CISSP and CEH/CHFI Certification Training
CISSP & EC-Council CEH/CHFI
Course Number: |
#CED-291 |
Course Length: |
19 days |
Number of Exams: |
3 |
Certifications: |
CISSP EC-Council CEH EC-Council CHFI |
Grants (discounts) are available for multiple students for the same or different courses. |
Guaranteed to Run
Upcoming Dates |
Class Times |
Class Format |
Quote |
|
Self-Paced |
Online Self-Study
|
Instant Quote |
Online Self-Study courses allow you to study around your busy schedule, remain working as you train, work at your own pace.
Instructor-Led
- Certified Instructor
- Includes all course materials
CED Solutions Rewards Points Program
CEH Webinar Training
Intro to Certified Ethical Hacker (CEH) Webinar
Our instructors have been teaching for more than 16 years and are award winners in their areas of expertise.
Our EC-Council instructor is a 7-time Instructor of the Year award winner.
CHFI Webinar Training
Intro to Computer Hacking Forensic Investigator (CHFI) Webinar
Our instructors have been teaching for more than 16 years and are award winners in their areas of expertise.
Our EC-Council instructor is a 7-time Instructor of the Year award winner.
"I would highly recommend any new or seasoned IT security professional looking for a complete CISSP prep." -Jason Lee, Alpharetta, GA
The CISSP training is an advanced course designed to meet the high demands of the information security industry by preparing students for the Certified Information Systems Security Professional (CISSP) exam.
Ethical Hacking and Countermeasures will immerse the student into an interactive environment where they will be shown how to scan, test, hack and secure their own systems. The lab intensive environment gives each student in-depth knowledge and practical experience with the current essential security systems.
Computer hacking forensic investigation is the process of detecting hacking attacks and properly extracting evidence to report the crime and conduct audits to prevent future attacks. Computer forensics is simply the application of computer investigation and analysis techniques in the interests of determining potential legal evidence. Evidence might be sought in a wide range of computer crime or misuse, including but not limited to theft of trade secrets, theft of or destruction of intellectual property, and fraud. CHFI investigators can draw on an array of methods for discovering data that resides in a computer system, or recovering deleted, encrypted, or damaged file information.
To qualify for a re-sit of the Official ISC2 CISSP course, a student must have attempted the exam and failed before a free re-sit is permitted.
CISSP
CISSP training is an advanced course designed to meet the high demands of the information security industry by preparing students for the Certified Information Systems Security Professional (CISSP) exam.
Led by an authorized instructor, this training course provides a comprehensive review of information security concepts and industry best practices, covering the 8 domains of the CISSP CBK:
- Security and Risk Management
- Asset Security
- Security Engineering
- Communications and Network Security
- Identity and Access Management
- Security Assessment and Testing
- Security Operations
- Software Development Security
Who should attend?
This training course is intended for professionals who have at least 5 years of recent full-time professional work experience in 2 or more of the 8 domains of the CISSP CBK and are pursuing CISSP training and certification to acquire the credibility and mobility to advance within their current information security careers. The training seminar is ideal for those working in positions such as, but not limited to:
- Security Consultant
- Security Manager
- IT Director/Manager
- Security Auditor
- Security Architect
- Security Analyst
- Security Systems Engineer
- Chief Information Security Officer
- Director of Security
- Network Architect
The CISSP Helps You:
- Validate your proven competence gained through years of experience in information security
- Demonstrate your technical knowledge, skills, and abilities to effectively develop a holistic security program set against globally accepted standards
- Differentiate yourself from other candidates for desirable job openings in the fast-growing information security market
- Affirm your commitment to the field and ongoing relevancy through continuing professional education and understanding of the most current best practices
- Gain access to valuable career resources, such as networking and ideas exchange with peers
The CISSP Helps Employers:
- Protect against threats with qualified professionals who have the expertise to competently design, build, and maintain a secure business environment
- Ensure professionals stay current on emerging threats, technologies, regulations, standards, and practices through the continuing professional education requirements
- Increase confidence that candidates are qualified and committed to information security
- Ensure employees use a universal language, circumventing ambiguity with industry-accepted terms and practices
- Increase organizations' credibility when working with clients and vendors
Learning Objectives
- Understand and apply the concepts of risk assessment, risk analysis, data classification, and security awareness and Implement risk management and the principles used to support it (Risk avoidance, Risk acceptance, Risk mitigation, Risk transference)
- Apply a comprehensive and rigorous method for describing a current and/or future structure and behavior for an organization's security processes, information security systems, personnel, and organizational sub-units so that these practices and processes align with the organization's core goals and strategic direction and address the frameworks and policies, concepts, principles, structures, and standards used to establish criteria for the protection of information assets, as well as to assess the effectiveness of that protection and establish the foundation of a comprehensive and proactive security program to ensure the protection of an organization's information assets
- Apply a comprehensive and rigorous method for describing a current and/or future structure and behavior for an organization's security processes, information security systems, personnel, and organizational sub-units so that these practices and processes align with the organization's core goals and strategic direction and examine the principles, means, and methods of applying mathematical algorithms and data transformations to information to ensure its integrity, confidentiality, and authenticity
- Understand the structures, transmission methods, transport formats, and security measures used to provide confidentiality, integrity, and availability for transmissions over private and public communications networks and media and identify risks that can be quantitatively and qualitatively measured to support the building of business cases to drive proactive security in the enterprise.
