EC Council: CHFI (Computer Hacking Forensic Investigator) v8

Logo UK Learning College

Need more information? Get more details on the site of the provider.

Starting dates and places

There are no known starting dates for this product.

UK Learning College offers their products as a default in the following regions: Aberdeen, Armagh, Bangor, Bath, Belfast, Birmingham, Bournemouth, Bradford, Brighton, Bristol, Cambridge, Canterbury, Cardiff, Carlisle, Chelmsford, Chester, Chichester, Coventry, Derby, Dundee, Durham, Edinburgh, Ely, Exeter, Gillingham, Glasgow, Gloucester, Hereford, Inverness, Ipswich, Kingston, Lancaster, Leeds, Leicester, Lichfield, Lincoln, Lisburn, Liverpool, London, Londonderry, Manchester, N/A, Newcastle, Newport, Newry, Norwich, Nottingham, Oxford, Peterborough, Plymouth, Portsmouth, Preston, Reading, Ripon, Salford, Salisbury, Sheffield, Southampton, St Albans, St Davids, Stirling, Stoke-on-Trent, Sunderland, Surrey, Sussex, Swansea, Truro, Wakefield, Wells, Westminster, Winchester, Wolverhampton, Worcester, York

Description

COURSE OVERVIEW Computer hacking forensic investigation is the process of detecting hacking attacks and properly extracting evidence to report the crime and conduct audits to prevent future attacks. Computer forensics is simply the application of computer investigation and analysis techniques in the interests of determining potential legal evidence. Evidence might be sought in a wide range of computer crime or misuse, including but not limited to theft of trade secrets, theft of or destruction of intellectual property, and fraud. CHFI investigators can draw on an array of methods for discovering data that resides in a computer system, or recovering deleted, encrypted, or damaged file informa…

Read the complete description

Frequently asked questions

There are no frequently asked questions yet. Send an Email to info@springest.co.uk

Didn't find what you were looking for? See also: Forensic Science, Computer Hardware, EC-Council, CompTIA A+ / Network+ / Security+, and IT Security.

COURSE OVERVIEW Computer hacking forensic investigation is the process of detecting hacking attacks and properly extracting evidence to report the crime and conduct audits to prevent future attacks. Computer forensics is simply the application of computer investigation and analysis techniques in the interests of determining potential legal evidence. Evidence might be sought in a wide range of computer crime or misuse, including but not limited to theft of trade secrets, theft of or destruction of intellectual property, and fraud. CHFI investigators can draw on an array of methods for discovering data that resides in a computer system, or recovering deleted, encrypted, or damaged file information. This course will prepare you to pass the EC0 312-49 exam and achieve Computer Hacking Forensics Investigator (CHFI) certification. We have invited the best security trainers in the industry to help us develop the ultimate training and certification program which includes everything you will need to fully prepare for and pass your certification exams. This officially endorsed product gives our students access to the exam by providing you with a Voucher Number. The EC-Council Voucher Number can be used at any Prometric center, this voucher number is required and mandatory for you to schedule and pay for your exam. Without this voucher number Prometric will not entertain any of your requests to schedule and take the exam. Note: The cost of the exam is not included in this package

Course Key Topics The EC Council: CHFI (Computer Hacking Forensic Investigator) v8 is divided into twenty two comprehensive modules. Module 00 - Student Introduction Module 01 - Computer Forensics in Today's World Module 02 - Computer Forensics Investigation Process Module 03 - Searching and Seizing Computers Module 04 - Digital Evidence Module 05 - First Responder Procedures Module 06 - Computer Forensics Lab Module 07 - Understanding Hard Disks and File Systems Module 08 - Windows Forensics Module 09 - Data Acquisition and Duplication Module 10 - Recovering Deleted Files and Deleted Partition Module 11 - Forensics Investigation Using AccessData FTK Module 12 - Forensics Investigation Using EnCase Module 13 - Steganography and Image File Forensics Module 14 - Application Password Crackers Module 15 - Log Capturing and Event Correlation Module 16 - Network Forensics, Investigating Logs and Investigating Network Traffic Module 17 - Investigating Wireless Attacks Module 18 - Investigating Web Attacks Module 19 - Tracking Emails and Investigating Email Crimes Module 20 - Mobile Forensics Module 21 - Investigative Reports Module 22 - Becoming an Expert Witness (see full course syllabus below for more information)

Home Study Tutor Support Our training DVDs put the control in your hands. Use when wanted or needed to answer a question, and watch again and again as often as you need. A full-featured training course DVD-ROM covering beginner to advanced concepts, and everything in between.

