Data breaches and advanced intrusions are occurring daily. Sensitive data and intellectual property is stolen from systems that are protected by sophisticated network and host based security.
A motivated criminal group or nation state can and will always find a way inside enterprise networks. In the commercial and government sectors, hundreds of victims responded to serious intrusions costing millions of dollars and loss of untold terabytes of data.
Cyber attacks originating from China dubbed the Advanced Persistent Threat have proved difficult to suppress. Forensics 508 will help you respond to and investigate these incidents.
This course will give you a firm understanding of advanced incident response and computer forensics tools and techniques to investigate data breach intrusions, tech-savvy rogue employees, advanced persistent threats, and complex digital forensic cases.
Utilizing advances in spear phishing, web application attacks, and persistent malware these new sophisticated attackers advance rapidly through your network. Incident Responders and Digital Forensic investigators must master a variety of operating systems, investigation techniques, incident response tactics, and even legal issues in order to solve challenging intrusion cases. This course will teach you critical forensic analysis techniques and tools in a hands-on setting for both Windows- and Linux-based investigations.
Attackers will use anti-forensic techniques to hide their tracks. They use rootkits, file wiping, timestamp adjustments, privacy cleaners, and complex malware to hide in plain sight avoiding detection by standard host-based security measures. Everything leaves will leave a trace; you merely need to know where to look.
Learning more than just how to use a forensic tool, by taking this course you will be able to demonstrate how the tool functions at a low level. You will become skilled with new tools, such as the Sleuthkit, Foremost, and the HELIX3 Pro Forensics Live CD. SANS hands-on technical course arms you with a deep understanding of the forensic methodology, tools, and techniques to solve advanced computer forensics cases.
Fight crime. Unravel incidents…one byte at a time.
You will Receive with this Course
Free SANS Investigative Forensic Toolkit (SIFT) Advanced
As a part of this course you will receive a SANS Investigative Forensic Toolkit (SIFT) Advanced, you will gain first-hand experience in collecting and analyzing evidence recovered from a system under investigation.
The toolkit consists of:
- F-RESPONSE TACTICAL
- TACTICAL enables investigators to access physical drives and physical memory of a remote computer via the network
- Able to use any tool to parse the live remote system including the SIFT Workstation
- Perfect for Intrusion Investigations and Data Breach Incident Response situations
- Hard Drive USB mini adapter kit for SATA/IDE hard drives 1.8″/2.5″/3.5″/5.25″ (Read and Write)
- SANS VMware based Forensic Analysis Workstation (SIFT Workstation)
- Best-selling book “File System Forensic Analysis” by Brian Carrier
- Helix3 Pro that will be individually licensed to each student.
- Course DVD loaded with case examples, tools, and documentation
Who Should Attend
- Incident Response Team Members who are responding to complex security incidents/intrusions from sophisticated threats
- Computer Forensic Professionals who want to solidify and expand their understanding of file system forensic and incident response related topics
- Law enforcement officers, federal agents, or detectives who want to master computer forensics and expand their investigative skill set to include data breach investigations, intrusion cases, and tech-savvy cases
- Information security professionals with some background in hacker exploits, penetration testing, and incident response
- Information security managers who would like to master digital forensics in order to understand information security implications and potential litigation related issues or manage investigative teams
- Anyone with a firm technical background who might be asked to investigate a data breach incident, intrusion case, or investigates individuals that are considered technical savvy