Computer Forensics for the Security Practitioner

September 2-3, 2010 Cancelled
Arlington, VA

Registration: 8:00 AM
Program Starts: 8:30 AM
Wrap-Up: 4:30 PM

Course Materials, continental breakfast (coffee and pastries) and refreshments included.

About This Training:

Accidental/intentional destruction of data, hardware failure or cyber attacks can happen at any time and you may be called upon to respond, investigate, document, handle, and escalate the analysis to a formal investigation. In this two day hands-on workshop, you'll consider when investigations are appropriate or warranted, and learn how and when to recover lost or deleted information from the Recycler Bin (Info2 file), Disk Directory/Master-File-Table and hard drive free space, and how to examine the operating system artifacts that connect the user to the actions taken on the computer (including event logs, SID info, link files, pre-fetch files, auto-complete files, email NK2 files, index files, external devices attached and much more).

The workshop will include a hands-on investigative scenarios and attendees will be provided with awareness, training and tools to locate and properly examine important user and operating system sources of information. This course material is often taught to law enforcement personnel.

This training is for the individual who will respond to actual or suspected cyber incidents involving sensitive data. It will outline the role of the system administrator or security practitioner in the investigation and prosecution of cyber crimes.

This training is a HOW To program on evidence preservation and computer forensics. It IS about the development of hand on knowledge for the system administrator or security practitioner.

What You Will Learn:

  • Forensic processing
  • Procedural guidelines for analysis of information
  • To avoid common pitfalls in the investigative process
  • To acquire a forensic image
  • What is the chain of custody, and what does it mean to investigator within the first few hours/minutes of a known or suspected event?
  • A basic understanding of disk structures
  • Recovery of data from Recycler Bin (info2 file), Directory/Master-file-Table and Hard Drive unallocated space
  • The tools and methods to examine operating system and application artifacts
  • Examine link, pre-fetch and USB-store files to determine what external devices have been attached
  • Examine Outlook NK2 and PST email artifacts and Outlook Express DBX and older MDX files

As part of the course you will receive the necessary shareware/freeware tools to conduct the required analysis.

Who Should Attend:

  • System Administrators
  • Security practitioners
  • IT
  • Data Center
  • Data Storage
  • Citizen Records Managers
  • Chief Technology Officers and Staff
  • Computer Security Officers and staff
  • Program Managers
  • Law Enforcement Community that are responsible for investigations involving computers and electronic devices
  • Homeland Defense and First Responder Communities
  • Legal Staff involved in technology and technology related cases
  • Inspector General Staff

Agenda:

To be announced

Registration Info:

Registration Fee:

  • Government (Federal, State/Local and Retired Military with valid ID): $799 per person
  • Small Business: $849 per person
  • Large Business: $899 per person

Registration Options:

This course date has been cancelled. Please see our other open courses on our website.

Registration and Cancellation Policies:

Because class size is limited, we recommend you register early to guarantee your place in the class of your choice.

Payment Options:

Registrations are payable by credit card (Visa or MasterCard) or Government Purchase Order. Government Horizons has the right to refuse registration to any attendee at any time.

Registration Confirmation:

Your registration will be confirmed via email approximately three weeks prior to the class start date. If the class is full or has been rescheduled, you will be notified via email by our Customer Service Department.

Cancellation Policy:

Substitutions are permitted up to the start of the course. If you cancel your registration ten (10) business days prior to the course start date, your tuition will be refunded minus a $100 processing fee. If you cancel less than ten (10) business days prior to the course, you will be responsible for the full tuition and will receive a transfer voucher to be used toward a future Government Horizons course. Cancellations must be made in writing (email or fax) directed to the Customer Service Department. If you fail to attend the course without advanced notification, you will be responsible for the full tuition.

Note:

Please do not make nonrefundable travel reservations before you receive our confirmation notification. Government Horizons does not include accommodations and/or meals in your tuition fee.

Contact Us:

Location:

Location Address:

Arlington Court Suites Hotel
1200 N. Courthouse Road
Arlington, VA 22201
703-524-4000
www.arlingtoncourthotel.com

Located just one mile from the District of Columbia, and four miles from Reagan National Airport. Arlington Court Suites Hotel is on Route 50 with easy, close access to Interstate 66 & 395. Located on metro stop: Orange Line Courthouse Station - 2 blocks from hotel (free hotel shuttle pickup from Courthouse Station Metro Stop by calling 703-524-4000 then dial 0 to access hotel's front desk upon your Metro arrival).

Transportation Resources:





Have a Large Staff to Train? Can't Make These Dates? Tight Travel Budget?


Government Horizons can provide this training, wherever and whenever you need, including on-site at your facility. Our staff will cost-effectively implement training customized to your needs. If you have a group of attendees (usually 15 or more), we can bring this course to you and help save you time, travel costs, and more!

To get started, request a proposal or schedule training, please visit our training request form.


Government Horizons - Home