Course Enrolment Fees Our aim is to provide you with the best deal available, therefore the enrolment fee for the EC Council: CHFI (Computer Hacking Forensic Investigator) v8 course is £1498.75, though for a limited time we are offering you the opportunity to pay only £1199 which is a 20% discount if you enrol online and pay in full. Delivery Charges: Free Delivery for UK Mainland Students Additional £25 for students in Europe Additional £40 for Students in Rest of the world

Course Key Topics The EC Council: CHFI (Computer Hacking Forensic Investigator) v8 is divided into twenty two comprehensive modules. Course Introduction Course Introduction Module 00 - Student Introduction Student Introduction CHFIv8 Course Outline EC-Council Certification Program Computer Hacking Forensic Investigator Track CHFIv8 Exam Information What Does CHFI Teach You? CHFI Class Speed Let's Start Forensics Investigation! Module 01 - Computer Forensics in Today's World Module Flow: Computer Forensics Computer Forensics Security Incident Report Aspects of Organizational Security Evolution of Computer Forensics (Cont'd) Evolution of Computer Forensics Objective of Computer Forensics Need for Computer Forensics Module Flow: Forensics Readiness Benefits of Forensics Readiness Goals of Forensics Readiness Forensics Readiness Planning Module Flow: Cyber Crimes Cyber Crime Computer Facilitated Crimes Modes of Attacks Examples of Cyber Crime (Cont'd) Examples of Cyber Crime Types of Computer Crimes Cyber Criminals Organized Cyber Crime: Organizational Chart How Serious are Different Types of Incidents? Disruptive Incidents to the Business Cost Expenditure Responding to the Security Incident Module Flow: Cyber Crime Investigation Cyber Crime Investigation Key Steps in Forensics Investigation (Cont'd) Key Steps in Forensics Investigation Rules of Forensics Investigation Need for Forensics Investigator Role of Forensics Investigator Accessing Computer Forensics Resources Role of Digital Evidence Module Flow: Corporate Investigations Understanding Corporate Investigations Approach to Forensics Investigation: A Case Study (Cont'd) Approach to Forensics Investigation: A Case Study Instructions for the Forensic Investigator to Approach the Crime Scene Why and When Do You Use Computer Forensics? Enterprise Theory of Investigation (ETI) Legal Issues Reporting the Results Module Flow: Reporting a Cyber Crime Why you Should Report Cybercrime? Reporting Computer-Related Crimes (Cont'd) Reporting Computer-Related Crimes Person Assigned to Report the Crime When and How to Report an Incident? Who to Contact at the Law Enforcement Federal Local Agents Contact (Cont'd) Federal Local Agents Contact More Contacts CIO Cyberthreat Report Form Module 01 Review Module 02 - Computer Forensics Investigation Process Computer Forensics Investigation Process Investigating Computer Crime Before the Investigation Build a Forensics Workstation Building the Investigation Team People Involved in Computer Forensics Review Policies and Laws Forensics Laws (Cont'd) Forensics Laws Notify Decision Makers and Acquire Authorization Risk Assessment Build a Computer Investigation Toolkit Steps to Prepare for a Computer Forensics Investigation (Cont'd) Steps to Prepare for a Computer Forensics Investigation Computer Forensics Investigation Methodology: Obtain Search Warrant Obtain Search Warrant Example of Search Warrant Searches Without a Warrant Computer Forensics Investigation Methodology: Evaluate and Secure the Scene Forensics Photography Gather the Preliminary Information at the Scene First Responder Computer Forensics Investigation Methodology: Collect the Evidence Collect Physical Evidence Evidence Collection Form Collect Electronic Evidence (Cont'd) Collect Electronic Evidence Guidelines for Acquiring Evidence Computer Forensics Investigation Methodology: Secure the Evidence Secure the Evidence Evidence Management Chain of Custody Chain of Custody Form Computer Forensics Investigation Methodology: Acquire the Data Original Evidence Should NEVER Be Used for Analysis Duplicate the Data (Imaging) Verify Image Integrity Demo - HashCalc MD5 Hash Calculators: HashCalc, MD5 Calculator and HashMyFiles Recover Lost or Deleted Data Data Recovery Software Computer Forensics Investigation Methodology: Analyze the Data Data Analysis