| |
A Survey of Computer Forensics Tools and Techniques
Mark Spencer
Director, Computer Forensics
Evidentdata Inc.
Brief Presentation Overview:
Selecting the right tools and applying them properly is critical in any investigation involving computers. In the last few years an impressive array of hardware and software tools have been made available to computer forensics investigators, which begs the question, “How does one choose?” In this course, instructor Mark Spencer will draw upon his extensive experience in both the public and private sectors to help clear away the confusion regarding which tools should be applied to set the stage for successful investigations. During this two-day course, students will be exposed to tools from vendors that include Guidance Software, AccessData,Paraben, Technology Pathways, Digital Detective, Sandstorm Enterprises, BlackBag Technologies and open source developers—all designed to forensically tackle different types of systems. From workstations, servers and networks, to e-mail stores and wireless technologies, each system will be explored.
This class is designed to give attendees the knowledge necessary to select and implement the best computer forensics tools in their environments.
Key Objectives:
- Exposure to a variety of computer forensics tools
- Learn to analyze data from many types of systems in a forensically sound manner
- Obtain a better understand of the tools you need and how to best apply them
Key Take-Aways:
- Evaluation versions of commercial computer forensics tools and the latest open-source information security and computer forensics tools.
|
Day One:
Acquisition — Acquiring data in a forensically sound manner. Acquisition methods covered will include disk-todisk, disk-to-crossover cable and live system-to-network. Also PDAs, cell phones, flash memory and Macs. Analysis — Sifting through large volumes of electronic data to find useful evidence. File systems, e-mail, backup tapes, Internet browser histories, peer-to-peer databases, Microsoft Windows registry and event files, “hidden” metadata, encryption, evidence elimination and more.
Day Two:
Network forensics — Capturing and analyzing network communications. Network forensic analysis tools (NFATs) and open source software. Wireless forensics — Capturing and analyzing wireless communications. Building low-cost wireless forensics platforms utilizing high-powered wireless cards and open source software. Volatile data incident response — Determining whether volatile data on live systems may be of interest and how to extract that data in a forensically sound manner. Dumping the contents of Random Access Memory (RAM), exporting metadata regarding running processes and network connections, dealing with encrypted volumes and more. Reporting — Basic elements of effective reports, interactive reports that educate and impress and importing data into litigation management software.
Prerequisites: n/a
|
|
