Training Delivery - Classroom Training/Onsite

This course covers the skills and techniques involved in responding to a network security incident. The course focuses on the identification, extraction, and detailed examination of artifacts associated with network and intrusions. Memory analysis, host machine forensics, network traffic and log analysis, malware analysis, and virtual machine sandboxing are covered through lecture, discussion, and hands-on exercises. Additional topics include key cybersecurity concepts and issues, as well as the various classifications and types of network attacks.

This course covers the usage and configuration of two tools (Paladin/Autopsy and osTriage) designed to preview a non-mobile digital device and export files of evidentiary value. Day One is designed to preview a non-mobile digital device and export files of evidentiary value from a device that is powered on. Day Two is designed to preview a non-mobile digital device and export files of evidentiary value from a device that is powered off. Students who bring an external USB hard drive (32GB minimum) will be able to leave with the same setup shown in class. Other topics include a detailed examination of the process of previewing: what previewing is, why and when it should be done, who can conduct a preview, and differences in procedure for starting a preview depending on whether a device is on or off. * What is previewing? Learn why you should preview, who can perform a preview, when to conduct a preview, and how to start a preview whether a device is on or off. * Paladin/Autopsy. Forensically boot a device, then quickly preview and export digital evidence found on scene. * osTriage. Identify when encryption is present, image RAM memory, display browser history, preview and export existing files, and much more. * Hands-on experience. Work with Paladin/Autopsy and osTriage, and leave the course with the same setup shown in class.

This course covers the fundamentals of computer operations, hardware function, and configuration, as well as best practices for the protection, preservation, and imaging of digital evidence. Presentations and hands-on exercises cover topics such as partitioning, data storage, hardware and software write blockers, the boot-up and shutdown processes, live imaging, encryption detection, and duplicate imaging. This course incorporates computer forensic applications that experienced practitioners are currently using in the field.

This course covers the skills investigators need to conduct successful online investigations involving social media. Topics include internet basics such as IP addresses and domains, an overview of currently popular social media platforms, and best practices for building an online undercover profile. Instructors demonstrate both open-source and commercially available investigative tools for social engineering, information gathering, and artifacts related to social media, as well as automated utilities to capture information and crawl websites.