computer forensics or information security, then this course is not appropriate for you as the basics of computer forensics, system administration, and hacker techniques will not be covered.

You will Receive with this Course

Free SANS Investigative Forensic Toolkit (SIFT) Advanced

As a part of this course you will receive a SANS Investigative Forensic Toolkit (SIFT) Advanced, you will gain first-hand experience in collecting and analyzing evidence recovered from a system under investigation. The toolkit consists of:

• Hard Drive USB mini adapter kit for SATA/IDE hard drives 1.8"/2.5"/3.5"/5.25" (Read and Write)
• SANS VMware based Forensic Analysis Workstation
• Course DVD loaded with case examples, tools, and documentation
• Best-selling book "File System Forensic Analysis" by Brian Carrier
• New Addition! The SIFT Kit Advanced will now include a single version Helix3 Pro that will be individually licensed to each student.
  • Works on Mac OS X, Windows, and Linux.
  • Simplified Live Analysis with both Memory and Disk Acquisition
  • Built in Memory Analysis
  • Boots most Intel x86 machines including Mac OS X

SANS Computer Forensic Website - forensics.sans.org

The learning does not end when class is over. SANS Computer Forensic Website is a community-focused site offering digital forensics professionals a one-stop forensic resource to learn, discuss and share current developments in the field. It also provides information regarding SANS forensics training, GIAC certification, and upcoming events. Visit http://forensics.sans.org. New content is added regularly, so please visit often. In addition, do not forget to share this information with your fellow forensic professionals.

After 9 years of doing forensics work and 14 seminars/conferences on computer forensics, this is proving to be the best.
-Frank Grindstaff, Home Depot

Author Statement

SANS COMPUTER FORENSICS GRADUATE THWARTS BANK HEIST. Headlines similar to these are now a reality as former students have e-mailed me regularly about how they were able to use their forensic skills in very real situations. Graduates of Computer Forensics, Investigation, and Response are the front line troops deployed when incidents occur. From stopping online bank heists to logic bombers trying to destroy data that could affect many lives, SANS forensic graduates are battling and winning the war on crime. Graduates have described solved cases involving computer break-ins, intellectual property theft, fraud, and, in some cases, internal infractions by belligerent employees. Knowing that this course places the correct methodology and knowledge in the hands of responders who thwart the plans of criminals or foreign cyber attacks brings me great comfort. Graduates are doing it. Daily. I am proud that the Computer Forensics, Investigation, and Response course at SANS helped prepare them to fight and solve crime.
- Rob Lee