- Offer greater visibility into determining who or what may have altered data or system information, potentially affecting the integrity of those asset and match an entity, such as a person or a computer system, with the actions that entity takes against valuable assets, allowing organizations to have a better understanding of the state of their security posture.
- Plan for technology development, including risk, and evaluate the system design against mission requirements, and identify where competitive prototyping and other evaluation techniques fit in the process
- Protect and control information processing assets in centralized and distributed environments and execute the daily tasks required to keep security services operating reliably and efficiently.
- Understand the Software Development Life Cycle (SDLC) and how to apply security to it, and identify which security control(s) are appropriate for the development environment, and assess the effectiveness of software security
Prerequisites
Candidates must have a minimum of five (5) years of cumulative paid full-time professional security work experience in two or more of the 8 domains of the CISSP CBK.
Candidates may receive a one year experience waiver with a four-year college degree, or regional equivalent OR additional credential from the approved list, thus requiring four (4) years of direct full-time professional security work experience in two or more of the ten domains of the CISSP CBK.
Candidates who have not completed the 5 years of experience to take the CISSP, can take an Associate CISSP exam. This will give them a credential showing their knowledge until they are able to meet the experience requirements for the CISSP.
How to register for your CISSP® Exam
Course Outline
Security and Risk Management
- Security governance principles
- Compliance
- Legal and regulatory issues
- Professional ethic
- Security policies, standards, procedures and guidelines
Asset Security
- Information and asset classification
- Ownership (e.g. data owners, system owners)
- Protect privacy
- Appropriate retention
- Data security controls
- Handling requirements (e.g. markings, labels, storage)
Security Engineering
- Engineering processes using secure design principles
- Security models fundamental concepts
- Security evaluation models
- Security capabilities of information systems
- Security architectures, designs, and solution elements vulnerabilities
- Web-based systems vulnerabilities
- Mobile systems vulnerabilities
- Embedded devices and cyber-physical systems vulnerabilities
- Cryptography
- Site and facility design secure principles
- Physical security
Communication and Network Security
- Secure network architecture design (e.g. IP & non-IP protocols, segmentation)
- Secure network components
- Secure communication channels
- Network attacks
Identity and Access Management
- Physical and logical assets control
- Identification and authentication of people and devices
- Identity as a service (e.g. cloud identity)
- Third-party identity services (e.g. on-premise)
- Access control attacks
- Identity and access provisioning lifecycle (e.g. provisioning review)
Security Assessment and Testing
- Assessment and test strategies
- Security process data (e.g. management and operational controls)
- Security control testing
- Test outputs (e.g. automated, manual)
- Security architectures vulnerabilities
Security Operations
- Investigations support and requirements
- Logging and monitoring activities
- Provisioning of resources
- Foundational security operations concepts
- Resource protection techniques
- Incident management
- Preventative measures
- Patch and vulnerability management
- Change management processes
- Recovery strategies
- Disaster recovery processes and plans
- Business continuity planning and exercises
- Physical security
- Personnel safety concerns
Software Development Security
- Security in the software development lifecycle
- Development environment security controls
- Software security effectiveness
- Acquired software security impact
[ back to top ]
Ethical Hacking
Build your career with the most in-demand cybersecurity certification in the world: THE CERTIFIED ETHICAL HACKER
Who is a Certified Ethical Hacker?
