Eccouncil - Computer Hacking Forensic Investigator
Eccouncil - Computer Hacking Forensic Investigator | 800MB | English
The CHFI course will give participants the necessary skills to identify an intruder's footprints and to properly gather the necessary evidence to prosecute. Many of today's top tools of the forensic trade will be taught during this course, including software, hardware and specialized techniques. The need for businesses to become more efficient and integrated with one another, as well as the home user, has given way to a new type of criminal, the "cyber-criminal." It is no longer a matter of "will your organization be comprised (hacked)?" but, rather, "when?" Today's battles between corporations, governments, and countries are no longer fought only in the typical arenas of boardrooms or battlefields using physical force. Now the battlefield starts in the technical realm, which ties into most every facet of modern day life. If you or your organization requires the knowledge or skills to identify, track, and prosecute the cyber-criminal, then this is the course for you.
Who Should Attend
Police and other law enforcement personnel, Defense and Military personnel, e-Business Security professionals, Systems administrators, Legal professionals, Banking, Insurance and other professionals, Government agencies, IT managers
Prerequisites
It is strongly recommended that you attend the CEH class before enrolling into CHFI program.
Duration:
5 days (9:00 – 5:00)
Certification
The CHFI 312-49 exam will be conducted on the last day of training. Students need to pass the online Prometric exam to receive the CHFI certification.
Course Outline v2
Module I: Computer Forensics in Today's World
* Introduction
* History of Forensics
* Definition of Forensic Science
* Definition of Computer Forensics
* What Is Computer Forensics?
* Need for Computer Forensics
* Evolution of Computer Forensics
* Computer Forensics Flaws and Risks
* Corporate Espionage Statistics
* Modes of Attacks
* Cyber Crime
* Examples of Cyber Crime
* Reason for Cyber Attacks
* Role of Computer Forensics in Tracking Cyber Criminals
* Rules of Computer Forensics
* Computer Forensics Methodologies
* Accessing Computer Forensics Resources
* Preparing for Computing Investigations
* Maintaining professional conduct
* Understanding Enforcement Agency Investigations
* Understanding Corporate Investigations
* Investigation Process
* Digital Forensics
Module II: Law And Computer Forensics
* What Is Cyber Crime?
* What Is Computer Forensics?
* Computer Facilitated Crimes
* Reporting Security Breaches to Law Enforcement
* National Infrastructure Protection Center
* FBI
* Federal Statutes
* Cyber Laws
* Approaches to Formulate Cyber Laws
* Scientific Working Group on Digital Evidence (SWGDE)
* Federal Laws
* The USA Patriot Act of 2001
* Freedom of Information Act
* Building Cyber Crime Case
* How the FBI Investigates Computer Crime?
* How to Initiate an Investigation?
* Legal Issues Involved in Seizure of Computer Equipments
* Searching With a Warrant
* Searching Without a Warrant
* Privacy Issues Involved in Investigations
* International Issues Related to Computer Forensics
* Crime Legislation of EU
* Cyber Crime Investigation
Module III: Computer Investigation Process
* Investigating Computer Crime
* Investigating a Company Policy Violation
* Investigation Methodology
* Evaluating the Case
* Before the Investigation
* Document Everything
* Investigation Plan
* Obtain Search Warrant
* Warning Banners
* Shutdown the Computer
* Collecting the Evidence
* Confiscation of Computer Equipments
* Preserving the Evidence
* Importance of Data-recovery Workstations and Software
* Implementing an Investigation
* Understanding Bit-stream Copies
* Imaging the Evidence Disk
* Examining the Digital Evidence
* Closing the Case
* Case Evaluation
Module IV: Computer Security Incident Response Team
* Present Networking Scenario
* Vulnerability
* Vulnerability Statistics
* What Is an Incident?
* A Study by CERT Shows Alarming Rise in Incidents (security Breach)
* How to Identify an Incident
* Whom to Report an Incident?
* Incident Reporting
* Category of Incidents
* Handling Incidents
* Procedure for Handling Incident
* Preparation
* Identification
* Containment
* Eradication
* Recovery
* Follow up
* What Is CSIRT?
* Why an Organization Needs an Incident Response Team?
* Need for CSIRT
* Example of CSIRT
* CSIRT Vision
* Vision
* Best Practices for Creating a CSIRT
* Step 1: Obtain Management Support and Buy-In
* Step 2: Determine the CSIRT Development Strategic
* Step 3: Gather Relevant Information
* Step 4: Design your CSIRT Vision
* Step 5: Communicate the CSIRT Vision
* Step 6: Begin CSIRT Implementation
* Step 7: Announce the CSIRT
* Other Response Teams Acronyms and CSIRTs around the world
* World CSIRT
Module V: Computer Forensic Laboratory Requirements
* Budget Allocation for a Forensics Lab
* Physical Location Needs of a Forensic Lab
* Work Area of a Computer Forensics Lab
* General Configuration of a Forensic
* Equipment Needs in a Forensics Lab
* Ambience of a Forensics Lab
* Environmental Conditions
* Recommended Eyestrain Considerations
* Structural Design Considerations
* Electrical Needs
* Communications
* Basic Workstation Requirements in a Forensic Lab
* Consider stocking the following hardware peripherals
* Maintain Operating System and Application Inventories
* Common Terms
* Physical Security Recommendations for a Forensic Lab
* Fire-Suppression Systems
* Evidence Locker Recommendations
* Evidence Locker Combination Recommendations
* Evidence Locker Padlock Recommendations
* Facility Maintenance
* Auditing a Computer Forensics Lab
* Auditing a Forensics Lab
* Forensics Lab
* Mid Sized Lab
* Forensic Lab Licensing Requisite
* Forensic Lab Manager Responsibilities
Module VI: Understanding File systems and Hard disks
* Disk Drive Overview - I
* Hard Disk
* Disk Platter
* Tracks
* Tracks Numbering
* Sector
* Sector addressing
* Cluster
* Cluster Size
* Slack Space
* Lost Clusters
* Bad Sector
* Understanding File Systems
* Types of File System
* List of Disk File Systems
* List of Network file systems
* Special Purpose File systems
* Popular Linux File systems
* Sun Solaris 10 File system - ZFS
* Windows File systems
* Mac OS X File system
* CD-ROM / DVD File system
* File system Comparison
* Boot Sector
* Exploring Microsoft File Structures
* Disk Partition Concerns
* Boot Partition Concerns
* Examining FAT
* NTFS
* NTFS System Files
* NTFS Partition Boot Sector
* NTFS Master File Table (MFT)
* NTFS Attributes
* NTFS Data Stream
* NTFS Compressed Files
* NTFS Encrypted File Systems (EFS)
* EFS File Structure
* Metadata File Table (MFT)
* EFS Recovery Key Agent
* Deleting NTFS Files
* Understanding Microsoft Boot Tasks
* Windows XP system files
* Understanding Boot Sequence DOS
* Understanding MS-DOS Startup Tasks
* Other DOS Operating Systems
* Registry Data
* Examining Registry Data
Module VII: Windows Forensics
* Locating Evidence on Windows Systems
* Gathering Volatile Evidence
* Pslist
* Forensic Tool: fport
* Forensic Tool - Psloggedon
* Investigating Windows File Slack
* Examining File Systems
* Built-in Tool: Sigverif
* Word Extractor
* Checking Registry
* Reglite.exe
* Tool: Resplendent Registrar 3.30
* Microsoft Security ID
* Importance of Memory Dump
* Manual Memory Dumping in Windows 2000
* Memory Dumping in Windows XP and Pmdump
* System State Backup
* How to Create a System State Backup?
