Certified Professional Forensic Analyst (CPFA) |
| Certified Professional Forensic Analyst (CPFA) |
|
The term cyber-crime no longer refers only to hackers and other external attackers. Almost all every case of financial fraud or employee misuse involves a very strong element of computer-based evidence.
NII Consulting has been providing professional computer forensics services to clients for the past four years. It now brings together its consolidated expertise into a three-day hands-on workshop on Certified Professional Forensic Analyst (CPFA).The entire workshop is driven by hands-on exercises and case studies to ensure that all aspects have a real-life scenario-based approach. |
| Key Benefits |
This program addresses the key questions of:
- What should one do when there is a suspicion of a computer-based crime?
- What tools and techniques are most likely to yield the right set of clues?
- How should the investigation be carried out such that it can be presented in a court of law?
- Hands-on practice with the worlds’ leading forensics tool – Encase
- Helps you prepare for the SANS GCFA and EC-Council’s CHFI
- Become a IIS Certified Forensics Professional (ICFP)
|
| Who should attend this course? |
- Auditors and financial fraud examiners
- Chief Security Officers and Chief Technology Officers
- Professionals seeking a career in computer forensics and cyber crime investigations
- Security and Network Administrators
|
| Course Outline |
|
Computer Crime – Case Studies Threat Scenarios
- Hacking Incidents
- Financial Theft
- Theft of Identity
- Corporate Espionage
- Email Misuse
- Pornography
|
|
Introduction to Incident Response and Computer Forensics
- Pre-Incident Preparation
- Detection of Incidents
- Initial Response Phase
- Preserving “Chain of Custody”
- Response Strategy Formulation
- Evidence Collection and Analysis
- Defining Evidence
- Forensically Sound Evidence Collection
- Evidence Handling
- Host Vs Network Based Evidence
- Online Vs Offline Response
- Digital Forensics - Putting on the Gloves
- The 6 A's
- The Investigative Guidelines
- Disk-based Forensics Vs Network-based Forensics
- Reporting the Investigation
|
|
Introduction to Network Forensics
- Network Devices
- Introduction to Log Analysis
- Analyzing Snort and Firewall Logs
- Analyzing Apache, IIS, Squid Logs
- Network Intrusion Case Study
- Using Tcpdump, Snort, Tcpdstat, argus, tcpflow, tcptrace
|
|
Evidence Collection and Analysis - Introduction to Live response
- The Do’s and the Don’ts
- Windows Live Response
- Linux Live Response
|
|
Data Acquisition / Disk Imaging
- Learning the rope – the essentials
- Risk Imaging using Linux ( dd, sdd, dcfldd) and Netcat
- Disk Imaging using Encase, Helix Bootable disk
|
|
Forensics Analysis of the Evidence
- Analysis using Helix
- Basic and advanced analysis using Encase v5 Forensic edition
|
|
Forensics Analysis - Internet Misuse - Browser Forensics
- Understanding Browser history artifacts
- Browser Forensics
- Using Encase
- Using Netanalysis, WebHistorian
|
|
Digging Deep into the Cyber World - Email and Website Tracing
- Using SmartWhois, Neotrace
|
|
Windows Registry Forensics
- Understanding Registry structure
- Understanding MRU lists
- Understanding UserAssist
- Registry Forensics using ENCASE
|
|
Malicious Binary Analysis
- Using IDA freeware
- Using strings.exe
- Using BinText
- Using Regmon, Tcpmon
- Using Peid
|
|
Documenting the Investigation |
|
Forensics Challenge Case Study |
|
A peek into the Indian Cyber Law
|
|
Tools Used
- Encase Forensic edition
- Helix Bootable CD
- The Coroner’s Toolkit
- Tcpdump
- Snort
- Tcpdstat
- Argus
- Tcpflow
- Tcptrace
- Ethereal
- Neotrace
- Smartwhois
- Peid
- NetAnalysis
- Web Historian
- Bintext
- IDA freeware
|