Data Analysis Tools Computer Forensics Investigation Methodology: Assess Evidence and Case Evidence Assessment Case Assessment (Cont'd) Case Assessment Processing Location Assessment Best Practices to Assess the Evidence Computer Forensics Investigation Methodology: Prepare the Final Report Documentation in Each Phase Gather and Organize Information Writing the Investigation Report (Cont'd) Writing the Investigation Report Sample Report (1 of 7) Sample Report (2 of 7) Sample Report (3 of 7) Sample Report (4 of 7) Sample Report (5 of 7) Sample Report (6 of 7) Sample Report (7 of 7) Computer Forensics Investigation Methodology: Testify as an Expert Witness Expert Witness Testifying in the Court Room Closing the Case Maintaining Professional Conduct Investigating a Company Policy Violation Computer Forensics Service Providers (Cont'd) Computer Forensics Service Providers Module 02 Review Module 03 - Searching and Seizing Computers Module Flow: Searching and Seizing Computers without a Warrant Searching and Seizing Computers without a Warrant Fourth Amendment's "Reasonable Expectation of Privacy" in Cases Involving Computers: Principles Reasonable Expectation of Privacy in Computers as Storage Devices Reasonable Expectation of Privacy and Third-Party Possession Private Searches Use of Technology to Obtain Information Exceptions to the Warrant Requirement in Cases Involving Computers Consent Scope of Consent Third-Party Consent Implied Consent Exigent Circumstances Plain View Search Incident to a Lawful Arrest Inventory Searches Border Searches International Issues Special Case: Workplace Searches Private Sector Workplace Searches Public-Sector Workplace Searches Module Flow: Searching and Seizing Computers with a Warrant Searching and Seizing Computers with a Warrant Successful Search with a Warrant Basic Strategies for Executing Computer Searches When Hardware Is Itself Contraband, Evidence, or an Instrumentality or Fruit of Crime When Hardware Is Merely a Storage Device for Evidence of Crime The Privacy Protection Act The Terms of the Privacy Protection Act Application of the PPA to Computer Searches and Seizures (Cont'd) Application of the PPA to Computer Searches and Seizures Civil Liability Under the Electronic Communications Privacy Act (ECPA) Considering the Need for Multiple Warrants in Network Searches No-Knock Warrants Sneak-and-Peek Warrants Privileged Documents Drafting the Warrant and Affidavit Accurately and Particularly Describe the Property to Be Seized in the Warrant and/or Attachments Defending Computer Search Warrants Against Challenges Based on the "Things to be Seized" Establish Probable Cause in the Affidavit Explanation of the Search Strategy and Practical & Legal Considerations Post-Seizure Issues Searching Computers Already in Law Enforcement Custody The Permissible Time Period for Examining Seized Computers Rule 41(e) Motions for Return of Property Module Flow: The Electronic Communications Privacy Act The Electronic Communications Privacy Act Providers of Electronic Communication Service vs. Remote Computing Service Classifying Types of Information Held by Service Providers Compelled Disclosure Under ECPA Voluntary Disclosure Working with Network Providers Module Flow: Electronic Surveillance in Communications Networks Electronic Surveillance in Communications Networks Content vs. Addressing Information The Pen/Trap Statute The Wiretap Statute ("Title III") Exceptions to Title III Remedies For Violations of Title III and the Pen/Trap Statute Module Flow: Evidence Evidence (Cont'd) Evidence Authentication Hearsay Other Issues Module 03 Review Module 04 - Digital Evidence Module Flow: Digital Data Definition of Digital Evidence Increasing Awareness of Digital Evidence Challenging Aspects of Digital Evidence The Role of Digital Evidence Characteristics of Digital Evidence Fragility of Digital Evidence Anti-Digital Forensics (ADF) Module Flow: Types of Digital Data Types of Digital Data (Cont'd) Types of Digital Data (Cont'd) Types of Digital Data Module Flow: Rules of Evidence Rules of Evidence Best Evidence Rule Federal Rules of Evidence (Cont'd) Federal Rules of Evidence (Cont'd) Federal Rules of Evidence (Cont'd) Federal Rules of Evidence (Cont'd) Federal Rules of Evidence (Cont'd) Federal Rules of Evidence International Organization on