SANS - Computer Forensics - Course Description

Advanced Filesystem Recovery and Memory Forensics

This advanced course is perfect for the diligent student familiar with core forensic methodology and techniques. If you understand forensic filesystem fundamentals, then this course is for you. It moves quickly from covering memory forensics to recovering and discovering deleted partitions from hard drives. This course focuses on innovative forensic techniques and methodologies so the seasoned practitioner can keep his skills sharp and up-to-date with the latest research areas in both live and static based disk forensics.

You will receive:

Forensic analysis workstation VMware machine equipped to investigate forensic data
Course DVD loaded with case examples, tools, and documentation

Prerequisites: This advanced course is perfect for the diligent student conversant with file system forensic techniques. If you are just beginning in digital forensics, this course is not appropriate for you, as the basics of digital forensics will not be covered.

Who Should Attend
- System administrators and incident handling personnel who are trying to further their knowledge in the latest forensic techniques
- Anyone who wants to learn how file system partitions are structured
- Anyone who wants to learn how to recover lost partitions from a physical disk image
- Anyone who wants to learn how to forensically recover artifacts from memory collected from a machine.

A Sampling of Topics
- File system structures and metadata
- Partitioning schemes
- Mapping out disk partitions by hand
- Discovering lost partitions from a formatted drive
- Windows memory structures
- Following Microsoft Windows memory process
- The usefulness of collecting memory
- Techniques to collect memory
- Memory analysis techniques

SECURITY 526 Upcoming Events
Event	Location	Dates	Delivery Method
SANS OnDemand	Online	Anytime	Self Paced
Hong Kong Advanced Forensics Seminar	Hong Kong, Hong Kong	Nov 09, 2009 - Nov 14, 2009	Live Event
SANS London 2009	London, United Kingdom	Nov 28, 2009 - Dec 06, 2009	Live Event
SANS CDI East 2009	Washington DC	Dec 11, 2009 - Dec 18, 2009	Live Event
SANS Security East 2010	New Orleans, LA	Jan 10, 2010 - Jan 18, 2010	Live Event
SANS 2010	Orlando, FL	Mar 06, 2010 - Mar 15, 2010	Live Event

GIAC Certification

"This is awsome! We're seeing details that most people don't even know exist" - John Wright, Info Tech, Inc.

"The class provided in-depth, real world, hands-on information" - Robert Dale Drollinger, General Dynamics

SANS Institute

SANS Institute

© 2008 - 2009 The SANS™ Institute

SANS Web Privacy Policy: www.sans.org/privacy.php - Web Contact: webmaster@sans.org

SANS Press Room: www.sans.org/press / Policy On SANS Trademark Usage