Information Risk Group LLC
Home Security Assessment Ethical Hacking Incident Response Litigation Support Training Contact  

In Technical Activities

Information Risk Group > Training > Classes

Classes

2006 Schedule
 Incident Response
 Basic Computer Forensics Advanced Topics in Computer Forensics
 Electronic Discovery - A Legal and Technical Perspective
Tampa, FL


October 16, 2006
Your Location

Offered by appointment only



Register now; early registration is encouraged due to class size restrictions.

To see an outline of a specific course click on one of the topics below.


Incident Response

Synopsis:  This class is designed to aid companies in the design, management and implementation of effective Incident Response Plans.  It provides a high level overview of  what is required  at a policy and procedure level.  Particular attention is placed on the development of Incident Response teams and their place within the organization.  This class is ideal for companies wishing to refine or create an Incident Response Team.

Duration:  1 day
Cost:  $475 / person
Audience:  Mixed - All levels of incident report staff from management to technician
Prerequisites:  None

Course Outline


I  - Introduction
II - Designing an Incident Response Plan
     A.  Creation
     B.  Organizational Models
     C.  Position Descriptions
     D.  Coordination
     E.  Specification
III - Incident Management
     A.  Declaration of an Incident
     B.  Management
          1.  Initial Assessment
          2.  Working the Incident
          3.  Communication
     C.  Incident Flow
     D.  Escalation
     E.  Evidence/Information Handling
IV - Incident Response Team
     A.  Operations
     B.  Functional
     C.  Business Continuity
V - Testing
     A. Case Study - External
     B. Case Study - Internal
VI -  Closing


Basic Computer Forensics

Synopsis:  This hands-on course provides students with a basic level of knowledge and skills necessary to perform basic Computer Forensic Investigations. The course is intended for Forensic Investigators, Security and Network Administrators who act as first responder to computer crises and other activities that require computer forensics.  This class reviews techniques and methodologies required to image(copy), authenticate and examine Microsoft Windows and UNIX systems.  Other sections of the class are dedicated to the fundamentals of  creating timelines, diagnosing Email headers,  and the examination of network audit records.

Duration:  2 days
Cost:  $950/Person
Intended Audience:  Mixed - All levels of incident report staff from management to technician
Prerequisites:  Basic understanding of Windows NT and/or the UNIX operating system.   General technical knowledge.

Course Outline

I  - Introduction
II - Computer Forensics Overview
     A.  What is Computer Forensics
     B.  Why is a specialist needed
III - Basic System and Network Components
IV - Tools
V - Equipment and medium preparation
VI - Hard Drive Forensics
     A.  General
          1.  Overview File System Structures
          2.  Imaging
          3.  Hashes
          4.  String Searches and Hex Editors
          4.  Exercise 1 & 2
     B.  Windows
          1.  Internet cache & Internet History
          2.  Registry
          3.  Temporary Files
          4.  System Page file
          5.  Recovery of Deleted Files
          6.  Exercise 3
     C.  Unix
          1.  File System
          2.  System Page File
          3.  Exercise 4
VII - Network Forensics
     A. Internet
     B.  Web Logs
     C.  Proxy Logs
     D.  IRC Logs
     E.  SMTP Email
     F.  Exercise 5
VIII - Time
     A.  Time is relevant
     B.  Exercise 6
IX - Law & Technology
     A.  Search and Seizure
     B.  Criminal Statutes
X - Case Studies
XI - Closing

Advanced Topics in Computer Forensics

Synopsis:  This advanced hands-on forensics course presents students with an opportunity to learn about the possibilities that exist in capturing volatile information.  Examining systems after they have been turned off or hacked only provides a subset of available data; capturing volatile data that is in system memory or flowing over the network provides the forensic investigators with a chance to examine the actual attack in real-time.  The course is intended for Senior Forensic Investigators, Security and Network Administrators who act as first responder to computer crises and other activities that require live computer technical investigations.  The implementation of IDS systems, packet sniffers and HoneyNets as investigative tools will also be examined

Duration:  2 days
Cost:  $950 / person
Audience:  Mixed - Information Security Technicians and Computer Forensic Specialist
Prerequisites:  Basic Computer Forensics class, Medium to Advanced understanding of Networks and Operating Systems, Basic under standing of Perl.