A Certified Ethical Hacker is a specialist typically working in a red team environment, focused on attacking computer systems and gaining access to networks, applications, databases, and other critical data on secured systems. A CEH® understands attack strategies, the use of creative attack vectors, and mimics the skills and creativity of malicious hackers. Unlike malicious hackers and actors, Certified Ethical Hackers operate with permission from the system owners and take all precautions to ensure the outcomes remain confidential. Bug bounty researchers are expert ethical hackers who use their attack skills to uncover vulnerabilities in the systems.
What is CEH® v12?
The Certified Ethical Hacker has been battle-hardened over the last 20 years, creating hundreds of thousands of Certified Ethical Hackers employed by top companies, militaries, and governments worldwide.
In its 12th version, the Certified Ethical Hacker provides comprehensive training, handson learning labs, practice cyber ranges for engagement, certification assessments, cyber competitions, and opportunities for continuous learning into one comprehensive program curated through our new learning framework: 1. Learn 2. Certify 3. Engage 4. Compete.
The CEH v12 also equips aspiring cybersecurity professionals with the tactics, techniques, and procedures (TTPs) to build ethical hackers who can uncover weaknesses in nearly any type of target system before cybercriminals do.
Course Outline
Module 01: Introduction to Ethical Hacking
Cover the fundamentals of key issues in the information security world, including the basics of ethical hacking, information security controls, relevant laws, and standard procedures.
Module 02: Foot Printing and Reconnaissance
Learn how to use the latest techniques and tools to perform foot printing and reconnaissance, a critical pre-attack phase of the ethical hacking process.
Module 03: Scanning Networks
Cover the fundamentals of key issues in the information security world, including the basics of ethical hacking, information security controls, relevant laws, and standard procedures.
Module 04: Enumeration
Learn various enumeration techniques, such as Border Gateway Protocol (BGP) and Network File Sharing (NFS) exploits, plus associated countermeasures.
Module 05: Vulnerability Analysis
Learn how to identify security loopholes in a target organization's network, communication infrastructure, and end systems.
Module 06: System Hacking
Learn about the various system hacking methodologies-including steganography, steganalysis attacks, and covering tracks-used to discover system and network vulnerabilities.
Module 07: Malware Threats
Get an introduction to the different types of malware, such as Trojans, viruses, and worms, as well as system auditing for malware attacks, malware analysis, and countermeasures.
Module 08: Sniffing
Learn about packet-sniffing techniques and how to use them to discover network vulnerabilities, as well as countermeasures to defend against sniffing attacks.
Module 09: Social Engineering
Learn social engineering concepts and techniques, including how to identify theft attempts, audit human-level vulnerabilities, and suggest social engineering countermeasures.
Module 10: Denial-of-Service
Learn about different Denial-of-Service (DoS) and Distributed DoS (DDoS) attack techniques, as well as the tools used to audit a target and devise DoS and DDoS countermeasures and protections.
Module 11: Session Hijacking
Understand the various session hijacking techniques used to discover network-level session management, authentication, authorization, and cryptographic weaknesses and associated countermeasures.
Module 12: Evading IDS, Firewalls, and Honeypots
Get introduced to firewall, intrusion detection system, and honeypot evasion techniques; the tools used to audit a network perimeter for weaknesses; and countermeasures.
Module 13: Hacking Web Servers
Learn about web server attacks, including a comprehensive attack methodology used to audit vulnerabilities in web server infrastructures and countermeasures.
Module 14: Hacking Web Applications
Learn about web application attacks, including a comprehensive web application hacking methodology used to audit vulnerabilities in web applications and countermeasures.
Module 15: SQL Injection
Learn about SQL injection attack techniques, injection detection tools, and countermeasures to detect and defend against SQL injection attempts.
Module 16: Hacking Wireless Networks
Learn about wireless encryption, wireless hacking methodologies and tools, and Wi-Fi security tools
Module 17: Hacking Mobile Platforms
Learn about mobile platform attack vectors, Android vulnerability exploits, and mobile security guidelines and tools.
