Global Digital Forensics - Experts in Computer Forensics and Electronic Discovery

New York Boston Washington, DC

San Francisco Los Angeles Las Vegas

Chicago Denver Miami Tampa

Europe Asia South America    

Computer Forensics Electronic Discovery Security Auditing
    Home | Contact | Site Map

 

COMPUTER FORENSICS Forensic Services

Email Forensics

INCIDENT RESPONSE

TRAINING
CORPORATE SERVICES
ATTORNEYS

PRIVATE INVESTIGATORS

COMPUTER FORENSIC FAQ

COMMON MISTAKES

QUICK ANALYSIS PLAN

FORENSIC PROCESS

CASE STUDIES

CORPORATE CV

REQUEST A QUOTE

FORENSIC LINKS

 

ELECTRONIC DISCOVERY
E-DISCOVERY SERVICES

DISCOVERY CONSULTING

EXPERT WITNESSES
CASE STUDIES

EVOLUTION OF DISCOVERY

STATE OF THE LAW

E-DISCOVERY LAW

E-DISCOVERY LIBRARY

SPOLIATION CASE LAW

E-DISCOVERY NEWS

REQUEST INFORMATION

CORPORATE CV

 

DATA SECURITY
MAINFRAME SECURITY
APPLICATION SECURITY

NETWORK SECURITY

SECURITY ALERTS

END USER TIPS

SECURITY LINKS

 

SOFTWARE
MaxPatrol

KEY FEATURES

ACCURACY

SCAN QUALITY

PERFORMANCE

RELIABILITY

COMPARISONS

CASE STUDIES

DATABASE

UPDATE SYSTEM

DOWNLOAD

 

RESOURCES
CONTACT INFO
COMPUTER FORENSICS
ELECTRONIC DISCOVERY
PARTNERS
PRIVACY POLICY

TERMS OF USE

 

 

Download

Information Sheets

Basic Class (PDF)

Advanced Class (PDF)

 

 

New MaxPatrol Demo Available!
New Demo version includes new intelligent algorithms for detection of blind SQL-injection vulnerabilities in ANY (including custom) web-applications.

 

Go to Demo Download page

 

 

 

Advanced Computer Forensic training

The Advanced Computer Forensic Techniques (ACFT) course was designed to train corporate and law enforcement investigators in the advanced elements of computer forensics. The main focus of the advanced course is to help digital investigator identify information that is not readily or easily available. The ACFT follows the guidelines set forth in the CFED course and is taught in a hands-on, interactive training environment. This course is designed for the computer forensic savvy investigator that has had previous training or who has been working in the field. Students attending this class must have a firm understanding of conducting a proper computer forensic examination.

 

Manual Data Carving

 

Students will learn to manually carve numerous file types out of digital evidence. In addition to the common image files such as JPEG and GIF, students will learn to identify and successfully carve Word documents, spreadsheets and numerous other file types out of raw data. Students will also learn to visibly identify and include the slack space associated with those files. As well as handle many File Systems like MAC, EXT2, EXT3 and More.

 

Advanced Acquisition

 

This section will cover advanced data acquisition techniques in complex networked environments. As a digital investigator you will run across occasions when it is not feasible to shut down a system. Students will learn to map a basic network diagram and create an acquisition plan that will be the least intrusive to the operating environment.

 

Topics Include:

 

bullet

Back Up Tapes
bullet

Evidence Preservation
bullet

Testifying on Electronic Evidence
bullet

Acquiring Mail Servers (Notes, Exchange)
bullet

Acquiring Database Servers
bullet

Large Data Stores

bullet

Live Acquisition
bullet

Acquiring Specialized Systems (SAS, PeopleSoft, etc.)

bullet

Mainframe Basics and Acquisition Techniques

 

Computer Forensics Lab Setup

 

Students will learn the requirements of setting up, maintaining and operating a computer forensic lab. This section will cover the physical requirements, Standard Operating Procedures (SOP), Access Control List (ACL) and Auditing. This section will also give the students a realistic look at the forensic hardware, software and peripherals to ensure maximum capability. Media storage, safeguards and lab specs are covered to ensure the integrity of digital evidence.

 

 

Data Hiding and Digital Encryption

 

Students will learn the history of encryption and how encryption works in a digital environment today. This section will not only cover the most common forms of encryption, but will also expose students to techniques and tools to decrypt information that has been hidden.

 

Cryptographic Issues and Techniques for the Forensic Examiner

 

 

This section will cover readily available encryption techniques used in email, documents, disks and other information. There are multiple hands on exercises during this section where students will learn how to defeat common encryption schemes. This section will cover password protected items, Encrypted File Systems (EFS) and other common methods of encryption used to protect or hide data. Students will learn the most successful techniques to use when an investigator in confronted with these hurdles.

 

Topics Include:

  • Techniques for PGP

  • Handling EFS (Encrypted File System)

  • Preparing for WinFS

  • Protected Storage Areas

  • More..

Steganography

 

 

Students will learn the history of steganography and how it is used to hide data in a digital environment today. This section has a number of hands on exercises where the students will learn to hide data and how to detect data that has been hidden. Some of the techniques covered in the lesson will be embedded information in images and sound files and information may be hidden in the Alternate Data Stream (ADS) of the NTFS operating system. These are areas that are not easily detectable and must be reviewed manually by the investigator.

 

 

Advanced Windows Investigations

 

 

This section will take the students into the heart Microsofts operating systems. Students will learn how to effectively retrieve valuable information from the Microsoft Windows 98/NT/2000/ME/XP/2003 Server operating systems. Students will also learn the value of unique system identifiers that can link a suspect or computer system with an event or a particular object. This section will teach the students what historical data is contained with the system registry and where to locate that information.

 

 

Classes are limited in size and fill quickly please contact a training coordinator for availability.

 

We can also do custom curriculums and private classes in your facility or ours.


Please contact James Conwell for additional information.  James can be reached at

1-800-868-8189 or E-Mail Jim@evestigate.com


New York ° Washington, DC ° Tampa ° Los Angeles ° Chicago

Boston ° Miami ° Denver ° Albany ° San Francisco ° Los Angeles

Phone 1-800-868-8189
phone 727-287-6000

FAX: 727-287-6011
Copyright 2005 Global Digital Forensics