EnCase® V6 Net. Intrusion Investigations
| From Date | To Date | Location | Status | Action |
| Contact FDR for next available course date. | ||||
| Tuition : | $3,095.00USD (US residents attending training in Canada -HST Tax applied to cost of tuition) |
| Training Level : | Expert |
| Credits : | 32 |
| Who Should Attend : | This course is intended for corporate and government/law enforcement investigators, legal professionals and network security personnel. Incident response supervisors and team members are encouraged to attend, as are individuals working in a penetration testing or network intrusion investigation role. An understanding of the concepts of computer forensics and familiarity with the EnCase® forensic software is required. Knowledge of computer networking hardware, protocols, and concepts is helpful, but not required. Class curriculum is designed to provide a good understanding of network security and intrusion investigation issues, both from a forensic and intruder perspective. Course Syllabus |
| Prerequisites : | EnCase® Computer Forensics II course, or EnCE Certification. Students should have a good understanding of network topology and TCP/IP. Advance preparation for this course is not required. |
| Note : | Each student must bring their own laptop. Minimum laptop requirements will be provided at time of registration. |
|
This live course is designed for investigators who want to learn more about Network Intrusions, the tools commonly used by attackers and the forensic artifacts commonly left behind. This course not only goes into the technical aspects of network intrusions, it also discusses the methodology commonly used by attackers. The course will begin with an overview of networking protocols and then quickly jump into session hijacking, network traffic capturing and the importance of collecting volatile data, which may contain significant forensic artifacts. The course combines forensic examinations with live response in a network environment. Students learn how to examine a compromised server or workstation in the field to obtain log files and forensic images of hard disk drives. Students examine server log files and forensic artifacts for evidence of the attacker's methods and activities. Students will perform many of the discussed attacks on a mock victim machine and then examine the machine using EnCase® to identify the artifacts they left behind when they performed the attack. Many different types of tools and programs will be discussed to get the investigator familiar with not only the methods used to gain unauthorized access, but what tools are commonly associated with those types of attacks so they can be readily identified during a forensic examination. Students will utilize and discuss a variety of tools, including the EnCase® Enterprise Edition (network version) and Network Intrusion EnScripts, for live incident response and collection of volatile data important to network intrusion investigations. Students will also discuss the use of the EnCase® Enterprise Edition for internal investigations over an organization's Local Area Network. FDR is the authorized Canadian training partner for Guidance Software Inc., delivering EnCase® training in Canada. FDR's team of Guidance Software Inc. EnCase Certified Examiner (EnCE)-certified instructors have trained hundreds of students, supporting their skill development in computer forensics and progression to obtain their EnCE designation. |
|
FDR Forensic Data Recovery Inc.
FDR - Canada's leader in digital forensics products and training. FDR consistently supports best practices in the preservation, recovery, analysis and court-ready reporting of digital evidence.
Training Information
Course Schedule & Registration
Payment & Cancellation Policy
Training Delivery at Your Location
Contact FDR
Toll-free 1.866.381.9700
