Cyber Incident Forensic Response (CIFR) 2015



Similar documents
Of the programs offered by IACIS, the Basic Computer Forensic Examiner (BCFE) Training Program is at the forefront.

CST 244 Computer Forensics and Investigation Spring, 2010

FINAL SCHEDULE YEAR 1 AUGUST WEEK 1

I. PREREQUISITES For information regarding prerequisites for this course, please refer to the Academic Course Catalog.

CYBER FORENSICS (W/LAB) Course Syllabus

Course Syllabus - IST 454 Computer and Cyber Forensics General Course Information

Advanced Digital Forensics ITP 475 (4 Units)

CTC 328: Computer Forensics

Course 2788A: Designing High Availability Database Solutions Using Microsoft SQL Server 2005

VMWARE COURSE OUTLINE. Revision 1.0 Prepared by: See CY

Nurse Assistant Training Program Application MISSION STATEMENT ADMISSION REQUIREMENTS BACKGROUND CHECKS/BARRIER CRIMES

HOWARD. UNIVERSITY School of Business

Syllabus -- CIS Computer Maintenance / A+ Certification

Managing and Maintaining Windows Server 2008 Servers (6430) Course length: 5 days

(Part 2) Lunch Block 7 1:05 PM 2:27 PM

Summer 2015 Course Title & credit hours: Information Security, CET2830C (hybrid); 3 credit hours

COWLEY COLLEGE & Area Vocational Technical School

CMJ CRIME SCENE INVESTIGATION Spring Syllabus 2015

I. PREREQUISITE For information regarding prerequisites for this course, please refer to the Academic Course Catalog.

Security and Computer Forensics ITP 477 (4 Units)

Charleston Southern University. CSU Camp. June 16 th 20 st, 2014 Participant Application

Introduction to Computer Forensics Course Syllabus Spring 2012

Computer Programming & Information Systems BCS451 Virtualization / Cloud Computing. Outline

Math 103, College Algebra Fall 2015 Syllabus TTh PM Classes

Course Syllabus. 2553A: Administering Microsoft SharePoint Portal Server Key Data. Audience. At Course Completion.

EMPORIA STATE UNIVERSITYSCHOOL OF BUSINESS Department of Accounting and Information Systems. IS213 A Management Information Systems Concepts

2 Weeks 1 Week 5 Weeks : Microsoft Exchange Server 2010 Administration 4 Weeks Enterprise Smartphone Administration

Montgomery County Community College Non-Credit Programs Winter/Spring 2016 TECHNOLOGY PROGRAMS

UNIVERSITY OF NORTHERN COLORADO

PUAD 502 Administration in Public and Non-Profit Organizations Term Offered Fall, 2015 Syllabus

Prerequisite Math 115 with a grade of C or better, or appropriate skill level demonstrated through the Math assessment process, or by permit.

DYERSBURG STATE COMMUNITY COLLEGE Course Syllabus

RE: School of Computer Forensic Investigation, Class 7, Eastern Michigan University

MS-6422A - Implement and Manage Microsoft Windows Server Hyper-V

Engineering Problem Solving and Programming (CS 1133)

C HFI C HFI. EC-Council. EC-Council. Computer Hacking Forensic Investigator. Computer. Computer. Hacking Forensic INVESTIGATOR

Course: Fundamentals of Microsoft Server 2008 Active Directory

C HFI C HFI. EC-Council. EC-Council. Computer Hacking Forensic Investigator. Computer. Computer. Hacking Forensic INVESTIGATOR

COS/PSA 412 Computer Forensics and Investigations

NE-20247D Configuring and Deploying a Private Cloud

Sheridan/Gillette College IT Help Desk Service Level Agreement

I. PREREQUISITES For information regarding prerequisites for this course, please refer to the Academic Course Catalog.

COURSE SYLLABUS CSCI 352 INFORMATION SECURITY OPERATIONS

Operations Manager 2012 Administration Bootcamp

Accounting : Accounting Information Systems and Controls. Fall 2015 COLLEGE OF BUSINESS AND INNOVATION

I. PREREQUISITE For information regarding prerequisites for this course, please refer to the Academic Course Catalog.

Great Basin College Spring Semester GRC 188 section 1001 Web Animation and Interactivity I

I. PREREQUISITES For information regarding prerequisites for this course, please refer to the Academic Course Catalog.

MAT 1111: College Algebra: CRN SPRING 2013: MWF 11-11:50: GRAY 208

A High School Diploma: The Foundation for Life. USD 489 Hays EOE. Individualized, Mastery-Based Instruction Work at your own pace Online or in our Lab