Module 18: IoT and OT Hacking
Learn about packet-sniffing techniques and how to use them to discover network vulnerabilities, as well as countermeasures to defend against sniffing attacks.
Module 19: Cloud Computing
Learn different cloud computing concepts, such as container technologies and server less computing, various cloud-based threats and attacks, and cloud security techniques and tools.
Module 20: Cryptography
In the final module, learn about cryptography and ciphers, public-key infrastructure, cryptography attacks, and cryptanalysis tools.
[ back to top ]
Computer Hacking Forensic Investigator
Computer hacking forensic investigation is the process of detecting hacking attacks and properly extracting evidence to report the crime and conduct audits to prevent future attacks. Computer forensics is simply the application of computer investigation and analysis techniques in the interests of determining potential legal evidence. Evidence might be sought in a wide range of computer crime or misuse, including but not limited to theft of trade secrets, theft of or destruction of intellectual property, and fraud. CHFI investigators can draw on an array of methods for discovering data that resides in a computer system, or recovering deleted, encrypted, or damaged file information.
Securing and analyzing electronic evidence is a central theme in an ever-increasing number of conflict situations and criminal cases. Electronic evidence is critical in the following situations:
- Disloyal employees
- Computer break-ins
- Possession of pornography
- Breach of contract
- Industrial espionage
- E-mail Fraud
- Bankruptcy
- Disputed dismissals
- Web page defacements
- Theft of company documents
Students attending this course will take exam 312-49 to achieve their CHFI certification.
Prerequisites
A foundational knowledge of computers Operating Systems and Networking protocols.
Course Overview
Computer forensics enables the systematic and careful identification of evidence in computer related crime and abuse cases. This may range from tracing the tracks of a hacker through a client's systems, to tracing the originator of defamatory emails, to recovering signs of fraud.
The CHFI course will provide participants the necessary skills to identify an intruder's footprints and to properly gather the necessary evidence to prosecute in the court of law.
The CHFI course will benefit:
- Police and other law enforcement personnel
- Defense and Military personnel
- e-Business Security professionals
- Systems administrators
- Legal professionals
- Banking, Insurance and other professionals
- Government agencies
- IT managers
Course Outline
Computer Forensics and Investigations as a Profession
- Understanding Computer Forensics
- Comparing Definitions of Computer Forensics
- Exploring a Brief History of Computer Forensics
- Developing Computer Forensics Resources
- Preparing for Computing Investigations
- Understanding Enforcement Agency Investigations
- Understanding Corporate Investigations
- Maintaining Professional Conduct
Understanding Computer Investigations
- Preparing a Computer Investigation
- Examining a Computer Crime
- Examining a Company-Policy Violation
- Taking a Systematic Approach
- Assessing the Case
- Planning Your Investigation
- Securing Your Evidence
- Understanding Data-Recovery Workstations and Software
- Setting Up Your Workstation for Computer Forensics
- Executing an Investigation
- Gathering the Evidence
- Copying the Evidence Disk
- Analyzing Your Digital Evidence
- Completing the Case
- Critiquing the Case
Working with Windows and DOS Systems
- Understanding File Systems
- Understanding the Boot Sequence
- Examining Registry Data
- Disk Drive Overview
- Exploring Microsoft File Structures
- Disk Partition Concerns
- Boot Partition Concerns
- Examining FAT Disks
- Examining NTFS Disks
- NTFS System Files
- NTFS Attributes
- NTFS Data Streams
- NTFS Compressed Files
- NTFS Encrypted File Systems (EFS)
- EFS Recovery Key Agent
- Deleting NTFS Files
- Understanding Microsoft Boot Tasks
- Windows XP, 2000, and NT Startup
- Windows XP System Files
- Understanding MS-DOS Startup Tasks
- Other DOS Operating Systems
Macintosh and Linux Boot Processes and Disk Structures
- Understanding the Macintosh File Structure
- Understanding Volumes
- Exploring Macintosh Boot Tasks