* Investigating Internet Traces
* Tool - IECookiesView
* Tool - IE History Viewer
* Forensic Tool: Cache Monitor
* CD-ROM Bootable Windows XP
* Bart PE
* Ultimate Boot CD-ROM
* List of Tools in UB CD-ROM
* Desktop Utilities
* File Analysis Tools
* File Management Tools
* File Recovery Tools
* File Transfer Tools
* Hardware Info Tools
* Process Viewer Tools
* Registry Tools
Module VIII: Linux and Macintosh Boot processes
* UNIX Overview
* Linux Overview
* Understanding Volumes -I
* Exploring Unix/Linux Disk Data Structures
* Understanding Unix/linux Boot Process
* Understanding Linux Loader
* Linux Boot Process Steps
* Step 1: The Boot Manager
* Step 2: init
* Step 2.1: /etc/inittab
* runlevels
* Step 3: Services
* Understanding Permission Modes
* Unix and Linux Disk Drives and Partitioning Schemes
* Mac OS X
* Mac OS X Hidden Files
* Booting Mac OS X
* Mac OS X Boot Options
* The Mac OS X Boot Process
* Installing Mac OS X on Windows XP
* PearPC
* MacQuisition Boot CD
Module IX: Linux Forensics
* Use of Linux as a Forensics Tool
* Recognizing Partitions in Linux
* File System in Linux
* Linux Boot Sequence
* Linux Forensics
* Case Example
* Step-by-step approach to Case 1 (a)
* Step-by-step approach to Case 1 ( cool.gif
* Step-by-step approach to Case 1 ©
* Step-by-step approach to Case 1 (d)
* Case 2
* Challenges in disk forensics with Linux
* Step-by-step approach to Case 2 (a)
* Step-by-step approach to Case 2 ( cool.gif
* Step-by-step approach to Case 2 ©
* Popular Linux Tools
Module X: Data Acquisition and Duplication
* Determining the Best Acquisition Methods
* Data Recovery Contingencies
* MS-DOS Data Acquisition Tools
* DriveSpy
* DriveSpy Data Manipulation Commands
* DriveSpy Data Preservation Commands
* Using Windows Data Acquisition Tools
* Data Acquisition Tool: AccessData FTK Explorer
* FTK
* Acquiring Data on Linux
* dd.exe (Windows XP Version)
* Data Acquisition Tool: Snapback Exact
* Data Arrest
* Data Acquisition Tool: SafeBack
* Data Acquisition Tool: Encase
* Need for Data Duplication
* Data Duplication Tool: R-drive Image
* Data Duplication Tool: DriveLook
* Data Duplication Tool: DiskExplorer
Module XI: Recovering Deleted Files
* Introduction
* Digital Evidence
* Recycle Bin in Windows
* Recycle Hidden Folder
* Recycle folder
* How to Undelete a File?
* Tool: Search and Recover
* Tool: Zero Assumption Digital Image Recovery
* Data Recovery in Linux
* Data Recovery Tool: E2undel
* Data Recovery Tool: O&O Unerase
* Data Recovery Tool: Restorer 2000
* Data Recovery Tool: Badcopy Pro
* Data Recovery Tool: File Scavenger
* Data Recovery Tool: Mycroft V3
* Data Recovery Tool: PC Parachute
* Data Recovery Tool: Stellar Phoenix
* Data Recovery Tool: ~Spam/Phisher Please report~
* Data Recovery Tool: Virtual Lab
* Data Recovery Tool: R-linux
* Data recovery tool: Drive and Data Recovery
* Data recovery tool: active@ UNERASER - DATA recovery
* Data recovery tool: Acronis Recovery Expert
* Data Recovery Tool: Restoration
* Data Recovery Tool: PC Inspector File Recovery
Module XII: Image Files Forensics
* Introduction to Image Files
* Recognizing an Image File
* Understanding Bitmap and Vector Images
* Metafile Graphics
* Understanding Image File Formats
* File types
* Understanding Data Compression
* Understanding Lossless and Lossy Compression
* Locating and Recovering Image Files
* Repairing Damaged Headers
* Reconstructing File Fragments
* Identifying Unknown File Formats
* Analyzing Image File Headers
* Picture Viewer: Ifran View
* Picture Viewer: Acdsee
* Picture Viewer: Thumbsplus
* Steganography in Image Files
* Steganalysis Tool: Hex Workshop
* Steganalysis Tool: S-tools
* Identifying Copyright Issues With Graphics
Module XIII: Steganography
* Introduction
* Important Terms in Stego-forensics
* Background Information to Image Steganography
* Steganography History
* Evolution of Steganography
* Steps for Hiding Information in Steganography
* Six Categories of Steganography in Forensics