Dr. Stanny EXP 3082L Fall 2003 EXPERIMENTAL PSYCHOLOGY LABORATORY. Office Hours For Dr. Stanny: 9:00 AM - 11:30 AM Tuesday, Wednesday, & Thursday

BUS319: Introduction to Enterprise Resource Planning

Course Outline: Course SYDP1383: Symantec Backup Exec 2010: Administration

Designing Database Solutions for Microsoft SQL Server 2012

Computer Technology Division. Course Syllabus for: COMT Spring Instructor: Joe Bolen

University of South Florida Sarasota-Manatee Course Syllabus Forensic Accounting and Fraud Examination ACG 4931 Spring 2015

Math 103, College Algebra Spring 2016 Syllabus MWF Day Classes MWTh Day Classes

California State University, Chico Department of Health & Community Services

Computer Forensics (3 credit hours)

Configuring and Deploying a Private Cloud with System Center 2012

ADVANCED COMPOSITION: AMERICAN ACADEMIC CULTURE

Administering a Microsoft SQL Server 2000 Database

Deploying Microsoft Windows Rights Management Services

Great Basin College Spring GRC 360: Typography & Letterforms 3 credits

Eastfield College Student Government Association Executive Board Application Academic Year

Syllabus: Office Technology Medical Office Assistant

BACKUP AND RECOVERY PLAN MS SQL SERVER

Master of Healthcare Administration Frequently Asked Questions

CIT215 - Microsoft Networking V Spring 2015

eeye Digital Security Product Training

ACC 7145: ACCOUNTING SYSTEMS DESIGN AND CONTROL SYLLABUS FOR SUMMER SESSION 2014

SOUTHWESTERN MICHIGAN COLLEGE SCHOOL: Arts and Sciences Niles, Michigan COURSE SYLLABUS Fall Semester 2014

I. PREREQUISITE For information regarding prerequisites for this course, please refer to the Academic Course Catalog.

Introduction to Forensic Anthropology ASM 275, Section 6146, Glendale Community College, Spring 2008

Course 20465C: Designing a Data Solution with Microsoft SQL Server

167 th Air Wing Fast Track Cyber Security Blue Ridge Community and Technical College

COURSE SYLLABUS BMIS 342 CYBER SECURITY

Surgical Technology Accelerated Alternate Delivery (AAD) Program (For all students in the program January 2015 or later)


I. PREREQUISITES For information regarding prerequisites for this course, please refer to the Academic Course Catalog.

ACT Mathematics sub-score of 22 or greater or COMPASS Algebra score of 50 or greater or MATH 1005 or DSPM 0850

Course 20247: Configuring and Deploying a Private Cloud

Core Solutions of Microsoft Lync Server 2013

AUGUST Register for our workshops on Academica. Workshops. Consultation Services. otl.wayne.edu

X Network, Operating System, and Database Security. Fall 2014, Registration Number W. UCLA EXTENSION: Computer Science.

March 2 13, 2015 Advanced Manufacturing Training Courses at

I. PREREQUISITE For information regarding prerequisites for this course, please refer to the Academic Course Catalog.

CSSW REGISTRATION GUIDE SPRING Tips, hints, and quick hits to help you navigate the Spring registration process.

CSSW REGISTRATION GUIDE FALL Tips, hints, and quick hits to help you navigate the Fall registration process.

Course Syllabus. Configuring and Troubleshooting Internet Information Services in Windows Server Key Data. Audience. At Course Completion

Describe the unique legal, financial, and regulatory attributes of tax-exempt entities.

Table of Contents. Introduction. Audience. At Course Completion. Prerequisites

DIGITAL FORENSICS SPECIALIZATION IN BACHELOR OF SCIENCE IN COMPUTING SCIENCE PROGRAM

Trainer Preparation Guide for Course 10174A: Configuring and Administering Microsoft SharePoint 2010

22 nd Annual Caroline County Regional Fire School 2016

PC/Network Technician Certification Program: CompTIA A+, Microsoft MTA: OS Essentials, CWTS Wireless Certifications

COMPETITIVE SPEECH AND DRAMA SYLLABUS SPRING 2014

SUMMER TIMETABLE CAMBRIDGE

Hands-On How-To Computer Forensics Training

Transcription:

