EnCase v6 Network Intrusion Investigations (Certificate)

Dimension Data Learning Solutions
Adelaide, Brisbane, Canberra, Melbourne, Perth, Syndey, Australia

Course Format: Classroom | E-learning | Virtual Class | Online | On-site | Blended | Self-paced

Course Description:

'' This hands-on course is designed for investigators who want to learn more about network intrusions, the tools commonly used by attackers and the forensic artifacts left behind. This course goes into the technical aspects of network intrusions, as well as the methodology commonly used by attackers. The course will begin with an overview of networking protocols and then quickly address topics such as session hijacking, capturing network traffic and the importance of collecting volatile data (which can contain significant forensic artifacts).

The course combines forensic examinations with live response in a network environment. Students learn how to examine a compromised server or workstation in the field to obtain log files and forensic images of hard disk drives. Students examine server log files and forensic artifacts for evidence of the attacker’s methods and activities.

This course covers several aspects of Trojan virus infection, as well as how investigators and examiners can combat the Trojan virus defense ("It wasn’t me!").

Students will take part in real-world scenarios by performing several different types of attacks on a mock victim machine and then examining the victim computer using EnCase to identify the artifacts they left behind by the "attacker." Many different types of tools and programs will be discussed and used during the course to familiarise the investigator with common tools and methods used to gain unauthorized access, and how those tools and methods can be readily identified during a forensic examination.

In addition to the various "hacker" tools, students will also utilize and discuss a variety of forensic tools, including the EnCase Enterprise Edition (network version) and network intrusion EnScripts® for live incident response and collection of volatile data important to network intrusion investigations. Students will also discuss the use of the EnCase Enterprise Edition for internal investigations over an organisation’s Local Area Network.


Skills Gained: Use of virtualized environments in investigations
The hacker mind and security policy
Collection of volatile data from live system
Knowledge of viruses
Hiding and manipulating data
Trojans and MalwareCombating the Trojan virus defense
Footprinting and vulnerability scanning
Webserver attacks
Wireless security and vulnerabilities
Analyzing network traffic (sniffing)
Netbios/FileSharing attacks
Windows® rootkits


Key Topics: Day one provides an overview of working with VMware to create virtual machines for testing purposes. Students are introduced to attacker methodology and motivations, the basics of incident response and the importance of a good security policy are discussed.
- Using VMware and Examining Virtual Machines in EnCase
- The Hacker Mind and Methodology
- Incident Response and Security Policy
- Network Hardware Devices
- TCP/IP Overview
- Understanding Ports
- Footprinting & Scanning

Day two allows students to conduct NetBIOS and file sharing attacks in a manner consistent with a "real-world" intrusion, and view the resulting forensic artifacts.
- NetBIOS and Windows® File Sharing
- Manipulation and Obfuscation of Data
- Analyzing Network Traffic
- Wireless Sniffing and Security

Day three takes students through additional areas of intrusion investigation and forensics, presenting numerous tools for targeted incident response.
- Snort Intrusion Detection System (IDS)
- Incident Response Toolkit and Duplications
- Volatile Data Collection
- System Snapshot with EnCase Enterprise® and Compromise Assessment
- Windows Registry

Day four exposes students to malware and Trojan file infections, the use of binary packing software and forensic detection of packed files and Trojan file delivery and start-up methods.
- Packers and Compressors
- Trojan Viruses
- Optix Pro Remote Control
- Internet Information Services (IIS) Exploit

...''

Elements of this syllabus are subject to change.

Phone:13 12 01 / 08 8236 8200

School Address:

Level 7
553 Hay St
Perth WA 6000

Level 4, PKF House
139 Frome St
Adelaide 5000

Level 10, Thakral House
301 George St
Sydney 2000

Level 3, Dimension Data Building
11-17 Dorcas St
South Melbourne 3205

Level 12
307 Queen St
Brisbane 4000

Jobs & Resumes: Adelaide, Brisbane, Canberra, Melbourne, Perth, Syndey
Houses & Roommates: Adelaide, Brisbane, Canberra, Melbourne, Perth, Syndey
Travel Agencies: Brisbane, Melbourne, Perth,

Search other schools for EnCase v6 Network Intrusion Investigations training resources.

Citrix XenApp 4.5 and 5.0 for Windows Server 2003: Administration
Implementing Citrix XenApp 5.0 for Windows Server 2008
Citrix Access Gateway 4.5 Advanced Edition: Administration
Citrix Password Manager 4.5: Administration
Citrix XenApp (Presentation Server 4.5): Support
Citrix Access Suite 4.0: Build/Test Workshop
CompTIA A+ Certification Essentials Support Skills
CompTIA A+ Certification Electives
Practical Digital Evidence Gathering
EnCase v6 NTFS
EnCase v6 Advanced Internet Examinations
EnCase v6 Advanced Computer Forensics
EnCase v6 Computer Forensics II
EnCase v6 Computer Forensics I
EnCase v6 FIM/Mobile Use of EE Live Forensics
D8750/760/770 IBM Lotus Domino R8 - System Administrator
D8720 Exploring New Features in IBM Lotus Domino 8 Administration
Exploring New Features in IBM Lotus Domino Designer 8

Notice: The course description on this page was captured from the Internet as historical reference or submitted by visitors. It was archived statically and not updated from day to day.
 

Tips: Our combined search function does not only provide you with the training courses and students, but also talent resumes and jobs, or shared apartments nearby for rent.