Curso de CHFI Computer Hacking Forensic Investigator

Comentarios sobre Curso de CHFI Computer Hacking Forensic Investigator - Presencial - Tlalnepantla - Estado de México

• Contenido
  Module 01: computer forensics in today’s world
  
  1. forensic science
  2. computer forensics
  2. 1. security incident report
  2. 2. aspects of organizational security
  2. 3. evolution of computer forensics
  2. 4. objectives of computer forensics
  2. 5. need for computer forensics
  2. 6. benefits of forensic readiness
  2. 7. goals of forensic readiness
  2. 8. forensic readiness planning
  3. cyber crime
  3. 1. cybercrime
  3. 2. computer facilitated crimes
  3. 3. modes of attacks
  3. 4. examples of cyber crime
  3. 5. types of computer crimes
  3. 6. how serious were different types of incident?
  3. 7. disruptive incidents to the business
  3. 8. time spent responding to the security incident
  3. 9. cost expenditure responding to the security incident
  4. cyber crime investigation
  4. 1. cyber crime investigation
  4. 2. key steps in forensic investigation
  4. 3. rules of forensics investigation
  4. 4. need for forensic investigator
  4. 5. role of forensics investigator
  4. 6. accessing computer forensics resources
  4. 7. role of digital evidence
  4. 8. understanding corporate investigations
  4. 9. approach to forensic investigation: a case study
  4. 10. when an advocate contacts the forensic investigator, he specifies how to approach the crime scene
  4. 11. where and when do you use computer forensics
  5. enterprise theory of investigation (eti)
  6. legal issues
  7. reporting the results
  module 02: computer forensics investigation process
  
  1. investigating computer crime
  1. 1. before the investigation
  1. 2. build a forensics workstation
  1. 3. building investigating team
  1. 4. people involved in performing computer forensics
  1. 5. review policies and laws
  1. 6. forensics laws
  1. 7. notify decision makers and acquire authorization
  1. 8. risk assessment
  1. 9. build a computer investigation toolkit
  2. computer forensic investigation methodology
  2. 1. steps to prepare for a computer forensic investigation
  2. 2. obtain search warrant
  2. 2. 1. example of search warrant
  2. 2. 2. searches without a warrant
  2. 3. evaluate and secure the scene
  2. 3. 1. forensic photography
  2. 3. 2. gather the preliminary information at scene
  2. 3. 3. first responder
  2. 4. collect the evidence
  2. 4. 1. collect physical evidence
  2. 4. 1. 1. evidence collection form
  2. 4. 2. collect electronic evidence
  2. 4. 3. guidelines in acquiring evidences
  2. 5. secure the evidence
  2. 5. 1. evidence management
  2. 5. 2. chain of custody
  2. 6. acquire the data
  2. 6. 1. duplicate the data (imaging)
  2. 6. 2. verify image integrity
  2. 6. 3. recover lost or deleted data
  2. 7. analyze the data
  2. 7. 1. data analysis
  2. 7. 2. data analysis tools
  2. 8. assess evidence and case
  2. 8. 1. evidence assessment
  2. 8. 2. case assessment
  2. 8. 3. processing location assessment
  2. 8. 4. best practices
  2. 9. prepare the final report
  2. 9. 1. documentation in each phase
  2. 9. 2. gather and organize information
  2. 9. 3. writing the investigation report
  2. 9. 4. sample report
  2. 10. testify in the court as an expert witness
  2. 10. 1. expert witness
  2. 10. 2. testifying in the court room
  2. 10. 3. closing the case
  2. 10. 4. maintaining professional conduct
  2. 10. 5. investigating a company policy violation
  2. 10. 6. computer forensics service providers
  module 03: searching and seizing of computers
  
