ఆవేశం అలజడి సృష్టిస్తే.... ఆ అలజడి విప్లవానికి నాంది పలకవచ్చు, లేదా వినాశానికి దారితీయనూవచ్చు. ఆ అలజడి మనిషి మనసులో ప్రారంభమయితే... దాని పర్యవసానం ఏమిటో? ప్రతి మనిషికీ ఎప్పుడో ఒకప్పుడు ఎక్కడ…Full description
Handbook for those interested in becoming a PI in the State of Florida.
nmj
yes, for you and others person which would like to see this pdf.
Computer Forensics Computer hacking forensic investigation is the process of detecting hacking attacks and properly extracting evidence to report the crime and conduct audits to prevent future attacks. Computer forensics is simply the application of computer investigation and analysis techniques in the interests of determining potential legal evidence. Evidence might be sought in a wide range of computer crime or misuse, including but not limited to theft of trade secrets, theft of or destruction of intellectual property, and fraud. CHFI investigators can draw on an array of methods for discovering data that resides in a computer system, or recovering deleted,
identication of evidence in computer related crime and abuse cases. This may range from tracing the tracks of a hacker through a client’s systems, to tracing the originator of defamatory emails, to recovering signs of fraud. The CHFI course will provide participants the necessary skills to identify an intruder’s footprints footprints and to properly gather the necessary evidence to prosecute in the court of law. The CHFI course will benet:
encrypted, or damaged le information. • Police and other law enforcement personnel • Defense and Military personnel • e-Business Security professionals • Systems administrators • Legal professiona professionals ls • Banking, Insurance and other professionals • Government agencies
Securing and analyzing electronic evidence is a central theme in an ever-increasin ever-increasing g number of conict situations and criminal cases. Electronic evidence is critical in the following situations: • Disloyal employees • Computer break-ins • Possession of pornography • Breach of contract • Industrial espionage • E-mail Fraud • Bankruptcy • Disputed dismissals • Web page defacements
• IT managers
• Theft of company documents Computer forensics enables the systematic and careful
2
EC-Council
3
EC-Council
Computer Hacking Forensic Investigator (CHFI)
§
Assessing the Case
§
Planning Your Investigation
§
Securing Your Evidence
Course Outline v1
Module 1 Computer Forensics and Investigations as a Profession §
§
Understanding Computer Forensics §
§
§
Understanding Data-Recovery Workstations and Software
Comparing Denitions of Computer Forensics Exploring a Brief History of Computer Forensics
Setting Up Your Workstation for Computer Forensics
§
Executing an Investigation
§
Gathering the Evidence Copying the Evidence Disk
§
Developing Computer Forensics Resources
§
§
Preparing for Computing Investigations
§
Understanding Enforcement Agency Investigations
§
Completing the Case
§
Critiquing the Case
§
§
§
Understanding Corporate Investigations
Module 3 Working with Windows and DOS Systems
Maintaining Professional Conduct
Module 2 Understanding Computer Investigations §
§
§
§
Analyzing Your Digital Evidence
§
Understanding File Systems
§
Understanding the Boot Sequence
§
Examining Registry Data
§
Disk Drive Overview
§
Exploring Microsoft File Structures
§
Disk Partition Concerns
Preparing a Computer Investigation Examining a Computer Crime Examining a Company-Policy Violation Taking a Systematic Approach
4
EC-Council
§
Boot Partition Concerns
§
Exploring Macintosh Boot Tasks
§
Examining FAT Disks
§
Examining UNIX and Linux Disk Structures
§
Examining NTFS Disks
§
UNIX and Linux Overview
§
NTFS System Files
§
Understanding modes
§
NTFS Attributes
§
§
NTFS Data Streams §
Understanding UNIX and Linux Boot Processes Understanding Linux Loader
§
NTFS Compressed Files
§
NTFS Encrypted File Systems (EFS)
§
EFS Recovery Key Agent
§
Examining Compact Disc Data Structures
§
Deleting NTFS Files
§
Understanding Other Disk Structures
§
Understanding Microsoft Boot Tasks
§
Examining SCSI Disks
§
Examining IDE/EIDE Devices
§
§
Windows XP, 2000, and NT Startup
§
Windows XP System Files
§
Understanding MS-DOS Startup Tasks
§
Other DOS Operating Systems
Module 5 The Investigator’s Ofce and Laboratory §
Module 4 Macintosh and Linux Boot Processes and Disk Structures §
Understanding the Macintosh File Structure
§
Understanding Volumes
UNIX and Linux Drives and Partition Scheme
§
§
§
5
Understanding Forensic Lab Certication Requirements Identifying Duties of the Lab Manager and Staff Balancing Costs and Needs Acquiring Certication and Training
EC-Council
§
Determining the Physical Layout of a Computer Forensics Lab
§
Maintaining Operating Systems and Application Software Inventories
§
Identifying Lab Security Needs
§
Using a Disaster Recovery Plan
§
Conducting High-Risk Investigations
§
Planning for Equipment Upgrades
§
Considering Ofce Ergonomics
§
Using Laptop Forensic Workstations
§
Environmental Conditions
§
§
Lighting
§
Structural Design Considerations
§
Electrical Needs
§
Communications
