Date: September 12-16, 2011 M-F, 9–5pm
Location: 33 New Montgomery Street #300, San Francisco, CA 94105
CLICK TO REGISTER then scroll to the bottom of the page
This training is meant for those without any previous experience with digital forensics. The student will be introduced to concepts and techniques that every computer forensics practitioner must master. This is the same course that CSI has delivered to IT professionals, law enforcement, and the military.
Who should take this class?
Anyone in an information technology related field. New security personnel, IT security officers, security professionals, security auditors, network engineers, network administrators, troubleshooters and technicians. Appropriate for anyone interested in network security – technical CEOs and law enforcement as well.
Course topics for this training will include:
Active, archival and latent data
Hashes and Checksums
Conducting keyword searches
Creating understandable and accurate reports
Creating forensically sound working copies or images of media
Common File Header formats
Documentation, chain of custody, and evidence handling procedures
Assisting with motions (ie, motions to compel production of a hard drive, logs, etc)
Questions to prepare for/advising your retaining counsel
FAT 12/16/32 file systems
File slack, ram slack, drive slack, and unallocated space
NTFS File Systems
Compact Disc analysis
Interpretation of various log formats
Interpreting Internet History and HTTP concepts
Manual and automated data recovery
Metadata for Microsoft Office and PDF documents
Overcoming encryption mechanisms and password protection
PC hardware concepts
Rules of evidence
Windows print spool files
Windows swap file
Working as an expert technical witness
Viruses and malware
It is highly recommended that students have several years experience in information technology and trouble- shooting Windows based systems. Experience as a System Administrator, Network Administrator, PC Repair Technician, etc., is desirable. At the very least, students should possess the A+ certification or have equivalent experience.
All students must agree with and sign the CyberSecurity Institute Code of Ethics and Conduct which will be presented for signature during the first day of computer forensics training. You can view the Code of Ethics and Conduct here. If you have any problem whatsoever with signing the Code of Ethics and Conduct, do not enroll for this course.
This course of instruction will prepare you for the CyberSecurity Forensic Analyst (CSFA)™certification. More information is available on our certifications site.
You will be exposed to a variety of computer forensic tools during your computer forensics training. Understand that we stress methodology and understanding of what the forensic software tools are doing versus using any specific tools. A forensic examiner who has a firm grasp of the basics will be able to use and learn to use a multitude of tools. Once you successfully complete our course, you will be able to use whatever tools you choose and are available to you.
Why Take the Course?
More organizations every day are “hanging out a shingle” to offer forensics training. Some have experienced instructors and some do not. Some also rely on a single software package for their forensic work. Our courses emphasize technique and methodology, regardless of the software package used.
Our goal is to help you become a forensic analyst that can think independently and deal with any situation that arises. Forensic examiners that know how to use a single program and are not aware of what happens behind the scenes are not true forensic analysts, but are merely people using software. These people will not hold up well against skilled forensic examiners who challenge their results and methodology – cases can be won or lost due to the skills of the forensic examiner.
Pac IT Pros members who successfully complete the class and pass a practical exam given on the final day will receive 5 units of college credit from Edmonds Community College in Washington state. College tuition and exam fees are included with your registration.