Autorizácie

  • Oracle
  • ForgeRock
  • symantec
  • gurulabs
Newsletter

Chcete dostávať od nás najnovšie informácie? Pošlite nám svoj email.

Computer Security Forensics and System Recovery (SC-410)

ID kurzu : SC-410 Trvanie kurzu : 4 dni

The Computer Security Forensics & System Recovery course provides industryprofessionals with the knowledge and advanced technical skills necessary toperform a forensic investigation on Solaris 9 Operating Systems (Solaris9 OS). This course equips students with the data collection, datapreservation, and analytical skills necessary to investigate potentiallycompromised systems, knowledge of common attacks, and preparation for workingwith a legal investigation. System recovery and hardening is covered from the perspective of the role ofthe systems administrator in enabling the site to resume operations in apotentially hostile environment. The primary focus of this course is technical analysis, but it peripherallyincludes general aspects of legal procedure not specific to any particularjurisdiction, but following industry best-practices. This includesappropriate evidence-gathering techniques, securing an incident scene,maintaining chain of custody, documentation of forensic analysis, andpreparation to respond to security intrusions in adherence to local incidentresponse policies and procedures. Recent legislation in the United States,such as the Sarbanes-Oxley Act, Health Insurance Portability and AccountingAct (HIPAA), and Gramm-Leach Bliley Act, mandates internet technology (IT)security control policies and procedures take legal issues into account forcertain industries. This can affect how a forensic investigation proceeds byrequiring that law enforcement be informed of certain security breaches.This course includes real-world exercises that provide hands-on experiencein computer forensic analysis.



Vyberte dátum

ID kurzu :
SC-410

Cena
Na požiadanie

Trvanie kurzu
4 dni

Objednať

Who Can Benefit

Students who can benefit from this course include IT professionals who arerequired to perform technical analysis of Solaris OS Systems for potentiallegal proceedings. This includes systems administrators, law enforcementinvestigators, and technical support engineers. The techniques are alsobeneficial to those who might not be seeking legal action, but want greaterunderstanding of tools and techniques for analyzing Solaris OS systems.This includes system administrators and systems programmers who mightutilize these techniques for system and software debugging.

Prerequisites

To succeed in this course, students should be able to:

  • Install and configure a Solaris OS system
  • Perform system administration functions, such as backups, restores, user account management, and file system management.
  • Perform network administration functions, such as tracing networking connections, network routes, and configuring network services.

Skills Gained

  • Describe the roles of forensic investigators and outline the computer forensic process
  • Identify elements of Incident Response policies and procedures that effect the computer forensic process
  • Describe indicators of a system compromise and intrusion response tasks
  • Use forensic tools and commands to gather evidence without damaging it
  • Describe how evidence is collected and secured with integrity certified
  • Restore a compromised system to operation and identify additional security measures to protect against repeat attacks
  • Understand methods and motivations of attackers
  • Describe the features of a forensic system
  • Use file timestamps to assist in computer forensic analysis
  • Use native Solaris OS tools and third-party tools, such as The Coroner's Toolkit, for forensic analysis

Course Content

Module 1 - Computer Forensics Overview

  • Define the computer forensics process
  • Describe the elements of the computer forensics process

Module 2 - Security Policies and Procedures

  • Describe why security policies and procedures need to be developed
  • Define the characteristics of an incident response policy and how it relates to forensic examination
  • Define the characteristics of an incident response procedure and how it relates to forensic examination

Module 3 - Security Compromise Detection and Identification

  • Identify indicators of a possible system compromise
  • Describe intrusion response tasks and roles

Module 4 - Computer Crime Scene Investigation

  • Describe fundamental crime scene investigation procedures
  • List the forensic tools and commands used at a crime scene
  • Describe how evidence is collected and secured

Module 5 - System Recovery

  • Describe the steps for platform reinstallation
  • Describe authentication mechanisms that must be changed after an attack

Module 6 - Mitigating Risk While Resuming Operations

  • Describe issues involved with system and network monitoring
  • Describe some additional security measures to protect against repeat attacks

Module 7 - Analyzing Typical Attack Patterns

  • Describe the methods used in remote attacks
  • Describe the methods used for obscuring remote attacks

Module 8 - Building the Forensic System

  • Explain why a forensic system is used
  • Describe the features of a forensic system

Module 9 - Filesystem Forensics

  • Use file timestamps in computer forensics
  • Describe obscure filesystem tools

Module 10 - Forensic Commands and Tools

  • Describe native commands and tools that are used in forensic examination
  • Describe third-party tools that might be used in forensic examination