Cyber Incident Forensic Response (CIFR) 2015 Cyber Incident Forensic Response Training Program Program Description and Syllabus Contents A. Program Overview B. Prerequisites C. Automated Forensic Tools, Forensic Hardware, and Software D. Required Equipment and Supplies E. Attendance and Program Conduct Requirements F. Course Schedule for Week 1 and Week 2 G. Individual Course Synopses and Course Objectives H. IACIS Certification Competencies I. CIFR Course Numbers and Certification Competency Cross-References A. Program Overview IACIS is an independent, non-profit, peer-review organization that has been recognized as a leader in computer forensics training since 1991. Each year IACIS offers several courses of study, at various locations worldwide, including a variety of advanced and specialized courses and programs that are specifically targeted to a particular topical focus or a particular sub-specialty within the field of computer forensics. One of the specialized programs offered by IACIS is the Incident Response Handler (CIFR) Training Program. The IACIS CIFR Training Program is a 76-hour course of instruction this is offered over a period of two (2) consecutive weeks, and is designed to provide students with the foundation knowledge of the network topology, computer network sources of evidence and the forensic analysis of network artifacts necessary conduct host and network Incident Response investigations. Through a combination of lectures, instructor-led and independent hands-on practical exercises, and independent laboratory activities students will learn the underlying principles of host- and network-level computer forensic examinations and enhance their ability to conduct forensic examinations of data collected from computer networks including network devices, servers and hosts. The program schedule includes substantial laboratory time (optional) for students who need or want additional assistance on particular topics. B. Prerequisites The IACIS Basic Computer Forensic Examiner (BCFE) course is a strongly recommended prerequisite for enrollment in the Forensic course. Due to their extensive use within the class, experience with navigating Linux and use of virtualization software such as VMWare, Virtualbox and Parallels is strongly recommended. IACIS The International Association of Computer Investigative Specialists Page 1 of 6

C. Automated Forensic Tools, Forensic Hardware, and Software IACIS espouses a forensic tool-independent and forensic methodology-independent approach to teaching computer forensics. To this end, IACIS does not endorse nor support any particular forensic software tool, forensic hardware device, nor any particular software program generally. Students are not required nor expected to have any knowledge of any particular forensic software or automated tool suite;; and in fact there is no expectation that students in the CIFR program be familiar with or have any experience using any particular software program. Similarly, students are not required nor expected to have any knowledge of any particular forensic hardware device or component. The above notwithstanding, automated and manual forensic software tools will be used during instructional modules to illustrate teaching points and to facilitate MANUAL study of data structures and data recovery by using a limited functionality of particular tool or suite of tools. Similarly, particular forensic hardware devices might also be used to teach students about specific forensic processes. In cases where use of any particular hardware item or software program of any type is required for an instructor-led activity, in-class practical exercise, or independent laboratory exercise, students will be provided access to the particular hardware item or software program, and there will be instruction as to the use of that particular hardware item or software program for the limited purpose of the activity at hand. So there are no misunderstandings, regardless of what hardware item or software program might be used, the purpose of any instruction that might be provided with respect the item or program is intended solely for the immediate purpose of the instructional block at hand, and is not designed to provide specific training on that hardware item or software program. D. Required Equipment and Supplies Students will be supplied with all of the materials needed to successfully complete the CIFR program. This includes a program manual that includes instructor-led practical and independent laboratory exercises, various hardware and software tools/items, and other items and resources that are needed for particular courses or that might be of benefit later, in the field. Students are not required to bring a computer with them to the training program. With participation in the CIFR training event, IACIS is providing each student a laptop computer for their use during the event and also to take with them. Students must bring with them a Windows 7 virtual machine. This will be used during the malware analysis portion of the class. Students must bring with them a designated VM for use as a Linux analysis platform during the class. Students may bring a laptop computer or other computing device with them for personal use outside of the classroom. Students are not permitted to use their personal laptop computers, pad/tablet computing devices, PDAs, cellular telephones, and other personal computing devices in the classroom. E. Attendance and Program Conduct Requirements The CIFR program provides approximately seventy-six (76) hours of instruction in various computer forensics courses. The program runs for two (2) consecutive weeks, Monday through Friday, from 8:00 AM to 5:00 PM daily each week, with a one (1) hour break for lunch from 12:00 noon to 1:00 PM each day. On the 2 nd Friday of the program, the instructional part of the event will conclude at 12:00 PM. The event will conclude by 3:00 PM after closing ceremonies, as noted below. Courses are timed using the traditional 50 minute hour to allow for a short break at the top of each hour. On the first day of the program, the first hour (from 8:00 AM to 9:00 AM) is used for administrative purposes IACIS The International Association of Computer Investigative Specialists Page 2 of 6

