SANS Institute
SANS - Computer Forensics and e-Discovery with Rob Lee
GCFA Forensic Certification
GCFA certification tests knowledge that is not geared for only law enforcement personnel, but for corporate and organizational incident response and investigation teams that have different legal or statutory requirements compared to a standard law enforcement forensic investigation.
GCFA certification tests knowledge that is not geared for only law enforcement personnel, but for corporate and organizational incident response and investigation teams that have different legal or statutory requirements compared to a standard law enforcement forensic investigation.
Certified analysts understand requirements from the Sarbanes-Oxley Act (SOX) , the Gramm-Leach-Bliley Act (GLB), the Health Insurance Portability and Accountability Act (HIPAA). In addition certified professionals have a deep understanding of the Electronic Communications Privacy Act, the Computer Fraud and Abuse Act, and the Wiretap Act. Certified Analysts also are able to articulate evidence admissibility, weight, and how the Daubert/Frye tests are applied.
GCFA Links:
Challenge This Cert - Sign up Now!
SANS Information Security Reading Room
Certified Professionals (GCFA)
Practical Hands-On Experience with the Following:
- Forensic Report Writing
- Electronic Evidence Discovery (EED)
- Sarbanes-Oxley Act (SOX)
- Gramm-Leach-Bliley Act (GLB)
- Health Insurance Portability and Accountability Act (HIPAA)
- Electronic Communications Privacy Act
- Computer Fraud and Abuse Act
- Wiretap Act
- Incident Verification Analysis
- Master Boot Record Partition Analysis
- Installing Forensic Analysis Workstation Laboratory
- Application Footprinting Step-By-Step
- Forensic Challenge Investigation from Beginning to End
- Recovering a Rootkit from an SMB Attack Using a Hex-Editor
- Using Automated Toolkits to Collect Information from Windows Based Systems
- Using automated tools to examine a NTFS/FAT Image
- Recover Files from a USB Key Used in a Crime
- Follow Forensic Methodologies to Analyze a Case End to End
- Recovering Artifacts from Unallocated Space Using Foremost
- Creating a Complete File System Timeline
- Performing Hash Comparisons Using Hash Databases
- Using Wireshark to Examine a Compromise in Progress
- Recover a Rootkit From The a Network Wiretap
- System Verification and Evidence Gathering of a Live Compromised System
- Imaging Using dd, dcfldd, and mmls of a Live System
- Timeline Creation on a Live System
- Using Helix Bootable Forensics/IR CD-ROM
GIAC Certification
"This is awsome! We're seeing details that most people don't even know exist" - John Wright, Info Tech, Inc.
"The class provided in-depth, real world, hands-on information" - Robert Dale Drollinger, General Dynamics
SANS Institute