* Types of Steganography
* What Is Watermarking
* Classification of Watermarking
* Types of Watermarks
* Steganographic Detection
* Steganographic Attacks
* Real World Uses of Steganography
* Steganography in the Future
* Unethical Use of Steganography
* Hiding Information in Text Files
* Hiding Information in Image Files
* Process of Hiding Information in Image Files
* Least Significant Bit
* Masking and Filtering
* Algorithms and Transformation
* Hiding Information in Audio Files
* Low-bit Encoding in Audio Files
* Phase Coding
* Spread Spectrum
* Echo Data Hiding
* Hiding Information in DNA
* TEMPEST
* The Steganography Tree
* Steganography Tool: Fort Knox
* Steganography Tool: Blindside
* Steganography Tool: S- Tools
* Steganography Tool: Steghide
* Steganography Tool: Digital Identity
* Steganography Tool: Stegowatch
* Tool : Image Hide
* Data Stash
* Tool: Mp3Stego
* Tool: Snow.exe
* Tool: Camera/Shy
* Steganography Detection
Module XIV: Computer Forensic Tools
* Dump Tool: DS2DUMP
* Dump Tool: Chaosreader
* Slack Space & Data Recovery Tools: Drivespy
* Slack Space & Data Recovery Tools: Ontrack
* Hard Disk Write Protection Tools: Pdblock
* Hard Disk Write Protection Tools: Nowrite & Firewire Drivedock
* Permanent Deletion of Files:pdwipe
* Disk Imaging Tools: Image & Iximager
* Disk Imaging Tools: Snapback Datarrest
* Partition Managers: PART & Explore2fs
* Linux/unix Tools: Ltools and Mtools
* Linux/UNIX tools: TCT and TCTUTILs
* Password Recovery Tool: @Stake
* ASRData
* SMART Screenshot
* Ftime
* Oxygen Phone Manager
* Multipurpose Tools: Byte Back & Biaprotect
* Multipurpose Tools: Maresware
* Multipurpose Tools: LC Technologies Software
* Multipurpose Tools: Winhex Specialist Edition
* Multipurpose Tools: Prodiscover DFT
* Toolkits: NTI tools
* Toolkits: R-Tools-I
* Toolkits: R-Tools-II
* Toolkits: DataLifter
* Toolkits: AccessData
* LC Technology International Hardware
* Screenshot of Forensic Hardware
* Image MASSter Solo and FastBloc
* RMON2 Tracing Tools and
* MCI DoStracker
* EnCase
Module XV: Application password crackers
* Password - Terminology
* What is a Password Cracker?
* How Does A Password Cracker Work?
* Various Password Cracking Methods
* Classification of Cracking Software
* System Level Password Cracking
* Application Password Cracking
* Application Software Password Cracker
* Distributed Network Attack-I
* Distributed Network Attack-II
* Passware Kit
* Accent Keyword Extractor
* Advanced Zip Password Recovery
* Default Password Database
* http://phenoelit.darklab.org/
* http://www.defaultpassword.com/
* http://www.cirt.net/cgi-bin/passwd.pl
* Password Cracking Tools List
Module XVI: Investigating Logs
* Audit Logs and Security
* Audit Incidents
* Syslog
* Remote Logging
* Linux Process Accounting
* Configuring Windows Logging
* Setting up Remote Logging in Windows
* NtSyslog
* EventReporter
* Application Logs
* Extended Logging in IIS Server
* Examining Intrusion and Security Events
* Significance of Synchronized Time
* Event Gathering
* EventCombMT
* Writing Scripts
* Event Gathering Tools
* Forensic Tool: Fwanalog
* End-to End Forensic Investigation
* Correlating Log files
* Investigating TCPDump
* IDS Loganalyais:RealSecure
* IDS Loganalysis :SNORT
Module XVII: Investigating network traffic
* Overview of Network Protocols
* Sources of Evidence on a Network
* Overview of Physical and Data-link Layer of the OSI Model
* Evidence Gathering at the Physical Layer
* Tool: Windump
* Evidence Gathering at the Data-link Layer
* Tool: Ethereal
* Tool: NetIntercept
* Overview of Network and Transport Layer of the OSI Model
* Evidence Gathering at the Network and Transport Layer-(I)
* Gathering Evidence on a Network
* GPRS Network Sniffer : Nokia LIG
* NetWitness
* McAffee Infinistream Security Forensics
* Snort 2.1.0
* Documenting the Gathered Evidence on a Network
* Evidence Reconstruction for Investigation
Module XVIII: Router Forensics
* What Is a Router?