- Examining UNIX and Linux Disk Structures
- UNIX and Linux Overview
- Understanding modes
- Understanding UNIX and Linux Boot Processes
- Understanding Linux Loader
- UNIX and Linux Drives and Partition Scheme
- Examining Compact Disc Data Structures
- Understanding Other Disk Structures
- Examining SCSI Disks
- Examining IDE/EIDE Devices
The Investigator's Office and Laboratory
- Understanding Forensic Lab Certification Requirements
- Identifying Duties of the Lab Manager and Staff
- Balancing Costs and Needs
- Acquiring Certification and Training
- Determining the Physical Layout of a Computer Forensics Lab
- Identifying Lab Security Needs
- Conducting High-Risk Investigations
- Considering Office Ergonomics
- Environmental Conditions
- Lighting
- Structural Design Considerations
- Electrical Needs
- Communications
- Fire-suppression Systems
- Evidence Lockers
- Facility Maintenance
- Physical Security Needs
- Auditing a Computer Forensics Lab
- Computer Forensics Lab Floor Plan Ideas
- Selecting a Basic Forensic Workstation
- Selecting Workstations for Police Labs
- Selecting Workstations for Private and Corporate Labs
- Stocking Hardware Peripherals
- Maintaining Operating Systems and Application Software Inventories
- Using a Disaster Recovery Plan
- Planning for Equipment Upgrades
- Using Laptop Forensic Workstations
- Building a Business Case for Developing a Forensics Lab
- Creating a Forensic Boot Floppy Disk
- Assembling the Tools for a Forensic Boot Floppy Disk
- Retrieving Evidence Data Using a Remote Network Connection
Current Computer Forensics Tools
- Evaluating Your Computer Forensics Software Needs
- Using National Institute of Standards and Technology (NIST) Tools
- Using National Institute of Justice (NU) Methods
- Validating Computer Forensics Tools
- Using Command-Line Forensics Tools
- Exploring NTI Tools
- Exploring Ds2dump
- Reviewing DriveSpy
- Exploring PDBlock
- Exploring PDWipe
- Reviewing Image
- Exploring Part
- Exploring SnapBack DatArrest
- Exploring Byte Back
- Exploring MaresWare
- Exploring DIGS Mycroft v3
- Exploring Graphical User Interface (GUI) Forensics Tools
- Exploring AccessData Programs
- Exploring Guidance Software EnCase
- Exploring Ontrack
- Using BIAProtect
- Using LC Technologies Software
- Exploring WinHex Specialist Edition
- Exploring DIGS Analyzer Professional Forensic Software
- Exploring ProDiscover DFT
- Exploring DataLifter
- Exploring ASRData
- Exploring the Internet History Viewer
- Exploring Other Useful Computer Forensics Tools
- Exploring LTOOLS
- Exploring Mtools
- Exploring R-Tools
- Using Explore2fs
- Exploring @stake
- Exploring TCT and TCTUTILs
- Exploring ILook
- Exploring HashKeeper
- Using Graphic Viewers
- Exploring Hardware Tools
- Computing-Investigation Workstations
- Building Your Own Workstation
- Using a Write-blocker
- Using LC Technology International Hardware
- Forensic Computers
- DIGS
- Digital Intelligence
- Image MASSter Solo
- FastBloc
- Acard
- NoWrite
- Wiebe Tech Forensic DriveDock
- Recommendations for a Forensic Workstation
Digital Evidence Controls
- Identifying Digital Evidence
- Understanding Evidence Rules
- Securing Digital Evidence at an Incident Scene
- Cataloging Digital Evidence
- Lab Evidence Considerations
- Processing and Handling Digital Evidence
- Storing Digital Evidence
- Evidence Retention and Media Storage Needs
- Documenting Evidence
- Obtaining a Digital Signature
Processing Crime and Incident Scenes
- Processing Private-Sector Incident Scenes
- Processing Law Enforcement Crime Scenes
- Understanding Concepts and Terms Used in Warrants
- Preparing for a Search
- Identifying the Nature of the Case
- Identifying the Type of Computing System
- Determining Whether You Can Seize a Computer
- Obtaining a Detailed Description of the Location
- Determining Who Is in Charge
- Using Additional Technical Expertise
- Determining the Tools You Need
- Preparing the Investigation Team
- Securing a Computer Incident or Crime Scene
- Seizing Digital Evidence at the Scene
- Processing a Major Incident or Crime Scene
- Processing Data Centers with an Array of RAIDS
- Using a Technical Advisor at an Incident or Crime Scene
- Sample Civil Investigation
- Sample Criminal Investigation
- Collecting Digital Evidence
Data Acquisition
- Determining the Best Acquisition Method