Computer Evidence (IOCE) IOCE International Principles for Digital Evidence Scientific Working Group on Digital Evidence (SWGDE) SWGDE Standards for the Exchange of Digital Evidence (Cont'd) SWGDE Standards for the Exchange of Digital Evidence (Cont'd) SWGDE Standards for the Exchange of Digital Evidence Module Flow: Electronic Devices: Types and Collecting Potential Evidence Electronic Devices: Types and Collecting Potential Evidence (Cont'd) Electronic Devices: Types and Collecting Potential Evidence (Cont'd) Electronic Devices: Types and Collecting Potential Evidence (Cont'd) Electronic Devices: Types and Collecting Potential Evidence (Cont'd) Electronic Devices: Types and Collecting Potential Evidence (Cont'd) Electronic Devices: Types and Collecting Potential Evidence (Cont'd) Electronic Devices: Types and Collecting Potential Evidence (Cont'd) Electronic Devices: Types and Collecting Potential Evidence (Cont'd) Electronic Devices: Types and Collecting Potential Evidence (Cont'd) Electronic Devices: Types and Collecting Potential Evidence (Cont'd) Electronic Devices: Types and Collecting Potential Evidence Module Flow: Digital Evidence Examination Process Digital Evidence Examination Process - Evidence Assessment Evidence Assessment Prepare for Evidence Acquisition Digital Evidence Examination Process - Evidence Acquisition Preparation for Searches Seizing the Evidence Imaging Demo - Disk Sterilization with DD Bit-Stream Copies Write Protection Evidence Acquisition Evidence Acquisition from Crime Location Acquiring Evidence from Storage Devices Demo - Utilizing HD PARM for HD Information Collecting Evidence (Cont'd) Collecting Evidence (Cont'd) Collecting Evidence (Cont'd) Collecting Evidence Collecting Evidence from RAM (Cont'd) Collecting Evidence from RAM Collecting Evidence from a Standalone Network Computer Chain of Custody Chain of Evidence Form Digital Evidence Examination Process - Evidence Preservation Preserving Digital Evidence: Checklist (Cont'd) Preserving Digital Evidence: Checklist (Cont'd) Preserving Digital Evidence: Checklist (Cont'd) Preserving Digital Evidence: Checklist Preserving Removable Media (Cont'd) Preserving Removable Media Handling Digital Evidence Store and Archive Digital Evidence Findings Digital Evidence Examination Process - Evidence Examination and Analysis DO NOT WORK on the Original Evidence Evidence Examination (Cont'd) Evidence Examination Physical Extraction Logical Extraction Analyze Host Data Analyze Storage Media Analyze Network Data Analysis of Extracted Data Timeframe Analysis Data Hiding Analysis Application and File Analysis Ownership and Possession Digital Evidence Examination Process - Evidence Documentation and Reporting Documenting the Evidence Evidence Examiner Report Final Report of Findings Computer Evidence Worksheet (Cont'd) Computer Evidence Worksheet Hard Drive Evidence Worksheet (Cont'd) Hard Drive Evidence Worksheet Removable Media Worksheet Module Flow: Electronic Crime and Digital Evidence Consideration by Crime Category Electronic Crime and Digital Evidence Consideration by Crime Category (Cont'd) Electronic Crime and Digital Evidence Consideration by Crime Category (Cont'd) Electronic Crime and Digital Evidence Consideration by Crime Category (Cont'd) Electronic Crime and Digital Evidence Consideration by Crime Category (Cont'd) Electronic Crime and Digital Evidence Consideration by Crime Category (Cont'd) Electronic Crime and Digital Evidence Consideration by Crime Category Module 04 Review Module 05 - First Responder Procedures Module Flow: First Responder Electronic Evidence First Responder Roles of First Responder Electronic Devices: Types and Collecting Potential Evidence (Cont' d) Electronic Devices: Types and Collecting Potential Evidence Module Flow: First Responder Toolkit First Responder Toolkit Creating a First Responder Toolkit Evidence Collecting Tools and Equipment (Cont'd) Evidence Collecting Tools and Equipment (Cont'd) Evidence Collecting Tools and Equipment Module Flow: First Response Basics First Response Rule Incident Response: Different Situations First Response for System Administrators First Response by Non-Laboratory Staff First Response by Laboratory Forensics Staff (Cont'd) First Response by Laboratory Forensics Staff Module Flow: Securing and Evaluating Electronic