* Functions of a Router
* A Router in an OSI Model
* Routing Table and Its Components
* Router Architecture
* Implications of a Router Attack
* Types of Router Attacks
* Denial of Service (DoS) Attacks
* Investigating Dos Attacks
* Smurfing – Latest in Dos Attacks
* Packet "Mistreating" Attacks
* Routing Table Poisoning
* Hit-and-run Attacks Vs. Persistent Attacks
* Router Forensics Vs. Traditional Forensics
* Investigating Routers
* Chain of Custody
* Incident Response & Session Recording
* Accessing the Router
* Volatile Evidence Gathering
* Router Investigation Steps - I
* Analyzing the Intrusion
* Logging
* Incident Forensics
* Handling a Direct Compromise Incident
* Other Incidents
Module XIX: Investigating Web Attacks
* Indications of a web attack
* Responding to a web attack
* Overview of web logs
* Mirrored Sites
* N-Stealth
* Investigating static and dynamic IP address
* Tools for locating IP Address: Nslookup
* Tools for locating IP Address: Traceroute
* Tools for locating IP Address:
* NeoTrace (Now McAfee Visual Trace)
* Tools for locating IP Address: Whois
* Web page defacement
* Defacement using DNS compromise
* Investigating DNS Poisoning
* SQL Injection Attacks
* Investigating SQL Injection Attacks
* Investigating FTP Servers
* Investigating FTP Logs
* Investigating IIS Logs
* Investigating Apache Logs
* Investigating DHCP Server Logfile
Module XX: Tracking E-mails and Investigating E-mail crimes
* Understanding Internet Fundamentals
* Understanding Internet Protocols
* Exploring the Roles of the Client and Server in E-mail
* E-mail Crime
* Spamming, Mail Bombing, Mail Storm
* Chat Rooms
* Identity Fraud , Chain Letter
* Sending Fakemail
* Investigating E-mail Crime and Violation
* Viewing E-mail Headers
* Examining an E-mail Header
* Viewing Header in Microsoft Outlook
* Viewing Header in Eudora
* Viewing Header in Outlook Express
* Viewing Header in AOL
* Viewing Header in Hot Mail
* Viewing Header using Pine for Unix
* Viewing Header in Juno
* Viewing Header in Yahoo
* Examining Additional Files
* Microsoft Outlook Mail
* Pst File Location
* Tracing an E-mail Message
* Using Network Logs Related to E-mail
* Understanding E-mail Server
* Examining UNIX E-mail Server Logs
* Examining Microsoft E-mail Server Logs
* Examining Novell GroupWise E-mail Logs
* Using Specialized E-mail Forensic Tools
* Tool:FINALeMAIL
* Tool: R-Mail
* E-Mail Examiner by Paraben
* Network E-Mail Examiner by Paraben
* Tracing Back
* Tracing Back Web Based E-mail
* Searching E-mail Addresses
* E-mail Search Site
* Handling Spam
* Network Abuse Clearing House
* Abuse.Net
* Protecting Your E-mail Address From Spam
* Tool: Enkoder Form
* Tool:eMailTrackerPro
* Tool:SPAM Punisher
Module XXI: Mobile and PDA Forensics
* Latest Mobile Phone Access Technologies
* Evidence in Mobile Phones
* Mobile Phone Forensic Examination Methodology
* Examining Phone Internal Memory
* Examining SIM
* Examining Flash Memory and Call data records
* Personal Digital Assistant (PDA)
* PDA Components
* PDA Forensics
* PDA Forensics - Examination
* PDA Forensics - Identification
* PDA Forensics - Collection
* PDA Forensics - Documentation
* Points to Be Remembered While Conducting Investigation
* PDA Seizure by Paraben
* SIM Card Seizure by Paraben (SIM Card acquisition tool)
* Forensic Tool – Palm dd (pdd)
* Forensic Tool - POSE
Module XXII: Investigating Trademark and Copyright Infringement
* Trademarks
* Trademark Eligibility and Benefits of Registering It
* Service Mark and Trade Dress
* Trademark infringement
* Trademark Search
* www.uspto.gov
* Copyright and Copyright Notice
* Investigating Copyright Status of a Particular Work
* How Long Does a Copyright Last?
* U.S Copyright Office
* Doctrine of "Fair Use"
* How Are Copyrights Enforced?
* SCO Vs. IBM
* SCO Vs Linux
* Line-by-Line Copying
* Plagiarism
* Turnitin
* Plagiarism detection tools
* CopyCatch
* Patent
* Patent Infringement
* Patent Search
* Case Study: Microsoft Vs Forgent
* Internet Domain Name and ICANN
* Domain Name Infringement
* Case Study: Microsoft.com Vs MikeRoweSoft.com
* How to check for Domain Name Infringement?
Module XXIII: Investigative Reports
* Need of an investigative report
* Report specification
* Report Classification
* Report and Opinion
* Layout of an Investigative Report
* Writing Report
* Use of Supporting Material
* Importance of Consistency
* Salient Features of a Good Report
* Investigative Report Format
* Before Writing the Report
* Writing Report Using FTK
Module XXIV: Becoming an Expert Witness
* Who Is an Expert?
* Who Is an Expert Witness?
* Role of an Expert Witness
* Technical Testimony Vs.
* Expert Testimony
* Preparing for Testimony
* Evidence Preparation and Documentation
* Evidence Processing Steps
* Rules Pertaining to an Expert Witness' Qualification
* Importance of Curriculum Vitae
* Technical Definitions
* Testifying in Court
* The Order of Trial Proceedings
* Voir dire
* General Ethics While Testifying-i
* Evidence Presentation
* Importance of Graphics in a Testimony
* Helping Your Attorney
* Avoiding Testimony Problems
* Testifying During Direct Examination
* Testifying During Cross Examination
* Deposition
* Guidelines to Testify at a Deposition
* Dealing With Reporters
Module XXV: Forensics in action
* E-mail Hoax
* Trade Secret Theft
* Operation Cyberslam
APPENDIX:
1. Investigating Wireless Attacks
* Passive Attacks
* Netstumbler
* Active Attacks On Wireless Networks
* Rogue Access Points
* Investigating Wireless Attacks
* Airmagnet
2. Forensics Investigation Using EnCase
* Evidence File
* Evidence File Format
* Verifying File Integrity
* Hashing
* Acquiring Image
* Configuring Encase
* Encase Options Screen
* Encase Screens
* View Menu
* Device Tab
* Viewing Files and Folders
* Bottom Pane
* Viewers in Bottom Pane
* Status Bar
* Searching
* Keywords
* Adding Keywords
* Grouping
* Add multiple Keywords
* Starting the Search
* Search Hits Tab
* Search Hits
* Bookmarks
* Creating Bookmarks
* Adding Bookmarks
* Bookmarking Selected Data
* Recovering Deleted Files/folders in FAT Partition
* Recovering Folders in NTFS
* Master Boot Record
* NTFS Starting Point
* Viewing disk Geometry
* Recovering Deleted Partitions
* Hash Values
* Creating Hash Sets
* MD5 Hash
* Creating Hash
* Viewers
* Signature Analysis
* Copying Files Folders
* E-mail Recovery
* Reporting
* Encase Boot Disks
* IE Cache Images
3. First Responder Procedures
* Steps At Crime Scene
* People Involved In Incident Response
* The Role Of A System Administrator
* First Response By Non-Laboratory Staff
* Guidelines For Search And Seizure
* Planning The Search And Seizure
* Evidence Collection
* Dealing With Powered Up Computers At Seizure Time
* How To Pull The Power
* Seizing Computer Equipment
* Removable Media
* Seizing Portable Computers
* How To Remove HD From Laptops?
* Initial Interviews
* Chain Of Custody
4. Checklist for Choosing a Forensic Examiner
5. Investigation Checklist
Police and other law enforcement personnel, Defense and Military personnel, e-Business Security professionals, Systems administrators, Legal professionals, Banking, Insurance and other professionals, Government agencies, IT managers
Prerequisites
It is strongly recommended that you attend the CEH class before enrolling into CHFI program.