- Planning Data Recovery Contingencies
- Using MS-DOS Acquisition Tools
- Understanding How DriveSpy Accesses Sector Ranges
- Data Preservation Commands
- Using DriveSpy Data Manipulation Commands
- Using Windows Acquisition Tools
- AccessData FTK Explorer
- Acquiring Data on Linux Computers
- Using Other Forensics Acquisition Tools
- Exploring SnapBack DatArrest
- Exploring SafeBack
- Exploring EnCase
Computer Forensic Analysis
- Understanding Computer Forensic Analysis
- Refining the Investigation Plan
- Using DriveSpy to Analyze Computer Data
- DriveSpy Command Switches
- DriveSpy Keyword Searching
- DriveSpy Scripts
- DriveSpy Data-Integrity Tools
- DriveSpy Residual Data Collection Tools
- Other Useful DriveSpy Command Tools
- Using Other Digital Intelligence Computer Forensics Tools
- Using PDBlock and PDWipe
- Using AccessData's Forensic Toolkit
- Performing a Computer Forensic Analysis
- Setting Up Your Forensic Workstation
- Performing Forensic Analysis on Microsoft File Systems
- UNIX and Linux Forensic Analysis
- Macintosh Investigations
- Addressing Data Hiding Techniques
- Hiding Partitions
- Marking Bad Clusters
- Bit-Shifting
- Using Steganography
- Examining Encrypted Files
- Recovering Passwords
E-mail Investigations
- Understanding Internet Fundamentals
- Understanding Internet Protocols
- Exploring the Roles of the Client and Server in E-mail
- Investigating E-mail Crimes and Violations
- Identifying E-mail Crimes and Violations
- Examining E-mail Messages
- Copying an E-mail Message
- Printing an E-mail Message
- Viewing E-mail Headers
- Examining an E-mail Header
- Examining Additional E-mail Files
- Tracing an E-mail Message
- Using Network Logs Related to E-mail
- Understanding E-mail Servers
- Examining UNIX E-mail Server Logs
- Examining Microsoft E-mail Server Logs
- Examining Novell GroupWise E-mail Logs
- Using Specialized E-mail Forensics Tools
Recovering Image Files
- Recognizing an Image File
- Understanding Bitmap and Raster Images
- Understanding Vector Images
- Metafle Graphics
- Understanding Image File Formats
- Understanding Data Compression
- Reviewing Lossless and Lossy Compression
- Locating and Recovering Image Files
- Identifying Image File Fragments
- Repairing Damaged Headers
- Reconstructing File Fragments
- Identifying Unknown File Formats
- Analyzing Image File Headers
- Tools for Viewing Images
- Understanding Steganography in Image Files
- Using Steganalysis Tools
- Identifying Copyright Issues with Graphics
Writing Investigation Reports
- Understanding the Importance of Reports
- Limiting the Report to Specifics
- Types of Reports
- Expressing an Opinion
- Designing the Layout and Presentation
- Litigation Support Reports versus Technical Reports
- Writing Clearly
- Providing Supporting Material
- Formatting Consistently
- Explaining Methods
- Data Collection
- Including Calculations
- Providing for Uncertainty and Error Analysis
- Explaining Results
- Discussing Results and Conclusions
- Providing References
- Including Appendices
- Providing Acknowledgments
- Formal Report Format
- Writing the Report
- Using FTK Demo Version
Becoming an Expert Witness
- Comparing Technical and Scientific Testimony
- Preparing for Testimony
- Documenting and Preparing Evidence
- Keeping Consistent Work Habits
- Processing Evidence
- Serving as a Consulting Expert or an Expert Witness
- Creating and Maintaining Your CV
- Preparing Technical Definitions
- Testifying in Court
- Understanding the Trial Process
- Qualifying Your Testimony and Voir Dire
- Addressing Potential Problems
- Testifying in General
- Presenting Your Evidence
- Using Graphics in Your Testimony
- Helping Your Attorney
- Avoiding Testimony Problems
- Testifying During Direct Examination
- Using Graphics During Testimony
- Testifying During Cross-Examination
- Exercising Ethics When Testifying
- Understanding Prosecutorial Misconduct
- Preparing for a Deposition
- Guidelines for Testifying at a Deposition
- Recognizing Deposition Problems
- Public Release: Dealing with Reporters
- Forming an Expert Opinion
- Determining the Origin of a Floppy Disk
Computer Security Incident Response Team
- Incident Response Team
- Incident Reporting Process
- Low-level incidents
- Mid-level incidents
- High-level incidents
- What is a Computer Security Incident Response Team (CSIRT)?
