 | |
Security: Certification: GIAC: Certified Forensic Analyst (GCFA): SANS System Forensics, Investigations, and Response
|  | | | Average Rating: 8.00/10
(# Rating Votes: 3 | Read 1 Review(s) | Rate This Course | Contribute a Review )
Short Description:
This track is designed to equip frontline incident handlers with the knowledge, tools, and hands-on experience needed to investigate and respond to computer incidents in their organizations.
Full Description:
Current research indicates that unpatched, unprotected computers that have been connected to the Internet are being compromised in 3 days or less. In such a harsh environment, even protected systems can become the victim of a successful attack - and we see evidence of this daily. To be effective, today's incident response personnel must be trained in a variety of operating systems, investigation techniques, incident response tactics, and even legal issues. This track is designed to equip frontline incident handlers with the knowledge, tools, and hands-on experience needed to successfully investigate and respond to computer incidents in their organizations.
NOTICE! This is an advanced track where the typical student is HIGHLY recommended in having a strong familiarity with Linux System Administration, Windows System Administration, TCP/IP,and Intrusion Detection Methodologies.
Beginning with foundation concepts such as file system structures, MAC times, and basic forensic auditing, the content and difficulty level of this track advances rapidly. You'll learn how and when to use various tools such as the UNIX Coroner's Toolkit (TCT), the Windows Incident Response Collection Report (IRCR), and then quickly move on to advanced forensic and incident response topics and techniques. Five days of intense, hands-on courses, and a deep-knowledge education into legal challenges and issues culminate with an over-the-shoulder view of an investigation performed on a real-world compromised system collected by the Honeynet Project.
Many of the courses in this track provide the unique opportunity to learn forensic techniques in a lab-style, hands-on setting. Where possible, tools and techniques for both Windows and UNIX investigations will be discussed. This track can be used to prepare for the GIAC Certified Forensic Analyst (GCFA) Certification.
A properly configured computer system is required for each student participating in the workshop portion of this course. Before coming to class, you need to bring the correct configuration and install the necessary software (http://www.sans.org/conference/forensic_install.pdf). If you do not carefully read and follow these instructions in the forensic installation guide you are guaranteed to leave the course unsatisfied, since you will not be able to analyze the forensic images that we will hand out
This is a fast-paced track and students are expected to have a basic working system administration of Linux, Windows, and TCP/IP (see Forensic Linux System Admin Quiz http://www.sans.org/conference/flsa_quiz.php ) in order to fully grasp/ comprehend the topics that will be discussed. Although others may benefit from this track, it is most appropriate for students who are or who will become forensic analysts. Audience members generally range from novices with some system administrator background all the way to seasoned practioners. The challenging, hands-on exercises are specially designed to be valuable for all experience levels. We strongly recommend that you spend some time refreshing background with Linux system administration and Windows 2000 system administration before coming to class.
A Sampling of Topics
Incident Response
Forensic Preparation
Windows Forensics
Unix and Linux Forensics
Data Recovery and Analysis
Malicious Code Analysis
Law Enforcement Interaction and Case Law
Corporate and Managerial Legal Concerns and Direction
The Honeynet Project's Forensic Challenge
For GIAC Certification
You may register to seek certification for an additional fee of $250 US. Additional information can be found at the GIAC home page www.giac.org and the GIAC FAQ www.giac.org/FAQ.php.
Note: SANS strongly recommends those attempting certification in Track 8 have a solid background in at least one of the following areas:
- GCIA/Track 3 - Intrusion Detection In-Depth
- CGIH/Track 4 - Hacker Techniques, Exploits and Incident Handling
- GCNT/Track 5 - Securing Windows
- GCUX/Track 6 - Securing Unix Systems
Duration:
6 Days
Price:
$3,145
Submitted by: admin
Hits: 0
SANS System Forensics, Investigations, and Response Course Web Page
Read 1 Review(s)
| Add your own Review! | | | | |
