Get Real!
  

RealSchedule  »  Course Outline

To schedule, contact us at 972-865-2290, or email us at sales@realsolutionstraining.com



Course Number:   RS-CF
Course Title:  
Computer Forensics
Scheduled DatesRegister
   November 29 - December 3, 2010  This class is guaranteed to run!
   January 10 - 14, 2011  This class is guaranteed to run!
Know someone who  
needs this course?
  
Length:   5 Day(s)

Compare To:

Description:
This course is designed to equip government and corporate investigators with the skills needed to safely locate and secure computer evidence. Forensics concepts and procedural skills are reinforced with quizzes and challenging group participation exercises.


What you will learn:
  • This class is designed to introduce the student to concepts, techniques, and tools providing a solid foundation in concepts related to the investigation, preservation, and processing of computer based evidence.
Audience:



Prerequisites:
Outline:
  3. • Computer crime overview and raid considerations
  4. • Operating systems and file systems
  5. o Difference between an Operating System and a file system
  6. o File systems supported by DOS, Win9x and NTx
  7. o Why we still use DOS in forensics
  8. • MSDOS commands
  9. o Internal and external commands
  10. o Directory structure and “Path”
  11. o Navigating between partitions and directories
  12. • Hardware, BIOS and CMOS
  13. o Types of hardware encountered
  14. o Role of the BIOS and CMOS
  15. o Information of interest in CMOS
  16. • Configuring & connecting hard drives
  17. o IDE
  18. o SCSI
  19. o SATA
  20. • Physical drive structure
  21. o Cylinder, Head, Sector addressing
  22. o Logical Block Addressing
  23. • Partitions
  24. o Primary
  25. o Extended/logical drives
  26. o Hidden
  27. • Boot process & Drive letter assignment
  28. o DOS and Win9x
  29. • Write blockers
  30. o Software
  31. o Hardware
  32. o DI's write blockers
  33. • Creating a control boot floppy
  34. • Creating a duplicate image
  35. • Computer data
  36. o Bits/Bytes
  37. o ASCII
  38. o Hexadecimal
  39. • FAT file system
  40. o Formatting a logical drive
  41. o Changes that occur when a file is saved
  42. o Changes that occur when file is deleted and recovering deleted files
  43. • NTFS file system
  44. o Formatting
  45. o Changes that occur when a file is saved
  46. o Changes that occur when file is deleted
  47. • Forensic examination topics
  48. o Date and time information (FAT and NTFS)
  49. o Long filenames
  50. o Recycle Bin
  51. o File types
  52. o Key word searches
  53. o Encryption
  54. Symmetric
  55. Asymmetric
  56. Win2K/XP EFS
  57. o Compression
  58. PK archives
  59. NTFS built-in compression
  60. Carving from unallocated and slack space
  61. Final practical
 
  

Code development by the instructors of RealSolutions Training
Site design by Image Fusion