  1. searching and seizing computers without a warrant
  1. 1. searching and seizing computers without a warrant
  1. 2. § a: fourth amendment’s “reasonable expectation of privacy” in cases involving computers: general principles
  1. 3. § a. 1: reasonable expectation of privacy in computers as storage devices
  1. 4. § a. 3: reasonable expectation of privacy and third-party possession
  1. 5. § a. 4: private searches
  1. 6. § a. 5 use of technology to obtain information
  1. 7. § b: exceptions to the warrant requirement in cases involving computers
  1. 8. § b. 1: consent
  1. 9. § b. 1. A: scope of consent
  1. 10. § b. 1. B: third-party consent
  1. 11. § b. 1. C: implied consent
  1. 12. § b. 2: exigent circumstances
  1. 13. § b. 3: plain view
  1. 14. § b. 4: search incident to a lawful arrest
  1. 15. § b. 5: inventory searches
  1. 16. § b. 6: border searches
  1. 17. § b. 7: international issues
  1. 18. § c: special case: workplace searches
  1. 19. § c. 1: private sector workplace searches
  1. 20. § c. 2: public-sector workplace searches
  2. searching and seizing computers with a warrant
  2. 1. searching and seizing computers with a warrant
  2. 2. a: successful search with a warrant
  2. 3. a. 1: basic strategies for executing computer searches
  2. 4. § a. 1. A: when hardware is itself contraband, evidence, or an instrumentality or fruit of crime
  2. 5. § a. 1. B: when hardware is merely a storage device for evidence of crime
  2. 6. § a. 2: the privacy protection act
  2. 7. § a. 2. A: the terms of the privacy protection act
  2. 8. § a. 2. B: application of the ppa to computer searches and seizures
  2. 9. § a. 3: civil liability under the electronic communications privacy act (ecpa)
  2. 10. § a. 4: considering the need for multiple warrants in network searches
  2. 11. § a. 5: no-knock warrants
  2. 12. § a. 6: sneak-and-peek warrants
  2. 13. § a. 7: privileged documents
  2. 14. § b: drafting the warrant and affidavit
  2. 15. § b. 1: accurately and particularly describe the property to be seized in the warrant and/or attachments to the warrant
  2. 16. § b. 1. A: defending computer search warrants against challenges based on the description of the “things to be seized”
  2. 17. § b. 2: establish probable cause in the affidavit
  2. 18. § b. 3: in the affidavit supporting the warrant, include an explanation of the search strategy as well as the practical & legal considerations that will govern the execution of the search
  2. 19. § c: post-seizure issues
  2. 20. § c. 1: searching computers already in law enforcement custody
  2. 21. § c. 2: the permissible time period for examining seized computers
  2. 22. § c. 3: rule 41(e) motions for return of property
  3. the electronic communications privacy act
  3. 1. § the electronic communications privacy act
  3. 2. § a. Providers of electronic communication service vs. Remote computing service
  3. 3. § b. Classifying types of information held by service providers
  3. 4. § c. Compelled disclosure under ecpa
  3. 5. § d. Voluntary disclosure
  3. 6. § e. Working with network providers
  4. electronic surveillance in communications networks
  4. 1. electronic surveillance in communications networks
  4. 2. § a. Content vs. Addressing information
  4. 3. b. The pen/trap statute, 18 u. S. C. §§ 3121-3127
  4. 4. c. The wiretap statute (“title iii”), 18 u. S. C. §§ 2510-2522
  4. 5. § c. 1: exceptions to title iii
  4. 6. § d. Remedies for violations of title iii and the pen/trap statute
  5. evidence
  5. 1. evidence
  5. 2. § a. Authentication
  5. 3. § b. Hearsay
  5. 4. § c. Other issues
  5. 5. end note
  module 04: digital evidence
  
