Course Title: Computer Forensic Specialist: Data and Image Files



Similar documents
The Solution: EC-Council Press

Computer Forensics and Investigations Duration: 5 Days Courseware: CT

ENTERPRISE COMPUTER INCIDENT RESPONSE AND FORENSICS TRAINING

EC-Council Ethical Hacking and Countermeasures

Guide to Computer Forensics and Investigations, Second Edition

How To Get A Computer Hacking Program

2! Bit-stream copy. Acquisition and Tools. Planning Your Investigation. Understanding Bit-Stream Copies. Bit-stream Copies (contd.

C HFI C HFI. EC-Council. EC-Council. Computer Hacking Forensic Investigator. Computer. Computer. Hacking Forensic INVESTIGATOR

Digital Forensics. Module 4 CS 996

MSc Computer Security and Forensics. Examinations for / Semester 1

Digital Forensics. Tom Pigg Executive Director Tennessee CSEC

Technical Procedure for Evidence Search

EnCase 7 - Basic + Intermediate Topics

Computer Forensics Principles and Practices

Course Title Penetration Testing: Procedures & Methodologies

Forensics on the Windows Platform, Part Two

C HFI C HFI. EC-Council. EC-Council. Computer Hacking Forensic Investigator. Computer. Computer. Hacking Forensic INVESTIGATOR

Scene of the Cybercrime Second Edition. Michael Cross

Course Title: Penetration Testing: Network & Perimeter Testing

Computer Hacking Forensic Investigator v8

Course Title: Disaster Recovery, 1st Edition

Computer Forensics. Securing and Analysing Digital Information

Computer Forensic Specialist. Course Title: Computer Forensic Specialist: Storage Device & Operating Systems

Course Title: Penetration Testing: Network Threat Testing, 1st Edition

Digital Forensics: The aftermath of hacking attacks. AHK Committee Meeting April 19 th, 2015 Eng. Jamal Abdulhaq Logos Networking FZ LLC

Course Title: Penetration Testing: Communication Media Testing, 1st Edition

information security and its Describe what drives the need for information security.

COMPUTER FORENSICS (EFFECTIVE ) ACTIVITY/COURSE CODE: 5374 (COURSE WILL BE LISTED IN THE CATE STUDENT REPORTING PROCEDURES MANUAL)

Design and Implementation of a Live-analysis Digital Forensic System

Course Title: Virtualization Security, 1st Edition

Chapter 4. Operating Systems and File Management

EnCase Portable. Extend Your Forensic Reach with Powerful Triage & Data Collection

introducing COMPUTER ANTI FORENSIC TECHNIQUES

To Catch a Thief: Computer Forensics in the Classroom

Certified Digital Forensics Examiner

CERTIFIED DIGITAL FORENSICS EXAMINER

Introduction to Computer Forensics ITP 499 (3 Units)

Comparing and Contrasting Windows and Linux Forensics. Zlatko Jovanovic. International Academy of Design and Technology

CDFE Certified Digital Forensics Examiner (CFED Replacement)

Course Title: Penetration Testing: Security Analysis

Computer Forensics as an Integral Component of the Information Security Enterprise

DIGITAL FORENSIC INVESTIGATION, COLLECTION AND PRESERVATION OF DIGITAL EVIDENCE. Vahidin Đaltur, Kemal Hajdarević,

Certified Cyber Security Analyst VS-1160

Reduce File Size. Compatibility. Contents

Computer Forensic Capabilities

Incident Response and Computer Forensics

Certified Digital Forensics Examiner

Certified Digital Forensics Examiner

PGP Desktop Quick Start Guide version 9.6

Incident Response and Forensics

NIST CFTT: Testing Disk Imaging Tools

Understanding Backup and Recovery Methods

Digital Forensics Tutorials Acquiring an Image with FTK Imager

The Proper Acquisition, Preservation, & Analysis of Computer Evidence: Guidelines & Best-Practices

AN INVESTIGATION INTO COMPUTER FORENSIC TOOLS

Determining VHD s in Windows 7 Dustin Hurlbut

Computer and Network Forensics INF 528 (3 Units)

Chapter Contents. Operating System Activities. Operating System Basics. Operating System Activities. Operating System Activities 25/03/2014

Forensics source: Edward Fjellskål, NorCERT, Nasjonal sikkerhetsmyndighet (NSM)

Steganography Detection for Digital Forensics

Forensically Determining the Presence and Use of Virtual Machines in Windows 7

What is Digital Forensics?

