Foundstone's Forensic and Incident Response Education (FIRE) course is a defensive weapon to help you normalize your environment after a negative event has occurred. Hackers and disgruntled employees have increasingly sophisticated tools and backdoor programs at their disposal to steal your intellectual property and expose sensitive information - all with the ability to cover their tracks.

IT professionals charged with protecting the environment can be overwhelmed, causing attacks to be ignored or mistakenly diagnosed as a system or network problem. During this course you will learn forensic techniques to identify, respond to, and recover from both an insider and outsider attack.

This comprehensive, technically detailed course that enables you to successfully respond to incidents and reinforces your security posture.

What You'll Learn

• Computer forensics process
• Create evidentiary disk images
• How to respond to unlawful access and information theft
• Incident response procedures for Unix and Microsoft Windows systems

Who Needs to Attend

Software developers and software security auditors

Prerequisites

• Experience with the C/C++ for at least one year
• Comprehensive knowledge of C/C++ and the C/C++ language
• Basic understanding of web technology is required

Follow-On Courses

• Foundstone Ultimate Hacking
• Foundstone Ultimate Hacking: Expert
• Foundstone Ultimate Hacking: Wireless
• Foundstone Ultimate Hacking: Web

Course Outline

1. Introduction

• Course Content and Format
• Principles of Forensics and Incident Response (IR)

2. Preparation

• Data Collection Techniques
• Chain of Custody
• Pre-Incident Preparation
• Forensic Hardware
• Basic Incident Response Process
• Documentation Requirements

3. Legalities

• Federal Laws - ECPA and USC
• Interception of Data
• Stored Communications
• Unauthorized Access
• Child Pornography
• Patriot Act, Gramm-Leach-Bliley Act, and Sarbanes-Oxley
• Acceptable Use Policies

4. UNIX & Linux Incident Response

• Live Response Best Practices and Order of Volatility
• Unix/Linux File Permissions
• Unix/Linux Live Response
• Following the Process Tree

5. Windows Incident Response

• Installed Software and Hotfixes
• Persistence Mechanisms
• Window Audit Policies
• Malware Analysis
• Alternate Data Streams
• Windows Registry

6. File Carving and Toolkit Building

• File Carving
• Building a Response Kit
• Determining File Headers
• Scripting a Response Step by Step
• Extracting Specific File Types

7. Network-Based Monitoring

• Sources of Network Data
• Placement of Monitoring Devices in Network Monitoring Hardware

8. File System Forensics

• Common File System Types
• Image File Formats
• Hard Drive Types
• Deleted Files
• File Systems

9. Advanced Topics

• Memory Analysis and Rootkit Detection
• Extracting Registry Values from Memory Dumps

Labs

All topics are supported by hands-on exercises specifically designed to increase knowledge retention. Classroom exercises provide the extensive hands-on experience needed to effectively identify, exploit, and secure complicated and obscure vulnerabilities.