- Why would an organization need a CSIRT?
- What types of CSIRTs exist?
- Other Response Teams Acronyms
- What does a CSIRT do?
- What is Incident Handling?
- Need for CSIRT in Organizations
- Best Practices for Creating a CSIRT?
Logfile Analysis
- Secure Audit Logging
- Audit Events
- Syslog
- Message File
- Setting Up Remote Logging
- Linux Process Tracking
- Windows Logging
- Remote Logging in Windows
- ntsyslog
- Application Logging
- Extended Logging
- Monitoring for Intrusion and Security Events
- Importance of Time Synchronization
- Passive Detection Methods
- Dump Event Log Tool (Dumpel.exe)
- EventCombMT
- Event Collection
- Scripting
- Event Collection Tools
- Forensic Tool: fwanalog
- Elements of an End-to-End Forensic Trace
- Log Analysis and Correlation
- TCPDump logs
- Intrusion Detection Log (RealSecure)
- Intrusion Detection Log (SNORT)
Recovering Deleted Files
- The Windows Recycle Bin
- Digital evidence
- Recycle Hidden Folder
- How do I undelete a file?
- e2undel
- O&O UnErase
- Restorer2000
- BadCopy Pro
- File Scavenger
- Mycroft v3
- PC ParaChute
- Search and Recover
- Stellar Phoenix Ext2,Ext3
- Zero Assumption Digital Image Recovery
- FileSaver
- VirtualLab Data Recovery
- R-Linux
- Drive & Data Recovery
- Active@ UNERASER - DATA Recovery
Application Password Crackers
- Advanced Office XP Password Recovery
- AOXPPR
- Accent Keyword Extractor
- Advanced PDF Password Recovery
- APDFPR
- Distributed Network Attack
- Windows XP / 2000 / NT Key
- Passware Kit
- How to Bypass BIOS Passwords
- BIOS Password Crackers
- Removing the CMOS Battery
- Default Password Database
Investigating E-Mail Crimes
- E-mail Crimes
- Sending Fakemail
- Sending E-mail using Telnet
- Tracing an e-mail
- Mail Headers
- Reading Email Headers
- Tracing Back
- Tracing Back Web Based E-mail
- Microsoft Outlook Mail
- Pst File Location
- Tool: R-Mail
- Tool: FinaleMail
- Searching E-mail Addresses
- E-mail Search Site
- abuse.net
- Network Abuse Clearing House
- Handling Spam
- Protecting your E-mail Address from Spam
- Tool: Enkoder Form
- Tool: eMailTrackerPro
- Tool: SPAM Punisher
Investigating Web Attacks
- How to Tell an Attack is in Progress
- What to Do When You Are Under Attack?
- Conducting the Investigation
- Attempted Break-in
- Step 1: Identifing the System(s)
- Step 2: Traffic between source and destination
- How to detect attacks on your server?
