Class Details

Price: $1,990

Course Includes:

  • Class exercises in addition to training instruction
  • Courseware books, notepads, pens, highlighters and other materials
  • Full breakfast with variety of bagels, fruits, yogurt, doughnuts and juice
  • Tea, coffee, and soda available all day
  • Freshly baked cookies every afternoon - * only at participating locations

This course teaches students how to recognize a hacker's tracks and uncover network-based evidence. The hands-on exercises include; Carving suspicious email attachments from packet captures, Using flow records to track intruders, Analyzing real-world wireless encryption-cracking attacks, Reconstructing a suspect's web surfing history, Uncovering NDS-tunneled traffic and Dissecting the Operation Aurora exploit. 

Get Your Group Trained for Less with Our Federal Training Dollars Savings Plan

Course Outline

Module 1: Introduction to the Field and Background

  • Introduction to Forensics
  • Overview of Computer Crimes
  • Lab: Applying the Daubert Standard to Forensic Evidence
  • Forensics Methods and Labs
  • Trends and Future Directions

Module 2: Tools and Methods

  • System Forensic Resources
  • Lab: Documenting a Workstation Configuration Using Common Forensic Tools
  • Collecting, Seizing, and Protective Evidence
  • Lab: Uncovering New Digital Evidence Using Bootable Forensic Utilities

Module 3: Types of Forensics

  • Email Forensics
  • Lab: Analyzing Images to Identify Suspicious or Modified Files
  • Windows Forensics
  • Recognizing the Use of Steganography in Image Files
  • Linux Forensics
  • Lab: Automating Email Evidence Discovery Using P2 Commander
  • Macintosh Forensics
  • Mobile Forensics
  • Lab: Decoding an FTP Protocol Session for Forensic Evidence
  • Peforming Network Analysis
  • Lab: Identifying and Documenting Evidence from a Forensic Investigation
  • Incident and Intrusion Response
  • Lab: Conducting an Incident Response Investigation for a Suspicious Login


Participants will do the following:

  • Identify the role of computer forensics in responding to crimes and solving business challenges
  • Examine system forensics issues, laws, and skills
  • Examine the purpose and structure of a digital forensics lab
  • Examine the evidence life cycle
  • Procure evidence in physical and virtualized environments
  • Examine the impact of sequestration on the evidence-gathering process
  • Collect evidence in network and e-mail environments
  • Examine automated digital forensic analysis
  • Report investigative findings of potential evidentiary value
  • Examine the constraints on digital forensic investigation