  1. digital data
  1. 1. definition of digital evidence
  1. 2. increasing awareness of digital evidence
  1. 3. challenging aspects of digital evidence
  1. 4. the role of digital evidence
  1. 5. characteristics of digital evidence
  1. 6. fragility of digital evidence
  1. 7. anti-digital forensics (adf)
  1. 8. types of digital data
  1. 9. rules of evidence
  1. 10. best evidence rule
  1. 11. federal rules of evidence
  1. 12. international organization on computer evidence (ioce)
  1. 13. http://www. Ioce. Org/
  1. 14. ioce international principles for digital evidences
  1. 15. swgde standards for the exchange of digital evidence
  2. electronic devices: types and collecting potential evidence
  2. 1. electronic devices: types and collecting potential evidence
  3. evidence assessment
  3. 1. digital evidence examination process
  3. 2. evidence assessment
  3. 3. prepare for evidence acquisition
  4. evidence acquisition
  4. 1. preparation for searches
  4. 2. seizing the evidences
  4. 3. imaging
  4. 4. bit-stream copies
  4. 5. write protection
  4. 6. evidence acquisition
  4. 7. acquiring evidence from storage devices
  4. 8. collecting the evidence
  4. 9. collecting the evidence from ram
  4. 10. collecting evidence from stand-alone network computer
  4. 11. chain of custody
  4. 12. chain of evidence form
  5. evidence preservation
  5. 1. preserving digital evidence: checklist
  5. 2. preserving floppy and other removable media
  5. 3. handling digital evidence
  5. 4. store and archive
  5. 5. digital evidence findings
  6. evidence examination and analysis
  6. 1. evidence examination
  6. 2. physical extraction
  6. 3. logical extraction
  6. 4. analyze host data
  6. 5. analyze storage media
  6. 6. analyze network data
  6. 7. analysis of extracted data
  6. 8. timeframe analysis
  6. 9. data hiding analysis
  6. 10. application and file analysis
  6. 11. ownership and possession
  7. evidence documentation and reporting
  7. 1. documenting the evidence
  7. 2. evidence examiner report
  7. 3. final report of findings
  7. 4. computer evidence worksheet
  7. 5. hard drive evidence worksheet
  7. 6. removable media worksheet
  8. electronic crime and digital evidence consideration by crime category
  module 05: first responder procedures
  
  1. electronic evidence
  2. first responder
  3. role of first responder
  4. electronic devices: types and collecting potential evidence
  5. first responder toolkit
  5. 1. first responder toolkit
  5. 2. creating a first responder toolkit
  5. 3. evidence collecting tools and equipment
  6. first response basics
  6. 1. first responder rule
  6. 2. incident response: different situations
  6. 3. first response for system administrators
  6. 4. first response by non-laboratory staff
  6. 5. first response by laboratory forensic staff
  7. securing and evaluating electronic crime scene
  7. 1. securing and evaluating electronic crime scene: a check-list
  7. 2. warrant for search & seizure
  7. 3. planning the search & seizure
  7. 4. initial search of the scene
  7. 5. health and safety issues
  8. conducting preliminary interviews
  8. 1. questions to ask when client calls the forensic investigator
  8. 2. consent
  8. 3. sample of consent search form
  8. 4. witness signatures
  8. 5. conducting preliminary interviews
  8. 6. conducting initial interviews
  8. 7. witness statement checklist
  9. documenting electronic crime scene
  9. 1. documenting electronic crime scene
  9. 2. photographing the scene
  9. 3. sketching the scene
  10. collecting and preserving electronic evidence
  10. 1. collecting and preserving electronic evidence
  10. 2. order of volatility
  10. 3. dealing with powered off computers at seizure time
  10. 4. dealing with powered on computers at seizure time
  10. 5. dealing with networked computer
  10. 6. dealing with open files and startup files
  10. 7. operating system shutdown procedure
  10. 8. computers and servers
  10. 9. preserving electronic evidence
  10. 10. seizing portable computers
  10. 11. switched on portables
  11. packaging and transporting electronic evidence
  11. 1. evidence bag contents list
  11. 2. packaging electronic evidence
  11. 3. exhibit numbering
  11. 4. transporting electronic evidence
  11. 5. handling and transportation to the forensics laboratory
  11. 6. storing electronic evidence
  11. 7. chain of custody
  12. reporting the crime scene
  13. note taking checklist
  14. first responder common mistakes