H11 Digital Forensics.com
EnCase Network Intrusion Investigations - Certified EnCase Training
EnCase Network Intrusion Investigations - Certified EnCase Training
Click on the following link for dates, times, and locations.
This hands-on course is designed for investigators who want to learn more about network intrusions, the tools commonly used by attackers, and the forensic artifacts left behind. This course goes into not only the technical aspects of network intrusions, but also discusses the methodology commonly used by attackers. The course will begin with an overview of networking protocols and then quickly address topics such as session hijacking, capturing network traffic, and the importance of collecting volatile data (which can contain significant forensic artifacts).
The course combines forensic examinations with live response in a network environment. Students learn how to examine a compromised server or workstation in the field to obtain log files and forensic images of hard disk drives. Students examine server log files and forensic artifacts for evidence of the attacker's methods and activities. In addition, this course covers several aspects of Trojan virus infection, as well as how investigators and examiners can combat the Trojan virus defense (“It wasn’t me!”).
Students will take part in real-world scenarios by performing several different types of attacks on a mock victim machine and then examining the victim computer using EnCase to identify the artifacts they left behind by the “attacker.” Many different types of tools and programs will be discussed and used during the course to familiarize the investigator with common tools and methods used to gain unauthorized access, and how those tools and methods can be readily identified during a forensic examination.
In addition to the various “hacker” tools, students will also utilize and discuss a variety of forensic tools, including the EnCase Enterprise Edition (network version) and network intrusion EnScripts® for live incident response and collection of volatile data important to network intrusion investigations. Students will also discuss the use of the EnCase Enterprise Edition for internal investigations over an organization's Local Area Network.
