Unpatched, unprotected computers connected to the internet are compromised in less than three days! In the commercial sector, TJ Maxx, Hannaford, and TD Ameritrade are victims of large-scale data breaches and intrusions. From these attacks, personal or account information of more than 100 million individuals has been compromised. In the government sector, cyber attacks on government agencies and contractors, originating from China, have proved difficult to suppress. In both situations, incident response and mitigation, class action lawsuits, and fines place remediation costs in the billions of dollars.

Security 508: Computer Forensics, Investigation, and Response will give you a firm understanding of computer forensics tools and techniques to investigate data breach intrusions, tech-savvy rogue employees, advanced persistent threats, and complex digital forensic cases.

Utilizing advances in spear phishing, web application attacks, and persistent malware these new sophisticated attackers advance rapidly through your network. Forensic investigators must master a variety of operating systems, investigation techniques, incident response tactics, and even legal issues in order to solve challenging cases. Security 508: Computer Forensics, Investigation, and Response will teach you critical forensic analysis techniques and tools in a hands-on setting for both Windows- and Linux-based investigations.

We will examine various investigation methodologies and techniques, discovering new places to find evidence and discover the tracks of a cyber criminal or hacker, who is trying to stay hidden inside your network.

Learning more than just how to use a forensic tool, you will be able to demonstrate how the tool functions step-by-step. You will become skilled with new tools, such as the Sleuthkit, Foremost, and the HELIX3 Pro Forensics Live CD. SANS hands-on technical course arms you with a deep understanding of the forensic methodology, tools, and techniques to solve advanced computer forensics cases.

FIGHT CRIME. UNRAVEL INCIDENTS... ONE BYTE AT A TIME. We not only teach a firm understanding of the computer forensics tools and techniques, we also teach you the legally approved forensic methodology that will result in success.

Computer Forensics Course Prerequisites

Strong recommendation: Each student should attend Security 408: Computer Forensic Essentials prior to taking this course or have equivalent digital forensic experience in the field. This course is a designed to be a perfect follow on for those that have already attended Security 408: Computer Forensic Essentials.

If you are just beginning in computer forensics or information security, then this course is not appropriate for you as the basics of computer forensics, system administration, and hacker techniques will not be covered.

You will Receive with this Course

Free SANS Investigative Forensic Toolkit (SIFT) Advanced

As a part of this course you will receive a SANS Investigative Forensic Toolkit (SIFT) Advanced, you will gain first-hand experience in collecting and analyzing evidence recovered from a system under investigation. The toolkit consists of:

• Hard Drive USB mini adapter kit for SATA/IDE hard drives 1.8"/2.5"/3.5"/5.25" (Read and Write)
• SANS VMware based Forensic Analysis Workstation
• Course DVD loaded with case examples, tools, and documentation
• Best-selling book "File System Forensic Analysis" by Brian Carrier
• New Addition! The SIFT Kit Advanced will now include a single version Helix3 Pro that will be individually licensed to each student.
  • Works on Mac OS X, Windows, and Linux.
  • Simplified Live Analysis with both Memory and Disk Acquisition
  • Built in Memory Analysis
  • Boots most Intel x86 machines including Mac OS X

SANS Computer Forensic Website - forensics.sans.org

The learning does not end when class is over. SANS Computer Forensic Website is a community-focused site offering digital forensics professionals a one-stop forensic resource to learn, discuss and share current developments in the field. It also provides information regarding SANS forensics training, GIAC certification, and upcoming events. Visit http://forensics.sans.org. New content is added regularly, so please visit often. In addition, do not forget to share this information with your fellow forensic professionals.