Optional Lab: Data Backup and Recovery in Windows Vista

Digital Forensic. A newsletter for IT Professionals. I. Background of Digital Forensic. Definition of Digital Forensic

UNDELETE Users Guide

CYBER FORENSICS (W/LAB) Course Syllabus

Digital evidence obfuscation: recovery techniques

CTC 328: Computer Forensics

Chapter 11 Security+ Guide to Network Security Fundamentals, Third Edition Basic Cryptography

Symantec File Share Encryption Quick Start Guide Version 10.3

PGP Whole Disk Encryption Quick Start Guide Version 9.8

Open Source Digital Forensics Tools

ITM 642: Digital Forensics Sanjay Goel School of Business University at Albany, State University of New York

INCIDENT RESPONSE & COMPUTER FORENSICS, SECOND EDITION

Legal Notices. AccessData Corp.

RE: School of Computer Forensic Investigation, Class 7, Eastern Michigan University

Using Linux VMware and SMART to Create a Virtual Computer to Recreate a Suspect's Computer. By:

A+ Guide to Software: Managing, Maintaining, and Troubleshooting, 5e. Chapter 3 Installing Windows

Where is computer forensics used?

FORENSIC ANALYSIS OF USB MEDIA EVIDENCE. Jesús Alexander García. Luis Alejandro Franco. Juan David Urrea. Carlos Alfonso Torres

Computer Forensics: Permanent Erasing

Developing Computer Forensics Solutions for Terabyte Investigations

Acronis True Image 2015 REVIEWERS GUIDE

Ontrack EasyRecovery 11 New Features Guide. S.M.A.R.T. Analysis Recovering from a VMware VMDK image Secure Data Erasure

Digital Forensic Techniques

Digital Forensics Tutorials Acquiring an Image with Kali dcfldd

Computer Forensics introduction part A

Lab - Data Backup and Recovery in Windows Vista

Defining Digital Forensic Examination and Analysis Tools Using Abstraction Layers

DoD Cyber Crime Center

UNDELETE Users Guide

Lecture outline. Computer Forensics and Digital Investigation. Defining the word forensic. Defining Computer forensics. The Digital Investigation

Discovery of Electronically Stored Information ECBA conference Tallinn October 2012

HAVE YOUR COMPUTER FORENSICS TOOLS BEEN TESTED?

Transcription:

Course Title: Computer Forensic Specialist: Data and Image Files Page 1 of 9

Course Description The Computer Forensic Series by EC-Council provides the knowledge and skills to identify, track, and prosecute the cyber-criminal. The series is comprised of five books covering a broad base of topics in Computer Hacking Forensic Investigation, designed to expose the reader to the process of detecting attacks and collecting evidence in a forensically sound manner with the intent to report crime and prevent future attacks. Learners are introduced to advanced techniques in computer investigation and analysis with interest in generating potential legal evidence. This and the other four books provide preparation to identify evidence in computer related crime and abuse cases as well as track the intrusive hacker's path through a client system. The series and accompanying labs help prepare the security student or professional to profile an intruder's footprint and gather all necessary information and evidence to support prosecution in a court of law. Investigating data and image files provides a basic understanding of steganography, data acquisition and duplication, encase, how to recover the deleted files and partitions and image file forensics. Certification Info Computer Forensic Specialist: Data and Image Files Who Should Attend This course will significantly benefit police and other law enforcement personnel, defense and military personnel, e-business security professionals, systems administrators, legal professionals, banking, insurance and other professionals, government agencies and IT managers. Course Duration 2 days (9:00AM 5:00PM) CPE/ECE Qualification 16 ECE Credits awarded for attendance (1 for each classroom hour) Suggested Retail: $799 USD Page 2 of 9

Required Courseware: Visit www.cengage.com/community/eccouncil and click on Training Workshops for ordering details. What s included? Physical Courseware 1 year Access To EC-Council Student LMS for Practical Labs (if applicable), testing, and Certificate Course + Supplement Cost: See the Training Workshops section at www.cengage.com/community/eccouncil for current pricing information. Related Certificates: Computer Forensic Specialist: Procedures & Response Computer Forensic Specialist: Storage Device & Operating Systems Computer Forensic Specialist: Network Intrusion & Cybercrime Computer Forensic Specialist: Wireless Networks and Devices Page 3 of 9

