 |
2008 Dates
June 24-26, 2008 (CIC Bldg. Pittsburgh, PA)
Course Registration
Software Engineering Institute
Carnegie Mellon University
Pittsburgh, PA 15213-3890
Phone: 412 / 268-7388
FAX: 412 / 268-7401
Questions: courseregistration@sei.cmu.edu
To Register: Click Here
This course
may also be
offered by arrangement at customer sites. E-mail
training-info@cert.org or call +1 412-268-9564 for details.
*Course dates and fees are subject to change.
|
U.S.
Course Fee:
Industry: $1725
Government: $1380
Academic: $1380
Lab Fee:
$350 per person
International
Course Fee:
$3450
Lab Fee:
$350 per person
Register for
2008 Dates
|
| |
This three-day course comprises three components: lecture, student labs, and team scenarios. It is designed for technical staff who administer and secure information systems/networks. This course will provide participants with a fundamental understanding of the computer forensics process, and develop first responders' basic forensic best practices.
The lecture aspect of this course covers four areas over the first two and a half days: U.S. cyber laws and how they affect information security; building/testing safe tool sets; collecting volatile data; and collecting persistent data. There will be labs accompanying each lecture that provide hands-on opportunities to practice methods and techniques. The lab topics include building a safe data collection tool set, collecting and analyzing volatile data, and locating and recovering persistent data. Students will have an opportunity to use Helix, Knoppix-std, sleuthkit/autopsy, dd, ps-tools, and many other forensics tools during class.
The capstone exercise will use a two-part computer forensics scenario to incorporate the information presented during the lectures and the skills learned during the labs. First, students will be organized into teams and tasked with determining the nature and extent of a suspicious IDS Alert within a running networked environment. Each team will have to make a preliminary assessment, determine if any subsystems are affected, collect supporting information, and, when appropriate, enact remediation strategies. Next, the teams will be presented with a questionable email that was forwarded by a "concerned employee." The teams will be tasked with collecting relevant host and network information for an internal investigation.
|
| |
AUDIENCE
Technical staff members who manage or support networked information systems and have
- two years of practical experience with networked systems or equivalent training/education
- six months of security administration experience
- strong background in data networking with some specific Unix or Windows system administration experience
PREREQUISITES
Before registering for this course, it is recommended that participants complete the Advanced Information Security for Technical Staff course or have equivalent training or experience.
TOPICS
- US cyber law and cyber security
- Understanding the impact of computer forensics
- Fundamentals of analyzing and building trusted tools sets
- Understanding volatile data
- Remote collections of volatile data
- What is persistent data and how is it affected?
OBJECTIVES
- understand how US cyber laws affect system and network administrators
- understand the challenges of admissibility of electronic data
- build and document a tested tool set
- examine the fundamentals of file system and basic computer forensic techniques
- collect and analyze volatile data from a remote system
- analyze Web artifacts on a forensic image
LOGISTICS
Class Schedule
This three-day course meets at the following times:
Days 1-3, 9:00 a.m.-5:00 p.m.
Hotel and Travel Information
Information about traveling to the SEI offices is available on our Travel and Lodging Web pages.
Questions about this course?
Please see our
Frequently Asked Questions
Web page for answers to some of the more common inquiries about SEI Education and Training.
If you need more information, contact us via e-mail at training-info@cert.org or telephone at +1 412-268-9564.
|
