SANS Institute
SANS - Computer Forensics and e-Discovery with Rob Lee
GIAC Certification Available
Course PDF
An application's activity, such as instant messaging clients that record chat conversations, USB keys installed using plug and play services, and peer-to-peer application sharing files, will potentially store data just from their installation, execution, and general use on the file system and memory. The evidence trail created by these programs could be a treasure trove of crucial data that might make or break your case. You will learn how to utilize advanced analysis techniques, called Application Footprinting, to discover where you might find and uncover crucial evidence that was created or stored from the application being installed or executed on your suspect system.
For the majority of the day you will employ the techniques learned throughout the week in a systematic hands-on intrusion investigation case. You will analyze a real-world compromised system where you might be able to discover who the suspect is online via the investigative methodology we have utilized in the course.
- Application Footprinting and Software Forensics
- What Application Footprinting Is And How It Is Useful In An Investigation
- Utilize Both File And Configuration Residue From Applications Can Be Examined Using Timeline Analysis
- Perform Registry Analysis Of Applications And Artifacts
- Utilize Both File And Configuration Residue From Applications Can Be Examined Using Memory Analysis
- The Forensic Challenge
- Real-World Compromise To Investigate From Beginning To End
- Exercise Your Forensic Skills
- Perform Difficult Forensic Tasks With Ease Using Autopsy
- Timeline Creation
- String Searches
- Unallocated Space Analysis
- Data Recovery And Analysis
- Day 6 Exercises
- Forensic Challenge (Choose Either a Compromised Windows or a Unix Machine to Analyze)
| SECURITY 508 Upcoming Events | |||
| Event | Location | Dates | Delivery Method |
| SANS SelfStudy | Books & MP3s Only | Anytime | Self Paced |
| SANS OnDemand | Online | Anytime | Self Paced |
| SANS London 2009 | London, United Kingdom | Nov 28, 2009 - Dec 06, 2009 | Live Event |
| Community SANS Tucson 2009 | Tucson, AZ | Nov 30, 2009 - Dec 05, 2009 | Community SANS |
| Community SANS Colorado Springs 2009 | Colorado Springs, CO | Nov 30, 2009 - Dec 05, 2009 | Community SANS |
| Mentor Session - SEC508 | Atlanta, GA | Dec 02, 2009 - Feb 17, 2010 | Mentor |
| Mentor Session - SEC508 | Medellín, Colombia | Dec 02, 2009 - Dec 04, 2009 | Mentor |
| SANS CDI East 2009 | Washington DC | Dec 11, 2009 - Dec 18, 2009 | Live Event |
| Mentor Session - Security 508 | Charlotte, NC | Jan 14, 2010 - Mar 18, 2010 | Mentor |
| Mentor Session - Security 508 | Denver, CO | Jan 19, 2010 - Mar 23, 2010 | Mentor |
| Community SANS Lake Tahoe 2010 | Lake Tahoe, CA | Jan 25, 2010 - Jan 30, 2010 | Community SANS |
| SANS Phoenix 2010 | Phoenix, AZ | Feb 14, 2010 - Feb 20, 2010 | Live Event |
| SANS India 2010 | Bangalore, India | Feb 22, 2010 - Feb 27, 2010 | Live Event |
| SANS 2010 | Orlando, FL | Mar 06, 2010 - Mar 15, 2010 | Live Event |
| Mentor Session - SEC508 | Greeley, CO | Mar 11, 2010 - May 13, 2010 | Mentor |
| Community SANS Boston 2010 | Boston, MA | Mar 15, 2010 - Mar 20, 2010 | Community SANS |
| SANS vLive! - SEC 508 - Rob Lee | SANS vLive! SEC508 - 201003, VA | Mar 23, 2010 - Apr 29, 2010 | |
| SANS Northern Virginia Bootcamp 2010 | Reston, VA | Apr 06, 2010 - Apr 13, 2010 | Live Event |
| Mentor Session - SEC508 | Boise, ID | Sep 28, 2010 - Nov 30, 2010 | Mentor |
