SANS Institute
SANS - Computer Forensics and e-Discovery with Rob LeeSECURITY 558SECURITY 558
Course PDF
Course PDF
Working in investigative teams, students will use forensic analysis tools to build a coherent picture of the crime. We will investigate by carving files out of raw network traffic, and extracting sensitive data hidden in ICMP payloads. We will trace the attack to its source by correlating activity with firewall logs, central server logs, IDS logs, and other network-based evidence. Finally, we will identify one of our suspects by reconstructing cached Web content, analyzing DHCP logs, and implementing passive OS fingerprinting techniques.
After using this evidence to build a solid case, we will develop a cohesive picture of the crime and discuss techniques for presenting supporting evidence in deposition.
- Topics - Day 5:
- Capstone case study: Investigate a crime and present the evidence, cont.
- Trace the attack to its source by correlating:
- Firewall longs
- Central OS logs
- IDS logs
- ... and more
- Trace the attack to its source by correlating:
- Reconstruct Web histories and cached Web content
- Analyze DHCP logs
- Fingerprint a suspect's computer
- Identify the suspect using network-based evidence
- Build a Case and discuss techniques for presenting in court
- Capstone case study: Investigate a crime and present the evidence, cont.
| SECURITY 558 Upcoming Events | |||
| Event | Location | Dates | Delivery Method |
| Community SANS Forensics DC 2010 | Alexandria, VA | Feb 22, 2010 - Feb 26, 2010 | Community SANS |
| SANS 2010 | Orlando, FL | Mar 06, 2010 - Mar 15, 2010 | Live Event |
GIAC Certification
"This is awsome! We're seeing details that most people don't even know exist" - John Wright, Info Tech, Inc.
"The class provided in-depth, real world, hands-on information" - Robert Dale Drollinger, General Dynamics
SANS Institute