Duration:
5 days (9:00 – 5:00)
Certification
The CHFI 312-49 exam will be conducted on the last day of training. Students need to pass the online Prometric exam to receive the CHFI certification.
Course Outline v2
Module I: Computer Forensics in Today's World
* Introduction
* History of Forensics
* Definition of Forensic Science
* Definition of Computer Forensics
* What Is Computer Forensics?
* Need for Computer Forensics
* Evolution of Computer Forensics
* Computer Forensics Flaws and Risks
* Corporate Espionage Statistics
* Modes of Attacks
* Cyber Crime
* Examples of Cyber Crime
* Reason for Cyber Attacks
* Role of Computer Forensics in Tracking Cyber Criminals
* Rules of Computer Forensics
* Computer Forensics Methodologies
* Accessing Computer Forensics Resources
* Preparing for Computing Investigations
* Maintaining professional conduct
* Understanding Enforcement Agency Investigations
* Understanding Corporate Investigations
* Investigation Process
* Digital Forensics
Module II: Law And Computer Forensics
* What Is Cyber Crime?
* What Is Computer Forensics?
* Computer Facilitated Crimes
* Reporting Security Breaches to Law Enforcement
* National Infrastructure Protection Center
* FBI
* Federal Statutes
* Cyber Laws
* Approaches to Formulate Cyber Laws
* Scientific Working Group on Digital Evidence (SWGDE)
* Federal Laws
* The USA Patriot Act of 2001
* Freedom of Information Act
* Building Cyber Crime Case
* How the FBI Investigates Computer Crime?
* How to Initiate an Investigation?
* Legal Issues Involved in Seizure of Computer Equipments
* Searching With a Warrant
* Searching Without a Warrant
* Privacy Issues Involved in Investigations
* International Issues Related to Computer Forensics
* Crime Legislation of EU
* Cyber Crime Investigation
Module III: Computer Investigation Process
* Investigating Computer Crime
* Investigating a Company Policy Violation
* Investigation Methodology
* Evaluating the Case
* Before the Investigation
* Document Everything
* Investigation Plan
* Obtain Search Warrant
* Warning Banners
* Shutdown the Computer
* Collecting the Evidence
* Confiscation of Computer Equipments
* Preserving the Evidence
* Importance of Data-recovery Workstations and Software
* Implementing an Investigation
* Understanding Bit-stream Copies
* Imaging the Evidence Disk
* Examining the Digital Evidence
* Closing the Case
* Case Evaluation
Module IV: Computer Security Incident Response Team
* Present Networking Scenario
* Vulnerability
* Vulnerability Statistics
* What Is an Incident?
* A Study by CERT Shows Alarming Rise in Incidents (security Breach)
* How to Identify an Incident
* Whom to Report an Incident?
* Incident Reporting
* Category of Incidents
* Handling Incidents
* Procedure for Handling Incident
* Preparation
* Identification
* Containment
* Eradication
* Recovery
* Follow up
* What Is CSIRT?
* Why an Organization Needs an Incident Response Team?
* Need for CSIRT
* Example of CSIRT
* CSIRT Vision
* Vision
* Best Practices for Creating a CSIRT
* Step 1: Obtain Management Support and Buy-In
* Step 2: Determine the CSIRT Development Strategic
* Step 3: Gather Relevant Information
* Step 4: Design your CSIRT Vision
* Step 5: Communicate the CSIRT Vision
* Step 6: Begin CSIRT Implementation
* Step 7: Announce the CSIRT
* Other Response Teams Acronyms and CSIRTs around the world
* World CSIRT
Module V: Computer Forensic Laboratory Requirements
* Budget Allocation for a Forensics Lab
* Physical Location Needs of a Forensic Lab
* Work Area of a Computer Forensics Lab
* General Configuration of a Forensic
* Equipment Needs in a Forensics Lab
* Ambience of a Forensics Lab
* Environmental Conditions
* Recommended Eyestrain Considerations
* Structural Design Considerations
* Electrical Needs
* Communications
* Basic Workstation Requirements in a Forensic Lab
* Consider stocking the following hardware peripherals
* Maintain Operating System and Application Inventories
* Common Terms
* Physical Security Recommendations for a Forensic Lab
* Fire-Suppression Systems
* Evidence Locker Recommendations
* Evidence Locker Combination Recommendations
* Evidence Locker Padlock Recommendations
* Facility Maintenance
* Auditing a Computer Forensics Lab
* Auditing a Forensics Lab
* Forensics Lab
* Mid Sized Lab
* Forensic Lab Licensing Requisite
* Forensic Lab Manager Responsibilities
Module VI: Understanding File systems and Hard disks
* Disk Drive Overview - I
* Hard Disk
* Disk Platter
* Tracks
* Tracks Numbering
* Sector
* Sector addressing
* Cluster
* Cluster Size
* Slack Space
* Lost Clusters
* Bad Sector
* Understanding File Systems
* Types of File System
* List of Disk File Systems
* List of Network file systems
* Special Purpose File systems
* Popular Linux File systems
* Sun Solaris 10 File system - ZFS
* Windows File systems
* Mac OS X File system
* CD-ROM / DVD File system
* File system Comparison
* Boot Sector
* Exploring Microsoft File Structures
* Disk Partition Concerns
* Boot Partition Concerns
* Examining FAT
* NTFS
* NTFS System Files
* NTFS Partition Boot Sector
* NTFS Master File Table (MFT)
* NTFS Attributes
* NTFS Data Stream
* NTFS Compressed Files
* NTFS Encrypted File Systems (EFS)
* EFS File Structure
* Metadata File Table (MFT)
* EFS Recovery Key Agent
* Deleting NTFS Files
* Understanding Microsoft Boot Tasks
* Windows XP system files
* Understanding Boot Sequence DOS
* Understanding MS-DOS Startup Tasks
* Other DOS Operating Systems
* Registry Data
* Examining Registry Data
Module VII: Windows Forensics
* Locating Evidence on Windows Systems
* Gathering Volatile Evidence
* Pslist
* Forensic Tool: fport
* Forensic Tool - Psloggedon
* Investigating Windows File Slack
* Examining File Systems
* Built-in Tool: Sigverif
* Word Extractor
* Checking Registry
* Reglite.exe
* Tool: Resplendent Registrar 3.30
* Microsoft Security ID
* Importance of Memory Dump
* Manual Memory Dumping in Windows 2000
* Memory Dumping in Windows XP and Pmdump
* System State Backup
* How to Create a System State Backup?
