|
|
|
Frequently Asked Questions
What is computer forensics?Computer forensics is the process of examining data to reveal illicit activity or recover lost information. A computer forensics investigation includes the response to and evaluation of a potential computer crime in addition to gathering evidence and maintaining a chain of custody.What is this course about?This course provides a comprehensive introduction to Windows-based computer forensics investigative techniques. You gain the knowledge and skills required to conduct a computer forensics investigation from initial discovery to completion. You also learn how to exploit your organization's Computer Incident Response Team (CIRT); collect, manage and record digital evidence; and leverage powerful software tools and techniques to uncover hidden or deleted information.Who will benefit from this course?This course is valuable for:System and network administrators who need to determine if an incident has occurred within their organization and the best means for handling such incidentsMembers of a CIRT who must enhance or develop their skills of forensics analysis and information discoverySecurity managers who are required to more effectively allocate resources for their organization's CIRT members, ensuring optimal team performanceSecurity advisors and consultants who must advance their knowledge and skills of computer forensics to better advise their clients and present more effective incident solutions
What background do I need?It is assumed you have a fundamental knowledge of Windows-based PCs, hardware and operating system software, including knowledge of OS architecture, memory usage and disk file systems.Why should I be concerned about computer forensics?Despite efforts to safeguard sensitive data and networks, organizations today face an ever-growing threat of cyber crime and security violations. These attacks can occur internally as well as from an external source and include fraud, copyright infringement and stolen data.Computer forensics and incident response provide an organization with a legal method for handling computer misuse as well as a means for securing sensitive data and identifying compromised systems.Does this course cover steganography?Yes! Steganography is a technique used to hide and covertly transmit information. In this course, you learn steganalysis, the process of imbedding and extracting information from normal file types, such as graphic files. You also learn how to detect and analyze information obscured by steganography.Which computer systems are covered in this course?You learn and apply computer forensics investigative techniques on Windows Server 2003 and
Windows XP.Will this course help me prepare for the CISSP Certification examination?
Yes, this course helps you prepare for the CISSP Certification exam. For more information, please refer to the CISSP Q&A.Does this course provide me with (ISC)2 continuing professional education (CPE) credits?
Yes! Learning Tree, in agreement with (ISC)2, is a recognized "Trusted CPE Provider." This course provides you with 32 "A-level" CPE credits toward maintaining your CISSP Certification. Please see the CISSP Q&A for more information on the continuing education requirements of (ISC)2.
How much time is spent on each topic?| Content | Hours | | Responding to incidents and investigating computer crime | 2.5 | | Conducting and managing the investigation | 2.0 | | Performing disk-based analysis | 3.5 | | Investigating information-hiding techniques | 5.5 | | Examining e-mail | 1.5 | | Tracing Internet access | 1.5 | | Searching memory in real-time | 5.0 | | Forensics challenge | 1.5 |
Times, including the workshops, are estimates; exact times may vary according to the needs of each class.I've heard that information can be hidden in unused areas of the hard drive. Is this covered in the course?Yes. This course provides you with the skills to find and recover information from unused storage areas of a disk cluster and the free space portion of the disk. You also learn techniques used to obscure information on a disk drive, such as Alternate Data Streams and file mangling.I've heard a lot about cybersecurity lately. Does this course cover cybersecurity?Yes, this course provides hands-on experience uncovering covert system activities and responding to cybersecurity attacks.How much of this course is hands-on?Approximately 45 percent of the course is dedicated to hands-on exercises. Employing the latest software forensic tools you capture disk images, undelete files, search memory in real-time for hidden data, and discover compromised machines.Is this course just for people who will be taking someone to court?This course is for anyone who needs experience uncovering hidden data or reconstructing user activity. Collected evidence can be retained as supporting documentation in an employee dismissal or used in a court of law when criminal activity is discovered.How does this course relate to other Learning Tree courses? |
Windows Server is a registered trademark of Microsoft Corporation.
Learning Tree AnyWareTM is a trademark of Learning Tree International, Inc. in the United States and other countries, and is covered by a patent application pending in the United States.
|
|
Training Dates
 | Most events below can be taken in-class or live, online from your home or office with AnyWare. |
US Dates | | May 29 - Jun 1 | Reston, VA enrol | | Jul 17 - 20 | New York enrol | | Sep 11 - 14 | New York enrol |
For AnyWare enrolments, please register at least 7 days prior to the start of the course.
More Dates and locations.
Bring this or any Learning Tree Course on-site to your location!
Your Course Tuition
EntitlesYou to...
- Class participation
- Team workshops
- Use of in-class hands-on equipment
- Comprehensive course materials
- Morning and afternoon refreshments
- Course Completion Certificate awarding Continuing Education Units
- FREE participation in Professional Certification
|
E-mail a Colleague
Course Details
Course Details PDF