Course Briefing 1. Steganography Steganography, the art of hidden writing, has been in use for centuries. It involves embedding a hidden message in some transport or carrier medium, and has been used by mathematicians, military personnel, and scientists. They all engage themselves in changing the common language and transferring it through secret and hidden communication. The objective of this chapter is to make you familiar with the concept of steganography. This chapter covers the various methods in which steganography can be applied either legally or illegally. It discusses the early history and evolution of steganography and highlights the various steganography tools that are used and the salient features of these tools as well. 2. Data Acquisition and Duplication Data acquisition is an important step in the investigation process. The data collected from the victim s system is presented as the evidence. So, the data should be kept with the investigator and produced in the court while the trial is going on. Sometimes instead of data acquisition, duplication of the data is the best way to collect the data. Duplicated data can also be presented at the court. This chapter deals with data acquisition and data duplication process which are the important aspects of the forensic investigation. It also highlights the popular tools required during the data acquisition and data duplication process. 3. Forensic Investigations Using EnCase Encase is widely known and used tool in the forensics. It helps to collect and verify the evidences for the investigation process. This chapter covers the evidence files, verifying file integrity, configuring encase, searching, and bookmarks. This chapter describes the complete process of forensic investigation using EnCase. 4. Recovering Deleted Files and Deleted Partitions During the investigation of the computer system, an investigator may come across a situation where the evidences of the crime are deleted from the system. In this case, an investigator should know how to recover the deleted files, which can be used as evidence. Deleted files and deleted partitions can be a good source of evidence which are useful to provide an important clue in the investigation. This chapter covers the various methods in which a forensic investigator can recover the deleted files. It deals primarily with understanding the basic concept of recovering the deleted files. The chapter also highlights the various data recovery tools and the salient features of these tools. Page 4 of 9

5. Image File Forensics Image files are the key component in the investigation process. Image files can be presented as evidence in the court. It is important to recover the image files from the attacked computer and preserve it. Image files are delicate and can be corrupted if it is not handled properly. This chapter covers the various methods in which a forensic investigator can go about recovering the image files. This chapter mainly deals with understanding the basic concept of recovering the image files. This chapter also highlights the various image recovery, steganalysis, and viewing tools that are used in this process. Page 5 of 9

Course Outline Chapter 1: Steganography Introduction to Steganography Stegosystem Model Application of Steganography Classification of Steganography Digital File Types Steganographic File System Cryptography Watermarking Issues in Information Hiding Detecting Steganography Tools Chapter 2: Data Acquisition and Duplication Introduction to Data Acquisition and Duplication Determining the Best Acquisition Methods o Disk-to-Image File o Disk-to-Disk Copy o Sparse Data Copy Data Recovery Contingencies The Need For Data Duplication Data Acquisition Software Tools Windows Standard Tools Linux Standard Tools o DriveSpy o FTK Imager o Mount Image Pro o Drive SnapShot o SnapBack DatArrest o SafeBack Data Acquisition Hardware Tools o Image MASSter Solo-3 o LinkMASSter-2 o RoadMASSter-2 Page 6 of 9

Data Duplication Software Tools o R-Drive Image o DriveLook o DiskExplorer o Save-N-Sync o DFSMSdss o SCSIPAK Data Duplication Hardware Tools o ImageMASSter 6007SAS o Disk Jockey IT o QuickCopy Chapter 3: Forensic Investigations Using EnCase Introduction to Forensic Investigation Using EnCase Evidence Files o Verifying Evidence Files o Evidence File Format Verifying File Integrity Hashing Acquiring an Image Configuring EnCase o View Menu o Device Tab o Status Bar o Searching o Keywords o Starting the Search o Search Hits Tab o Bookmarks o Creating Bookmark Folders o Adding Bookmarks o Bookmarking a Selected Area Recovering Deleted Files/Folders in a FAT Partition Viewing Recovered Files Recovering Files/Folders in an NTFS Partition Master Boot Record (MBR) Page 7 of 9

NTFS Starting Point Viewing Disk Geometry Recovering Deleted Partitions Hash Values o Creating Hash Sets o MD5 Hash o Creating Hashes o Viewers o Creating Hashes Signature Analysis Viewing the Results Copying Files and Folders E-Mail Recovery Reporting EnCase Boot Disks Chapter 4: Recovering Deleted Files and Deleted Partitions Introduction to Recovering Deleted Files and Deleted Partitions Deleting Files What Happens When a File Is Deleted in Windows? The Recycle Bin in Windows Damaged Recycled Folder How to Undelete a File Data Recovery in Linux o Tools to Recover Deleted Files File Recovery Tools for Windows Tools for Use with UNIX-based Systems o Tools Based on File Type o Tools Based on Media Type Recovering Deleted Partitions Deletion of a Partition What Happens When a Partition is Deleted? Recovery of Deleted Partitions Tools to Recover Deleted and Damaged Partitions Chapter 5: Image File Forensics Page 8 of 9

Introduction to Graphics File Forensics Introduction to Graphics Files Understanding Vector Images Understanding Raster Images Metafile Graphics Understanding Image File Formats BMP (Bitmap) File Data Compression in Image Files Understanding File Compression Lossless Compression Algorithms Lossy Compression Locating and Recovering Image Files Steganography in Image Files Steganalysis Identifying Copyright Issues with Graphics Page 9 of 9

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information