* Investigating Internet Traces
* Tool - IECookiesView
* Tool - IE History Viewer
* Forensic Tool: Cache Monitor
* CD-ROM Bootable Windows XP
* Bart PE
* Ultimate Boot CD-ROM
* List of Tools in UB CD-ROM
* Desktop Utilities
* File Analysis Tools
* File Management Tools
* File Recovery Tools
* File Transfer Tools
* Hardware Info Tools
* Process Viewer Tools
* Registry Tools
Module VIII: Linux and Macintosh Boot processes
* UNIX Overview
* Linux Overview
* Understanding Volumes -I
* Exploring Unix/Linux Disk Data Structures
* Understanding Unix/linux Boot Process
* Understanding Linux Loader
* Linux Boot Process Steps
* Step 1: The Boot Manager
* Step 2: init
* Step 2.1: /etc/inittab
* runlevels
* Step 3: Services
* Understanding Permission Modes
* Unix and Linux Disk Drives and Partitioning Schemes
* Mac OS X
* Mac OS X Hidden Files
* Booting Mac OS X
* Mac OS X Boot Options
* The Mac OS X Boot Process
* Installing Mac OS X on Windows XP
* PearPC
* MacQuisition Boot CD
Module IX: Linux Forensics
* Use of Linux as a Forensics Tool
* Recognizing Partitions in Linux
* File System in Linux
* Linux Boot Sequence
* Linux Forensics
* Case Example
* Step-by-step approach to Case 1 (a)
* Step-by-step approach to Case 1 ( cool.gif
* Step-by-step approach to Case 1 ©
* Step-by-step approach to Case 1 (d)
* Case 2
* Challenges in disk forensics with Linux
* Step-by-step approach to Case 2 (a)
* Step-by-step approach to Case 2 ( cool.gif
* Step-by-step approach to Case 2 ©
* Popular Linux Tools
Module X: Data Acquisition and Duplication
* Determining the Best Acquisition Methods
* Data Recovery Contingencies
* MS-DOS Data Acquisition Tools
* DriveSpy
* DriveSpy Data Manipulation Commands
* DriveSpy Data Preservation Commands
* Using Windows Data Acquisition Tools
* Data Acquisition Tool: AccessData FTK Explorer
* FTK
* Acquiring Data on Linux
* dd.exe (Windows XP Version)
* Data Acquisition Tool: Snapback Exact
* Data Arrest
* Data Acquisition Tool: SafeBack
* Data Acquisition Tool: Encase
* Need for Data Duplication
* Data Duplication Tool: R-drive Image
* Data Duplication Tool: DriveLook
* Data Duplication Tool: DiskExplorer
Module XI: Recovering Deleted Files
* Introduction
* Digital Evidence
* Recycle Bin in Windows
* Recycle Hidden Folder
* Recycle folder
* How to Undelete a File?
* Tool: Search and Recover
* Tool: Zero Assumption Digital Image Recovery
* Data Recovery in Linux
* Data Recovery Tool: E2undel
* Data Recovery Tool: O&O Unerase
* Data Recovery Tool: Restorer 2000
* Data Recovery Tool: Badcopy Pro
* Data Recovery Tool: File Scavenger
* Data Recovery Tool: Mycroft V3
* Data Recovery Tool: PC Parachute
* Data Recovery Tool: Stellar Phoenix
* Data Recovery Tool: ~Spam/Phisher Please report~
* Data Recovery Tool: Virtual Lab
* Data Recovery Tool: R-linux
* Data recovery tool: Drive and Data Recovery
* Data recovery tool: active@ UNERASER - DATA recovery
* Data recovery tool: Acronis Recovery Expert
* Data Recovery Tool: Restoration
* Data Recovery Tool: PC Inspector File Recovery
Module XII: Image Files Forensics
* Introduction to Image Files
* Recognizing an Image File
* Understanding Bitmap and Vector Images
* Metafile Graphics
* Understanding Image File Formats
* File types
* Understanding Data Compression
* Understanding Lossless and Lossy Compression
* Locating and Recovering Image Files
* Repairing Damaged Headers
* Reconstructing File Fragments
* Identifying Unknown File Formats
* Analyzing Image File Headers
* Picture Viewer: Ifran View
* Picture Viewer: Acdsee
* Picture Viewer: Thumbsplus
* Steganography in Image Files
* Steganalysis Tool: Hex Workshop
* Steganalysis Tool: S-tools
* Identifying Copyright Issues With Graphics
Module XIII: Steganography
* Introduction
* Important Terms in Stego-forensics
* Background Information to Image Steganography
* Steganography History
* Evolution of Steganography
* Steps for Hiding Information in Steganography
* Six Categories of Steganography in Forensics
* Types of Steganography
* What Is Watermarking
* Classification of Watermarking
* Types of Watermarks
* Steganographic Detection
* Steganographic Attacks
* Real World Uses of Steganography
* Steganography in the Future
* Unethical Use of Steganography
* Hiding Information in Text Files
* Hiding Information in Image Files
* Process of Hiding Information in Image Files
* Least Significant Bit
* Masking and Filtering
* Algorithms and Transformation
* Hiding Information in Audio Files
* Low-bit Encoding in Audio Files
* Phase Coding
* Spread Spectrum
* Echo Data Hiding
* Hiding Information in DNA
* TEMPEST
* The Steganography Tree
* Steganography Tool: Fort Knox
* Steganography Tool: Blindside
* Steganography Tool: S- Tools
* Steganography Tool: Steghide
* Steganography Tool: Digital Identity
* Steganography Tool: Stegowatch
* Tool : Image Hide
* Data Stash
* Tool: Mp3Stego
* Tool: Snow.exe
* Tool: Camera/Shy
* Steganography Detection
Module XIV: Computer Forensic Tools
* Dump Tool: DS2DUMP
* Dump Tool: Chaosreader
* Slack Space & Data Recovery Tools: Drivespy
* Slack Space & Data Recovery Tools: Ontrack
* Hard Disk Write Protection Tools: Pdblock
* Hard Disk Write Protection Tools: Nowrite & Firewire Drivedock
* Permanent Deletion of Files:pdwipe
* Disk Imaging Tools: Image & Iximager
* Disk Imaging Tools: Snapback Datarrest
* Partition Managers: PART & Explore2fs
* Linux/unix Tools: Ltools and Mtools
* Linux/UNIX tools: TCT and TCTUTILs
* Password Recovery Tool: @Stake
* ASRData
* SMART Screenshot
* Ftime
* Oxygen Phone Manager
* Multipurpose Tools: Byte Back & Biaprotect
* Multipurpose Tools: Maresware
* Multipurpose Tools: LC Technologies Software
* Multipurpose Tools: Winhex Specialist Edition
* Multipurpose Tools: Prodiscover DFT
* Toolkits: NTI tools
* Toolkits: R-Tools-I
* Toolkits: R-Tools-II
* Toolkits: DataLifter
* Toolkits: AccessData
* LC Technology International Hardware
* Screenshot of Forensic Hardware
* Image MASSter Solo and FastBloc
* RMON2 Tracing Tools and
* MCI DoStracker
* EnCase
Module XV: Application password crackers
* Password - Terminology
* What is a Password Cracker?