§
Fire-suppression Systems
§
Evidence Lockers
§
Facility Maintenance
§
Physical Security Needs
§
§
§
Computer Forensics Lab Floor Plan Ideas
§
Selecting a Basic Forensic Workstation
§
Selecting Workstations for Police Labs
§
Creating a Forensic Boot Floppy Disk Assembling the Tools for a Forensic Boot Floppy Disk Retrieving Evidence Data Using a Remote Network Connection
Module 6 Current Computer Forensics Tools §
Auditing a Computer Forensics Lab
§
§
§
Building a Business Case for Developing a Forensics Lab
§
§
§
Selecting Workstations for Private and Corporate Labs Stocking Hardware Peripherals
6
Evaluating Your Computer Forensics Software Needs Using National Institute of Standards and Technology (NIST) Tools Using National Institute of Justice (NU) Methods Validating Computer Forensics Tools
§
Using Command-Line Forensics Tools
§
Exploring NTI Tools
EC-Council
§
Exploring Ds2dump
§
Exploring DataLifter
§
Reviewing DriveSpy
§
Exploring ASRData
§
Exploring PDBlock
§
Exploring the Internet History Viewer
§
Exploring PDWipe
§
§
Reviewing Image
§
Exploring Part
§
Exploring SnapBack DatArrest
§
Exploring Byte Back
§
Exploring MaresWare
§
Exploring DIGS Mycroft v3
Exploring Other Useful Computer Forensics Tools
§
Exploring LTOOLS
§
Exploring Mtools
§
Exploring R-Tools
§
Using Explore2fs
§
Exploring @stake
§
Exploring TCT and TCTUTILs
Exploring Graphical User Interface (GUI) Forensics Tools
§
Exploring ILook
§
Exploring AccessData Programs
§
Exploring HashKeeper
§
Exploring Guidance Software EnCase
§
Using Graphic Viewers
§
Exploring Ontrack
§
Exploring Hardware Tools
§
Using BIAProtect
§
Computing-Investigation Workstations
§
Using LC Technologies Software
§
Building Your Own Workstation
§
Exploring WinHex Specialist Edition
§
Using a Write-blocker
§
§
§
Exploring DIGS Analyzer Professional Forensic Software
§
Exploring ProDiscover DFT
§
7
Using LC Technology International Hardware Forensic Computers
EC-Council
§
DIGS
§
Documenting Evidence
§
Digital Intelligence
§
Obtaining a Digital Signature
§
Image MASSter Solo
§
FastBloc
§
§
§
Module 8 Processing Crime and Incident Scenes
Acard §
Processing Private-Sector Incident Scenes
§
Processing Law Enforcement Crime Scenes
NoWrite Wiebe Tech Forensic DriveDock §
§
Recommendations for a Forensic Workstation
Understanding Concepts and Terms Used in Warrants
§
Preparing for a Search
§
Identifying the Nature of the Case
§
Identifying the Type of Computing System
Module 7 Digital Evidence Controls §
Identifying Digital Evidence §
§
§
Understanding Evidence Rules Securing Digital Evidence at an Incident Scene
§
Determining Whether You Can Seize a Computer Obtaining a Detailed Description of the Location
§
Cataloging Digital Evidence
§
Determining Who Is in Charge
§
Lab Evidence Considerations
§
Using Additional Technical Expertise
§
Processing and Handling Digital Evidence
§
Determining the Tools You Need
§
Storing Digital Evidence
§
Preparing the Investigation Team
§
Evidence Retention and Media Storage Needs
§
8
Securing a Computer Incident or Crime Scene
EC-Council
§
Seizing Digital Evidence at the Scene
§
Using Other Forensics Acquisition Tools
§
Processing a Major Incident or Crime Scene
§
Exploring SnapBack DatArrest
§
Exploring SafeBack
§
Exploring EnCase
§
§
Processing Data Centers with an Array of RAIDS Using a Technical Advisor at an Incident or Crime Scene
Module 10 Computer Forensic Analysis
§
Sample Civil Investigation
§
Sample Criminal Investigation
§
Understanding Computer Forensic Analysis
§
Collecting Digital Evidence
§
Rening the Investigation Plan
§
Using DriveSpy to Analyze Computer Data
§
DriveSpy Command Switches
Module 9 Data Acquisition §
Determining the Best Acquisition Method
§
DriveSpy Keyword Searching
§
Planning Data Recovery Contingencies
§
DriveSpy Scripts
§
Using MS-DOS Acquisition Tools
§
DriveSpy Data-Integrity Tools
Understanding How DriveSpy Accesses Sector Ranges
§
DriveSpy Residual Data Collection Tools
§
Other Useful DriveSpy Command Tools
§
§
Data Preservation Commands §
§
§
§
§
Using DriveSpy Data Manipulation Commands
Using Other Digital Intelligence Computer Forensics Tools
§
Using PDBlock and PDWipe
§
Using AccessData’s Forensic Toolkit
§
Performing a Computer Forensic Analysis
Using Windows Acquisition Tools AccessData FTK Explorer Acquiring Data on Linux Computers
9
EC-Council
§
§
Setting Up Your Forensic Workstation Performing Forensic Analysis on Microsoft File Systems
§
Copying an E-mail Message
§
Printing an E-mail Message
§ §
§
§
UNIX and Linux Forensic Analysis
§
Marking Bad Clusters
§
§
§
Examining an E-mail Header
§
Examining Additional E-mail Files
§
Tracing an E-mail Message
§
Using Network Logs Related to E-mail
§
Understanding E-mail Servers
§
Examining UNIX E-mail Server Logs
§
Examining Microsoft E-mail Server Logs
§
Examining Novell GroupWise E-mail Logs
§
Using Specialized E-mail Forensics Tools
Addressing Data Hiding Techniques Hiding Partitions
§
§
Macintosh Investigations
§
Viewing E-mail Headers
Bit-Shifting Using Steganography Examining Encrypted Files Recovering Passwords