A "best in the nation" program requires best in the world training equipment from VAL-TEC.

   877-244-3769 (toll-free)   val-tec@val-tec.com                                                 .Computer Forensics                                 VAL-TEC, LLC.

Home
Justin's Jesus
Control&Instrumentation
1750 1760 Transducers
Microprocessors
Hydrid Vehicle Systems
Cutaways
F1 in Schools CNC
Interactive Whiteboard
Science
Virtual Reality
Student Response System
Sustainable Energy
ECO STEM
Green Construction
STEM
SCORM
Custom Furniture
RFID
CNC
Reverse Engineering
Automotive
Truck & Diesel
Military Training
Autotronics
Distance Learning
Life Science
VoIP
Wind Energy
Solar
Solar Tracker
Sustainable Technology
Bio Fuels
Oil Extractor Press
Green Technology
Fuel Cell
PLC Trainers
Transducers
Mechanical Engineering
HVAC-R
Pre-Engineering
Elementary Education
Academic Support
Fluid Power
Instrumentation
Electronics
Nuclear Engineering
Computers & IT
Computer Forensics
Graphics & Media
Wind Cutaways
Newsletter
Grants

 

 

Computer forensics deals with the preservation, identification, extraction and documentation of computer evidence. Evidence exists on computers in many places and formats. In addition to evidentiary documents themselves, operating systems and programs leave a vast array of evidentiary artifacts that can be used to establish the guilt or innocence of accused parties. Computer forensics has been described as the autopsy of a computer hard drive because specialized software tools and techniques are required to analyze the various levels at which computer data has been stored after the fact.

Computer forensics, once a discipline restricted to a small group of law enforcement officers, is now a booming business. Demand for services is exploding as electronic evidence becomes widely used in court, and as companies become concerned about the use of computer networks for corporate spying and other mischief. Gain the knowledge and skills needed for this technology with Heathkit’s Computer Forensics course.

 

Heathkit...the industry ’s leading company.

 

 

Computer Forensics

 

Course Objectives

 

After you complete this course,

you will be able to:

 

Ø        Properly preserve data on a suspect computer.

 

Ø        Demonstrate the correct procedure for seizing and processing a computer system.

 

Ø        Produce forensically clean target media on which to image the suspect machine’s

 

Ø        Make an image (an evidence-grade backup) of the suspect drive for further analysis.

 

Ø        Authenticate that the image is an exact copy of the suspect drive.

 

Ø        Explain how the recycle bin works and explore the forensic evidence trail that it leaves behind.

 

Ø        Identify past Internet activity by examining cookie files, browser history, etc.

 

Ø        Identify names of individuals previously associated with the suspect computer.

 

Ø        Recover deleted files.

 

Ø        Recover data from a freshly formatted disk.

 

Ø        Recover data from unallocated clusters.

 

Ø        Recover data from disk space that is not currently partitioned.

 

Ø        Recover data from bad clusters.

 

Ø        Recover data from Slack Space on a hard drive.

 

Course Objectives

(continued)

 

Ø        Recover data from RAM slack.

 

Ø        Determine who is sending you spam.

 

Ø        Capture a virus for analysis.

 

Ø        Break a weak password.

 

Ø        Find a password in RAM.

 

Ø        Forensically match a floppy diskette to particular computer. Prove that a particular computer placed information on a floppy disk.

 

 

Ø        Forensically match a particular TCP/IP frame to a particular computer.

 

Ø        Conduct a forensic search using targeted strings of text.

 

Ø        Conduct computer usage timeline analysis.

 

Ø        Demonstrate how to permanently delete sensitive data and validate that the data no longer exists.

 

Ø        Break encryption schemes.

 

Ø        View multiple CD-R sessions and unclosed CD-R sessions.

 

Ø        Retrieve data via Google Desktop.

 

Ø        Examples of “Event Time Bounding” to overcome objections of time sharing.

 

Exercises

 

1. Looking for Evidence in Obvious Places

 

2. Examining Time Lines

 

3. Looking for Evidence in not so Obvious Places

 

4. The Recycle Bin

 

5. The Forensic Software Suite

 

6. Working with Hashes

 

7. Working with Floppy Disks

 

8. Seizing a Computer System

 

9. Defeating the Bios Password

 

10. Defeating the Administrative Password in Windows XP

 

11. Seizing and Processing a Computer System

 

12. Making an Evidence-Grade Image of a Suspect’s Hard Drive

 

13. Examining the Directory and File Structure of the Hard Drive.

 

14. File Space vs. Slack Space

 

15. Finding Information in Legitimate Files

 

16. Finding Information in Slack Space

 

17. Examining the Windows Dump Files

 

18. Exploring Steganography - Part I

 

19. Exploring Steganography - Part II

 

20. Introduction to Live Forensics

 

21. Preparing Bootable Media

 

22. Accessing the Suspect Machine

 

23. Examining Live RAM

 

 

 

 

 

 

Advanced Learning Solutions

Duane Brindle       *       VAL-TEC, LLC       *       877-244-3769 (toll free)         *           fax: 866-597-1101 (toll free)  Locations of visitors to this page

        Send mail to val-tec@val-tec.com  with questions or comments about this web site.