such as staff introductions and providing students information about the programming to follow. That hour is considered part of the overall program due to the vital information provided. On the last day of the program (i.e. the Friday of the 2 nd week) the morning session (8:00 AM to 12:00 Noon) will conclude the CIFR training. The afternoon session (1:00 PM to 3:00 PM) is dedicated to various administrative and IACIS membership services topics. This includes a critical presentation on the Certified Forensic Computer Examiner (CFCE) process. At the conclusion of the presentations students who met all requirements for successful completion of the program will be issued certificates of completion for the CIFR program. So there is no misunderstanding, the certificate of completion awarded to students who successfully complete the 76-hour CIFR course of instruction and is not a certification. Students are expected to attend all training sessions. Classes begin promptly at 8:00 AM, and students are expected to be prepared to begin the instructional day at that time. With the exception of the final day of the program (i.e. the Friday of the 2 nd week), classes will always continue until 5:00 PM on each class day. On the final day, the program will close by 3:00 PM. It is important for students to understand that the presentations in the afternoon of the last day, while not officially considered part of the 76 hour CIFR course of instruction, are considered mandatory: The bulk of the afternoon consists of a lengthy session addressing the CFCE process, and it is during this time that all of the information regarding that process is presented to students. Moreover, vital information is provided on what IACIS services and resources are available to members;; and instructions are provided on how these services and resources are accessed. IACIS understands that unforeseen circumstances and emergency situations may arise, and so students are permitted to briefly leave the classroom to deal with such situations. That said, students who have absences from class may not be issued a certificate of completion at the end of the program, and may not qualify for entry into the CFCE process. While students are encouraged to take notes during classes, activities, and laboratory sessions, students are not permitted to use their personal laptop computers or other personal computing devices during any classes. Similarly, students are not permitted to use any audio or video recording devices, at any time during any classroom or laboratory session. Students are expected to dress professionally and appropriately for a business casual environment (collared shirt, slacks, etc.). Shorts, tank tops, sandals, flip-flops, and similar casual apparel will not be permitted in the classroom at any time. Something for students to consider is that the classroom is air conditioned, and the temperature is set lower than what one may typically expect to keep the room comfortable given the heat that can be generated by a large group people and multiple computers. At times, however, when the computers are idle, the room can become too cold for some students, so one might consider bringing a sweater or light jacket to wear. Students must be mindful of the fact that the classroom is large, with numerous students and staff. Even small distractions can make it difficult for others to hear or to remain focused on the instructor. So, then, students are asked to be courteous and aware of their fellow students. During classes, students are expected to be attentive and fully engaged. Cell phones must be put on vibrate or silent mode, and students should step out of the classroom if it becomes necessary. IACIS The International Association of Computer Investigative Specialists Page 3 of 6

F. CIFR Course Schedule Week 1 Week 1 Monday Tuesday Wednesday Thursday Friday 8:00 Opening Ceremonies and Administrative Tasks Services CIFR Frameworks 08:50-9:00 Break Break Break Break Break 9:00 Theory Microsoft s CSIRP 9:50-10:00 Break Break Break Break Break Microsoft Electronic Crime 10:00 Theory s Lab Scene Processing 10:50-11:00 Break Break Break Break Break 11:00 Theory Log with Highlighter (EnCase) PCAP (tshark, tcpdump, security onion) 11:50-13:00 LUNCH LUNCH LUNCH LUNCH LUNCH PCAP Theory Wireshark (tshark, tcpdump, 13:00 (FResponse/NBD security onion) Server) 13:50-14:00 Break Break Break Break Break 14:00 Theory Wireshark Regulatory Frameworks/Legal 14:50-15:00 Break Break Break Break Break 15:00 Topology Wireshark Web Page Defacement Exercise 15:50-16:00 Break Break Break Break Break 16:00 Topology Wireshark Web Page Defacement Exercise 16:50-17:00 END OF DAY END OF DAY END OF DAY END OF DAY END OF DAY LAB NO LAB LAB NIGHT LAB NIGHT LAB NIGHT NO LAB IACIS The International Association of Computer Investigative Specialists Page 4 of 6

F. CIFR Course Schedule Week 2 Week 2 Monday (Windows) Tuesday (Linux) Wednesday (RAM) Thursday () Friday 8:00 (ELEX) Linux Overview RAM Architecture Timeline 08:50-9:00 Break Break Break Break Break 9:00 (LogParser) Linux Overview RAM Architecture Timeline 9:50-10:00 Break Break Break Break Break 10:00 (LogParser) Linux Overview RAM Capture 1 CSIRP 10:50-11:00 Break Break Break Break Break 11:00 Registry Linux RAM Capture 2 11:50-13:00 LUNCH LUNCH LUNCH LUNCH LUNCH 13:00 Registry Linux RAM 13:50-14:00 Break Break Break Break Break 14:00 Linux RAM 14:50-15:00 Break Break Break Break Break 15:00 Linux RAM 15:50-16:00 Break Break Break Break Break 16:00 Linux RAM 16:50-17:00 END OF DAY END OF DAY END OF DAY END OF DAY END OF DAY LAB LAB NIGHT LAB NIGHT LAB NIGHT NO LAB NO LAB IACIS The International Association of Computer Investigative Specialists Page 5 of 6

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information