Forensics 408
For GIAC Certification
If you register for the full course, you may register to seek your GCFE Certification.
Students who attend a live SANS Training Event will receive access to the GIAC certification attempt approximately 7-10 business days after the last day of the event.
Additional information:
GCFE Information
GIAC FAQ
Fee Information
COSEINC, our Singapore Course Provider will be marketing this program locally. Note that Singapore Citizens and PRs must register via COSEINC for CITREP eligibilityCore Windows Forensics Part I - String Search, Data Carving, and Email Forensics
Tuesday, March 13, 2012 : 9am - 5pmChad Tilbury, SANS Certified Instructor
6 CPE/CMU Credits
Focus: Moving quickly from evidence acquisition, you will begin your investigation using cutting-edge tools that the pros use. Host, server, and webmail forensics the investigator will learn how to recover and analyze the most popular form of communication.
The day will begin with the analysis of electronic evidence using commercial and freely available toolkits packaged into the Windows SIFT Workstation. You will learn how to recover deleted data from the evidence, perform string searches against it using a word list, and begin to piece together the events that shaped the case. Today's course is critical to anyone performing digital forensics to learn the most up-to-date techniques of acquiring and analyzing digital evidence.
Email Forensics: Investigations involving email occur every day. However, email examinations require the investigator to pull data locally, from an email server, or even recover web-based email fragments from temporary files left by a web browser. Email has become critical in a case and the investigator will learn the critical steps needed to investigate Outlook, Exchange, Webmail, and even Lotus Notes email cases.
This course is very hands-on. Each investigator will acquire a disk image and begin analysis on a case that will utilize the skills presented throughout the day. This course is necessary for anyone looking to put to practice the skills they are learning daily.
Day 3 topics include:
- Forensic Tools
- Access Data's Forensic Tool Kit (FTK)
- Guidance Software's EnCase
- Freeware/Open source Capabilities
- Traditional Tasks Utilized Using the Forensic Tools
- Triage Techniques
- String/File Searches
- Automated Forensics
- Browsing Disks
- Recover Deleted Files
- Automated Recovery
- String Searches
- Dirty Word Searches
- Email Forensics
- How Email Works
- Locations
- Examination of Email
- Types of Email Formats
- Microsoft Outlook/Outlook Express
- Web Based Mail
- Microsoft Exchange
- Lotus Notes
- E-mail Analysis
- E-mail Searching and Examination
Day 2 exercises
- Recover deleted files
- Search for files or e-mails containing specific words related to a case
- Find e-mail evidence sent to a specific e-mail and IP addresses
- Detect Phishing Emails