* How Does A Password Cracker Work?
* Various Password Cracking Methods
* Classification of Cracking Software
* System Level Password Cracking
* Application Password Cracking
* Application Software Password Cracker
* Distributed Network Attack-I
* Distributed Network Attack-II
* Passware Kit
* Accent Keyword Extractor
* Advanced Zip Password Recovery
* Default Password Database
* http://phenoelit.darklab.org/
* http://www.defaultpassword.com/
* http://www.cirt.net/cgi-bin/passwd.pl
* Password Cracking Tools List
Module XVI: Investigating Logs
* Audit Logs and Security
* Audit Incidents
* Syslog
* Remote Logging
* Linux Process Accounting
* Configuring Windows Logging
* Setting up Remote Logging in Windows
* NtSyslog
* EventReporter
* Application Logs
* Extended Logging in IIS Server
* Examining Intrusion and Security Events
* Significance of Synchronized Time
* Event Gathering
* EventCombMT
* Writing Scripts
* Event Gathering Tools
* Forensic Tool: Fwanalog
* End-to End Forensic Investigation
* Correlating Log files
* Investigating TCPDump
* IDS Loganalyais:RealSecure
* IDS Loganalysis :SNORT
Module XVII: Investigating network traffic
* Overview of Network Protocols
* Sources of Evidence on a Network
* Overview of Physical and Data-link Layer of the OSI Model
* Evidence Gathering at the Physical Layer
* Tool: Windump
* Evidence Gathering at the Data-link Layer
* Tool: Ethereal
* Tool: NetIntercept
* Overview of Network and Transport Layer of the OSI Model
* Evidence Gathering at the Network and Transport Layer-(I)
* Gathering Evidence on a Network
* GPRS Network Sniffer : Nokia LIG
* NetWitness
* McAffee Infinistream Security Forensics
* Snort 2.1.0
* Documenting the Gathered Evidence on a Network
* Evidence Reconstruction for Investigation
Module XVIII: Router Forensics
* What Is a Router?
* Functions of a Router
* A Router in an OSI Model
* Routing Table and Its Components
* Router Architecture
* Implications of a Router Attack
* Types of Router Attacks
* Denial of Service (DoS) Attacks
* Investigating Dos Attacks
* Smurfing – Latest in Dos Attacks
* Packet "Mistreating" Attacks
* Routing Table Poisoning
* Hit-and-run Attacks Vs. Persistent Attacks
* Router Forensics Vs. Traditional Forensics
* Investigating Routers
* Chain of Custody
* Incident Response & Session Recording
* Accessing the Router
* Volatile Evidence Gathering
* Router Investigation Steps - I
* Analyzing the Intrusion
* Logging
* Incident Forensics
* Handling a Direct Compromise Incident
* Other Incidents
Module XIX: Investigating Web Attacks
* Indications of a web attack
* Responding to a web attack
* Overview of web logs
* Mirrored Sites
* N-Stealth
* Investigating static and dynamic IP address
* Tools for locating IP Address: Nslookup
* Tools for locating IP Address: Traceroute
* Tools for locating IP Address:
* NeoTrace (Now McAfee Visual Trace)
* Tools for locating IP Address: Whois
* Web page defacement
* Defacement using DNS compromise
* Investigating DNS Poisoning
* SQL Injection Attacks
* Investigating SQL Injection Attacks
* Investigating FTP Servers
* Investigating FTP Logs
* Investigating IIS Logs
* Investigating Apache Logs
* Investigating DHCP Server Logfile
Module XX: Tracking E-mails and Investigating E-mail crimes
* Understanding Internet Fundamentals
* Understanding Internet Protocols
* Exploring the Roles of the Client and Server in E-mail
* E-mail Crime
* Spamming, Mail Bombing, Mail Storm
* Chat Rooms
* Identity Fraud , Chain Letter
* Sending Fakemail
* Investigating E-mail Crime and Violation
* Viewing E-mail Headers
* Examining an E-mail Header
* Viewing Header in Microsoft Outlook
* Viewing Header in Eudora
* Viewing Header in Outlook Express
* Viewing Header in AOL
* Viewing Header in Hot Mail
* Viewing Header using Pine for Unix
* Viewing Header in Juno
* Viewing Header in Yahoo
* Examining Additional Files
* Microsoft Outlook Mail
* Pst File Location
* Tracing an E-mail Message
* Using Network Logs Related to E-mail
* Understanding E-mail Server
* Examining UNIX E-mail Server Logs
* Examining Microsoft E-mail Server Logs
* Examining Novell GroupWise E-mail Logs
* Using Specialized E-mail Forensic Tools
* Tool:FINALeMAIL
* Tool: R-Mail
* E-Mail Examiner by Paraben
* Network E-Mail Examiner by Paraben
* Tracing Back
* Tracing Back Web Based E-mail
* Searching E-mail Addresses
* E-mail Search Site
* Handling Spam
* Network Abuse Clearing House
* Abuse.Net
* Protecting Your E-mail Address From Spam
* Tool: Enkoder Form
* Tool:eMailTrackerPro
* Tool:SPAM Punisher
Module XXI: Mobile and PDA Forensics
* Latest Mobile Phone Access Technologies
* Evidence in Mobile Phones
* Mobile Phone Forensic Examination Methodology
* Examining Phone Internal Memory
* Examining SIM
* Examining Flash Memory and Call data records
* Personal Digital Assistant (PDA)
* PDA Components
* PDA Forensics
* PDA Forensics - Examination
* PDA Forensics - Identification
* PDA Forensics - Collection
* PDA Forensics - Documentation
* Points to Be Remembered While Conducting Investigation
* PDA Seizure by Paraben
* SIM Card Seizure by Paraben (SIM Card acquisition tool)
* Forensic Tool – Palm dd (pdd)
* Forensic Tool - POSE
Module XXII: Investigating Trademark and Copyright Infringement
* Trademarks
* Trademark Eligibility and Benefits of Registering It
* Service Mark and Trade Dress
* Trademark infringement
* Trademark Search
* www.uspto.gov
* Copyright and Copyright Notice
* Investigating Copyright Status of a Particular Work
* How Long Does a Copyright Last?