Course Outline

I -  Introduction
II - Live Forensics
     A.  "Live" Windows Forensics
          1.  Tools
          2.  Volatile Data Collection
          3.  Exercises
     B.  "Live" Unix Forensics
          1.  Tools
          2.  Volatile Data Collection
          3.   Exercises
     C.  "Live" Network Forensics
          1.  Tools
          2.  Intrusion Detection Systems
          3.  Exercises
III - Chasing the Wiley Hacker
     A.  External Resources
     B.  Legal Recourse
IV - HoneyNets
V -  Case Studies
VI - Closing

Ethical Hacking

Synopsis:  This hands-on course is designed to teach individuals the basics of the art of ethical hacking.  This class will teach individuals how to perform security assessments against their own hosts and network.  Security assessments are an excellent way of diagnosing the strengths and weaknesses of a company's network and hosts.  The techniques required to perform ethical hacking will be taught in a hands-on environment.  Exercises have been integrated into the class to allow the students to reinforce their learning by implementing their new knowledge.  

Duration:  3 days
Cost:  $1425 / person
Audience:  Individuals who perform LEGAL information security assessments.
Prerequisites:  Advanced Beginner to Moderate understanding of TCPIP networks and operating systems

Course Outline

I  - Introduction
     A.  Legality
     B.  Purpose
     C.  Current Exposure
     D.  Perimeter Security
II - Exploit Types
     A.  Social Engineering
     B.  Technical Exploits
III - Assess and Model Threats
     A.  External Information Sources
     B.  DNS Query
     C.  Domain Registration
     D.  Exercises 1 & 2
IV - Footprint Analysis
     A.  Tools
     B.  System Profiling
     C.  Port Scanning
          1.  Enumeration
          2.  Response Gathering
     D.  War Dialing
     E.  Exercises 3 & 4
V - Intrusion Attempt
     A.  Research
     B.  Targeted Intrusions
          1.  Remote Exploits
          2.  Privilege Escalation
          3.  Exercises 5 & 6
     C.  Windows Exploits
          1.  Tools
          2.  Network Attacks and Privilege Escalation
          3.  Exercises 7 & 8
     D.  Unix Exploits
          1.  Tools
          2.  Network Attacks and Privilege Escalation
          3.  Exercises 9 & 10
     E.  Wireless Exploits
          1.  Tools
          2.  Exercise 11
     F.  Non-targeted Vulnerability Scanning
           1.  Commercial Products
           2.  Non-Commercial Products
           3.  Exercise 12
VI -  Assess Exposure
     A.  Vulnerability Reporting
          1.  Rating an Exposure
          2.  Reducing false positive results
     B.  Quantity v. Quality
VII - Conclusion


Electronic Discovery - A legal and Technical Perspective

These two courses are designed to educate Attorneys about a full range of topics related to electronic discovery and computer forensics.


Electronic Discovery a Technical Perspective
  • Evaluate opportunities for electronic discovery within a company
  • Hidden sources of information within data files
  • Search strategies and document production request
  • Identify the format & process; maximize the benefits that electronic data can provide in litigation
  • Current state and federal case law

Duration:  4 hours
Cost:  $200 / Person
Audience:   Attorneys, Paralegals
Prerequisites:  None

Course Outline

I - Technical Aspects of Electronic Discovery
     A.  Introduction
     B.  Topics
          1.  Advantages & Disadvantages of Electronic Discovery
          2.  Legal Admissibility
          3.  Sources of Electronic Discovery
     C.  Production - Imaging
          1.  Preparation
          2.  Methods
          3.  Restoration
     D.  Production - Details  
          1.  Metadata
          2.  Files
          3.  Microsoft Office Quirk
          4.  Non-Microsoft Operating Systems
     E.  Other Sources of Production
          1.  Mass Storage Media
          2.  Servers
          3.  Internet
          4.  Email
     F.  TIme is relevant
II - Case Law
    A.  Data Preservation
    B.  Scope of Electronic Discovery
    C.  Records Management
    D.  Form of Production
    E.  Use of Experts
    F.  Costs and Cost Allocation
    G.  Spoliation and Sanctions
III - Conclusion
    


Corporations desiring in house training for groups of 6 or more may contact IRG directly to request a quote or schedule a class.
Information Risk Group LLC
3220 Henderson Blvd.
Tampa, FL 33609

E-mail: inforisk@inforiskgroup.com


Offering Information Security and Risk Management services to companies throughout the Americas.

  © Copyright 2006 Information Risk Group LLC. All Rights Reserved. | Contact Information Risk Group Webmaster