SANS - Computer Forensics - Course Description

Day 1 | Day 2 | Day 3 | Day 4 | Day 5 | Day 6 |

Day 5 - Computer Investigative Law for Forensic Analysts

GIAC Certification Available

Legal issues, especially liability, remain foremost in the minds of an incident handler or forensic investigator; therefore, this class has more discussion than any other we offer. Learn to investigate incidents while minimizing the risk for legal trouble. This course is designed not for management, but for the individuals actually performing a computer-based investigation. The content focuses on challenges that every investigator needs to understand before, during, and post investigation. Since most investigations could potentially bring a case to either a criminal or civil courtroom, it is essential for you to understand how to perform a computer-based investigation legally and ethically.

The information presented confronts head-on many of the legal mythologies that have caused you to hesitate when developing your incident handling procedures and pursuing incidents. You will also gain a realistic perspective on the strengths and limitations of law enforcement assistance in the investigation of incidents and the prosecution of attackers. The information presented in this course will provide an essential legal foundation for professionals managing or working in incident handling teams.

You will receive a course book that covers United States and European Union legal challenges surrounding computer-based investigations. The instruction will focus on the legal challenges surrounding the location where the course is taught. The other section will be used as a reference so that you will be able to compare and contrast legal issues from E.U. law to U.S. law.

Who Can Investigate and Investigative Process Laws
- Internal And External Investigations
- Involving Law Enforcement In An Investigation
- Ramification Of An Incident That Involves Multiple Countries
- Following Agency/Employer Policy And Procedures
- Digital Forensic Ethical Standards
- Lines Of Communication Between The Requestor, Examiner, And Analyst
Evidence Acquisition/Analysis/Preservation Laws and Guidelines
- Major Goals Associated With Acquiring Data
- Legal Authority To Allow For Data Acquisition
- Stored And Real Time Data
- Evidence/Information You Can Share With Third Parties And Law Enforcement
- Legal Authority Necessary To Collect Data
- Tool Validation And Process
U.S. Laws Investigators Should Know
- Criminal And Civil Law Procedures � Understanding Of The Laws And Procedures Related To Evidence, Search Authority And Scope.
- U.S. Computer Fraud And Abuse Act
- Civil Privacy Laws
- SOX, HIPAA, GLB, FERPA, ECPA
- Wiretap Act and Pen Register Trap and Trace Laws
- U.S. Electronic Communication Privacy Act

E.U. Laws Investigators Should Know
- Criminal And Civil Law Procedures �Understanding The Laws And Procedures Related To Evidence, Search Authority, And Scope
- Legal Entities Involved In International And E.U. Crime Investigations
- E.U. Data Protection Directive
- E.U. Data Retention Law
- E.U. Information System Attacks Decision
Presenting Data
- Evidence admissibility (Authenticity and Relevancy)
- Basic Rules Of Evidence
- Proving The Integrity Of The Data
- �Best Evidence�
- Lay And Expert Witnesses
- Daubert And Frye Tests In Court
Forensic Reports and Testimony
- Report Writing
- Legal Testimony
- Address Scientific Process, Audience, And Legal Utility
- How To Document Work So It Is Repeatable
- Scientific Methods That Show Clear Conclusions Based In Factual Evidence

SECURITY 508 Upcoming Events
Event	Location	Dates	Delivery Method
SANS SelfStudy	Books & MP3s Only	Anytime	Self Paced
SANS OnDemand	Online	Anytime	Self Paced
SANS London 2009	London, United Kingdom	Nov 28, 2009 - Dec 06, 2009	Live Event
Community SANS Tucson 2009	Tucson, AZ	Nov 30, 2009 - Dec 05, 2009	Community SANS
Community SANS Colorado Springs 2009	Colorado Springs, CO	Nov 30, 2009 - Dec 05, 2009	Community SANS
Mentor Session - SEC508	Atlanta, GA	Dec 02, 2009 - Feb 17, 2010	Mentor
Mentor Session - SEC508	Medellín, Colombia	Dec 02, 2009 - Dec 04, 2009	Mentor
SANS CDI East 2009	Washington DC	Dec 11, 2009 - Dec 18, 2009	Live Event
Mentor Session - Security 508	Charlotte, NC	Jan 14, 2010 - Mar 18, 2010	Mentor
Mentor Session - Security 508	Denver, CO	Jan 19, 2010 - Mar 23, 2010	Mentor
Community SANS Lake Tahoe 2010	Lake Tahoe, CA	Jan 25, 2010 - Jan 30, 2010	Community SANS
SANS Phoenix 2010	Phoenix, AZ	Feb 14, 2010 - Feb 20, 2010	Live Event
SANS India 2010	Bangalore, India	Feb 22, 2010 - Feb 27, 2010	Live Event
SANS 2010	Orlando, FL	Mar 06, 2010 - Mar 15, 2010	Live Event
Mentor Session - SEC508	Greeley, CO	Mar 11, 2010 - May 13, 2010	Mentor
Community SANS Boston 2010	Boston, MA	Mar 15, 2010 - Mar 20, 2010	Community SANS
SANS vLive! - SEC 508 - Rob Lee	SANS vLive! SEC508 - 201003, VA	Mar 23, 2010 - Apr 29, 2010
SANS Northern Virginia Bootcamp 2010	Reston, VA	Apr 06, 2010 - Apr 13, 2010	Live Event
Mentor Session - SEC508	Boise, ID	Sep 28, 2010 - Nov 30, 2010	Mentor

GIAC Certification

"This is awsome! We're seeing details that most people don't even know exist" - John Wright, Info Tech, Inc.

"The class provided in-depth, real world, hands-on information" - Robert Dale Drollinger, General Dynamics

SANS Institute

SANS Institute

© 2008 - 2009 The SANS™ Institute

SANS Web Privacy Policy: www.sans.org/privacy.php - Web Contact: webmaster@sans.org

SANS Press Room: www.sans.org/press / Policy On SANS Trademark Usage