The MPLS-OPS Archive

Cell Relay Retreat>MPLS-OPS Archive>month:2006-Mar> msg00015



[Date Prev][Date Next][Thread Prev][Thread Next]  
  [Date Index][Thread Index][Author Index][Subject Index]

Computer Forensics and Electronic Discovery Seminar

  • From: Ken Rowe <info@news.chiefsecurityofficers.com>
  • Date: Sun, 5 Mar 2006 20:47:48 GMT

Title: Computer Forensics and Electronic Discovery Seminar

This one-day seminar is designed for attorneys , paralegals, and legal staff.

 
Continuing education credit: NALA 0.70, IACET 0.65, AZ CLE 6.50
 

Computer Forensics and Electronic Discovery in Arizona
ID# 365517
Scottsdale, Arizona
March 23, 2006
Camelback Golf Club
7847 North Mockingbird Lane   

Call 866-352-9539 or go to www.lorman.com to register.

Faculty

Chief Security Officers

Russell Rowe
Benjamin Stephan
John Riding

Agenda

9:00 a.m. - 9:45 a.m.
I. Overview: What Is Computer Forensics And Why Is It Important?
	A. Identity Theft
	B. E-Commerce Fraud
	C. Intellectual Property
9:45 a.m. - 10:30 a.m.
II. Computer Processing And Concepts
	A. Anatomy Of The Machine
		1. Hardware And Peripherals
		2. Operating System
		3. The Boot Up Sequence From Start To Finish
	B. Data: It Is All 1’s And 0’s
		1. Complex Storage Devices
	C. Does Deleting Really Make It Go Away?
10:30 a.m. - 10:45 a.m.
	Break
10:45 a.m. - 11:15 a.m.
III. Forensics Tool Bag
	A. Software
		1. Encase
			a. Servlets
		2. Forensic Tool Kit
		3. Password Crackers
			a. Cain And Abel
			b. PWL Files
		4. Steganography
	B. Hardware
		1. Write Blockers
			a. Fastbloc
		2. Boot Disks
11:15 a.m. - 12:15 p.m.
	Lunch (On Your Own)
12:15 p.m. - 1:00 p.m.
IV. On The Scene: How To Handle Onsite Investigations From Intro To Acquisition
	A. Permission And Privacy
	B. Logging And Labeling
		1. Computer Connections And Components
		2. A Picture Speaks A Thousand Words
	C. Don’t Touch It, You’ll Corrupt It
		1. Proper Shutdown Sequence
		2. BIOS Check And The Boot Sequence
	D. Art Of Acquisition
		1. Drive To Drive
		2. Network Cross Over Cable
	E. Onsite Triage
1:00 p.m. - 2:30 p.m.
V. Cyber Evidence: What Tracks Are Left Behind And How Do We Find Them?
	A. Partition Recovery
	B. File Signature Analysis
	C. Hash Sets
	D. Recovering Deleted Files And Folders
		1. Info2 Records
	E. OS Artifacts
		1. Link Files
		2. Printer Spools
		3. Temporary Files And Folders
	F. Images
		1. Gallery Review
		2. Yoya And Image Headers
	G. Complex Files
		1. Compressed Files
		2. Complex Documents
2:30 p.m. - 2:45 p.m.
	Break
2:45 p.m. - 3:45 p.m.
VI. Internet Evidence
	A. E-Mail Evidence
	B. Outlook PST Files
	C. Webmail
	D. Base64
	E. History
	F. Cookies
	G. Temporary Internet Files
	H. Images
3:45 p.m. - 4:30 p.m.
VII. User Profiling
	A. Putting The Pieces Together
	B. Rebuilding The User
4:30 p.m. - 5:00 p.m.
VIII. Questions And Answers
If you don't wish to receive any more invitations for Chief Security Offices reply to this email with "Unsubscribe" in the Subject Line

Chief Security Officers
14301 N. 87th Street
Suite 215
Scottsdale, Arizona 85260
888-237-3899