* U.S Copyright Office
* Doctrine of "Fair Use"
* How Are Copyrights Enforced?
* SCO Vs. IBM
* SCO Vs Linux
* Line-by-Line Copying
* Plagiarism
* Turnitin
* Plagiarism detection tools
* CopyCatch
* Patent
* Patent Infringement
* Patent Search
* Case Study: Microsoft Vs Forgent
* Internet Domain Name and ICANN
* Domain Name Infringement
* Case Study: Microsoft.com Vs MikeRoweSoft.com
* How to check for Domain Name Infringement?
Module XXIII: Investigative Reports
* Need of an investigative report
* Report specification
* Report Classification
* Report and Opinion
* Layout of an Investigative Report
* Writing Report
* Use of Supporting Material
* Importance of Consistency
* Salient Features of a Good Report
* Investigative Report Format
* Before Writing the Report
* Writing Report Using FTK
Module XXIV: Becoming an Expert Witness
* Who Is an Expert?
* Who Is an Expert Witness?
* Role of an Expert Witness
* Technical Testimony Vs.
* Expert Testimony
* Preparing for Testimony
* Evidence Preparation and Documentation
* Evidence Processing Steps
* Rules Pertaining to an Expert Witness' Qualification
* Importance of Curriculum Vitae
* Technical Definitions
* Testifying in Court
* The Order of Trial Proceedings
* Voir dire
* General Ethics While Testifying-i
* Evidence Presentation
* Importance of Graphics in a Testimony
* Helping Your Attorney
* Avoiding Testimony Problems
* Testifying During Direct Examination
* Testifying During Cross Examination
* Deposition
* Guidelines to Testify at a Deposition
* Dealing With Reporters
Module XXV: Forensics in action
* E-mail Hoax
* Trade Secret Theft
* Operation Cyberslam
APPENDIX:
1. Investigating Wireless Attacks
* Passive Attacks
* Netstumbler
* Active Attacks On Wireless Networks
* Rogue Access Points
* Investigating Wireless Attacks
* Airmagnet
2. Forensics Investigation Using EnCase
* Evidence File
* Evidence File Format
* Verifying File Integrity
* Hashing
* Acquiring Image
* Configuring Encase
* Encase Options Screen
* Encase Screens
* View Menu
* Device Tab
* Viewing Files and Folders
* Bottom Pane
* Viewers in Bottom Pane
* Status Bar
* Searching
* Keywords
* Adding Keywords
* Grouping
* Add multiple Keywords
* Starting the Search
* Search Hits Tab
* Search Hits
* Bookmarks
* Creating Bookmarks
* Adding Bookmarks
* Bookmarking Selected Data
* Recovering Deleted Files/folders in FAT Partition
* Recovering Folders in NTFS
* Master Boot Record
* NTFS Starting Point
* Viewing disk Geometry
* Recovering Deleted Partitions
* Hash Values
* Creating Hash Sets
* MD5 Hash
* Creating Hash
* Viewers
* Signature Analysis
* Copying Files Folders
* E-mail Recovery
* Reporting
* Encase Boot Disks
* IE Cache Images
3. First Responder Procedures
* Steps At Crime Scene
* People Involved In Incident Response
* The Role Of A System Administrator
* First Response By Non-Laboratory Staff
* Guidelines For Search And Seizure
* Planning The Search And Seizure
* Evidence Collection
* Dealing With Powered Up Computers At Seizure Time
* How To Pull The Power
* Seizing Computer Equipment
* Removable Media
* Seizing Portable Computers
* How To Remove HD From Laptops?
* Initial Interviews
* Chain Of Custody
4. Checklist for Choosing a Forensic Examiner
5. Investigation Checklist
Download Links
Hotfile
http://hotfile.com/dl/23369115/b915e92/Computer_Hacking_Forensic_Investigator.part1.rar.html
http://hotfile.com/dl/23369171/c0b7288/Computer_Hacking_Forensic_Investigator.part2.rar.html
http://hotfile.com/dl/23369224/0cd5220/Computer_Hacking_Forensic_Investigator.part3.rar.html
http://hotfile.com/dl/23369281/ec23b83/Computer_Hacking_Forensic_Investigator.part4.rar.html
http://hotfile.com/dl/23369328/31096d9/Computer_Hacking_Forensic_Investigator.part5.rar.html
http://hotfile.com/dl/23369385/adc089b/Computer_Hacking_Forensic_Investigator.part6.rar.html
http://hotfile.com/dl/23369447/ffe2065/Computer_Hacking_Forensic_Investigator.part7.rar.html
http://hotfile.com/dl/23369493/e40ba74/Computer_Hacking_Forensic_Investigator.part8.rar.html
0 Comments:
Post a Comment
Note: only a member of this blog may post a comment.