- Investigating Log Files
- IIS Logs
- Log file Codes
- Apache Logs
- Access_log
- Log Security
- Log File Information
- Simple Request
- Time/Date Field
- Mirrored Site Detection
- Mirrored Site in IIS Logs
- Vulnerability Scanning Detection
- Example of Attack in Log file
- Web Page Defacement
- Defacement using DNS Compromise
- Investigating DNS Poisoning
- Investigating FTP Servers
- Example of FTP Compromise
- FTP logs
- SQL Injection Attacks
- Investigating SQL Injection Attacks
- Web Based Password Brute Force Attack
- Investigating IP Address
- Tools for locating IP Address
- Investigating Dynamic IP Address
- Location of DHCP Server Logfile
Investigating Network Traffic
- Network Intrusions and Attacks
- Direct vs. Distributed Attacks
- Automated Attacks
- Accidental "Attacks"
- Address Spoofing
- IP Spoofing
- ARP Spoofing
- DNS Spoofing
- Preventing IP Spoofing
- Preventing ARP Spoofing
- Preventing DNS Spoofing
- VisualZone
- DShield
- Forensic Tools for Network Investigations
- TCPDump
- Ethereal
- NetAnalyst
- Ettercap
- Ethereal
Investigating Router Attacks
- DoS Attacks
- Investigating DoS Attacks
- Investigating Router Attacks
The Computer Forensics Process
- Evidence Seizure Methodology
- Before the Investigation
- Document Everything
- Confiscation of Computer Equipment
Data Duplication
- Tool: R-Drive Image
- Tool: DriveLook
- Tool: DiskExplorer for NTFS
Windows Forensics
- Gathering Evidence in Windows
- Collecting Data from Memory
- Collecting Evidence
- Memory Dump
- Manual Memory Dump (Windows 2000)
- Manual Memory Dump (Windows XP)
- PMDump
- Windows Registry
- Registry Data
- Regmon utility
- Forensic Tool: InCntrl5
- Backing Up of the entire Registry
- System State Backup
- Forensic Tool: Back4Win
- Forensic Tool: Registry Watch
- System Processes
- Process Monitors
- Default Processes in Windows NT, 2000, and XP
- Process-Monitoring Programs
- Process Explorer
- Look for Hidden Files
- Viewing Hidden Files in Windows
- NTFS Streams
- Detecting NTFS Streams
- Rootkits
- Detecting Rootkits
- Sigverif
- Detecting Trojans and Backdoors
- Removing Trojans and Backdoors
- Port Numbers Used by Trojans
- Examining the Windows Swap File
- Swap file as evidence
- Viewing the Contents of the Swap/Page File
- Recovering Evidence from the Web Browser
- Locating Browser History Evidence
- Forensic Tool: Cache Monitor
- Print Spooler Files
- Steganography
- Forensic Tool: StegDetect
Linux Forensics
- Performing Memory Dump on Unix Systems
- Viewing Hidden Files
- Executing Process
- Create a Linux Forensic Toolkit
- Collect Volatile Data Prior to Forensic Duplication
- Executing a Trusted Shell
- Determining Who is logged on to the System
- Determining the Running Processes
- Detecting Loadable Kernel Module Rootkits
- LKM
- Open Ports and Listening Applications
- /proc file system
- Log Files
- Configuration Files
- Low Level Analysis
- Log Messages
- Running syslogd
- Investigating User Accounts
- Collecting an Evidential Image
- File Auditing Tools
Investigating PDA
Enforcement Law and Prosecution
- Freedom of Information Act
- Reporting Security Breaches to Law Enforcement
- National Infrastructure Protection Center
- Federal Computer Crimes and Laws
- Federal Laws
- The USA Patriot Act of 2001
- Building the Cybercrime Case
- How the FBI Investigates Computer Crime
- Cyber Crime Investigations
- Computer-facilitated crime
- FBI
- Federal Statutes
- Local laws
- Federal Investigative Guidelines
- Gather Proprietary Information
- Contact law enforcement
- To initiate an investigation
Investigating Trademark and Copyright Infringement
- Trademarks
- Trademark Eligibility
- What is a service mark?
- What is trade dress?
- Internet domain name
- Trademark Infringement
- Conducting a Trademark Search
- Using Internet to Search for Trademarks
- Hiring a professional firm to conduct my trademark search
- Trademark Registrations
- Benefits of Trademark Registration
- Copyright
- How long does a copyright last?
- Copyright Notice
- Copyright "Fair Use" Doctrine
- U.S. Copyright Office
- How are copyrights enforced?
- SCO vs IBM
- What is Plagiarism?
- Turnitin
- Plagiarism Detection Tools
[ back to top ]
CED Solutions is your best choice for CISSP CEH CHFI,
CISSP CEH CHFI training,
CISSP CEH CHFI certification,
CISSP CEH CHFI boot camp,
CISSP CEH CHFI certification training,
CISSP CEH CHFI certification course,
CISSP CEH CHFI course,
CISSP CEH CHFI class.
|
Follow CED