Crime Scene Securing and Evaluating Electronic Crime Scene: A Checklist (Cont'd) Securing and Evaluating Electronic Crime Scene: A Checklist Securing the Crime Scene Warrant for Search and Seizure Planning the Search and Seizure (Cont'd) Planning the Search and Seizure Initial Search of the Scene eNotes eNotes Health and Safety Issues Module Flow: Conducting Preliminary Interviews Questions to Ask When Client Calls the Forensic Investigator Consent Sample of Consent Search Form Witness Signatures Conducting Preliminary Interviews Conducting Initial Interviews Witness Statement Checklist Module Flow: Documenting Electronic Crime Scene Documenting Electronic Crime Scene Photographing the Scene Sketching the Scene Video Shooting the Crime Scene Module Flow: Collecting and Preserving Electronic Evidence Collecting and Preserving Electronic Evidence (Cont'd) Collecting and Preserving Electronic Evidence Order of Volatility Dealing with Powered On Computers (Cont'd) Demo - Imaging RAM Demo - Parsing RAM Dealing with Powered On Computers Dealing with Powered Off Computers Dealing with Networked Computer Dealing with Open Files and Startup Files Operating System Shutdown Procedure (Cont'd) Operating System Shutdown Procedure Example Computers and Servers eNotes Preserving Electronic Evidence Seizing Portable Computers Switched On Portables Collecting and Preserving Electronic Evidence Wrap-up Module Flow: Packaging and Transporting Electronic Evidence Evidence Bag Contents List Packaging Electronic Evidence Exhibit Numbering Transporting Electronic Evidence Handling and Transportation to the Forensics Laboratory Storing Electronic Evidence Chain of Custody Simple Format of the Chain of Custody Document Chain of Custody Forms (Cont'd) Chain of Custody Forms (Cont'd) Chain of Custody Forms Chain of Custody on Property Evidence Envelope/Bag and Sign-out Sheet Demo - Hardware Inventories Module Flow: Reporting the Crime Scene Reporting the Crime Scene Note Taking Checklist (Cont'd) Note Taking Checklist First Responder Common Mistakes Module 05 Review Module 06 - Computer Forensics Lab Module Flow: Setting a Computer Forensics Lab Computer Forensics Lab Planning for a Forensics Lab Budget Allocation for a Forensics Lab Physical Location Needs of a Forensics Lab Structural Design Considerations Environmental Conditions Electrical Needs Communication Needs Work Area of a Computer Forensics Lab Ambience of a Forensics Lab Ambience of a Forensics Lab: Ergonomics Physical Security Recommendations Fire-Suppression Systems Evidence Locker Recommendations Computer Forensic Investigator Law Enforcement Officer Lab Director Forensics Lab Licensing Requisite Features of the Laboratory Imaging System Technical Specifications of the Laboratory Based Imaging System Forensics Lab (1 of 3) Forensics Lab (2 of 3) Forensics Lab (3 of 3) Auditing a Computer Forensics Lab (Cont'd) Auditing a Computer Forensics Lab Recommendations to Avoid Eyestrain Module Flow: Investigative Services in Forensics Computer Forensics Investigative Services Computer Forensic Investigative Service Sample Computer Forensics Services: PenrodEllis Forensic Data Discovery Data Destruction Industry Standards Computer Forensics Services (Cont'd) Computer Forensics Services Module Flow: Computer Forensics Hardware Equipment Required in a Forensics Lab Forensic Workstations Basic Workstation Requirements in a Forensics Lab Stocking the Hardware Peripherals Paraben Forensics Hardware: Handheld First Responder Kit Paraben Forensics Hardware: Wireless StrongHold Bag Paraben Forensics Hardware: Wireless StrongHold Box Paraben Forensics Hardware: Passport StrongHold Bag Paraben Forensics Hardware: Device Seizure Toolbox Paraben Forensics Hardware: Project-a-Phone Paraben Forensics Hardware: Lockdown Paraben Forensics Hardware: iRecovery Stick Paraben Forensics Hardware: Data Recovery Stick Paraben Forensics Hardware: Chat Stick Paraben Forensics Hardware: USB Serial DB9 Adapter Paraben Forensics Hardware: Mobile Field Kit Portable Forensic Systems and Towers: Forensic Air-Lite VI MK III Laptop Portable Forensic Systems and Towers: Original Forensic Tower II and Forensic Solid Steel Tower Portable Forensic Workhorse V: Tableau 335 Forensic Drive Bay Controller Portable Forensic Systems and Towers: Forensic Air-Lite IV MK II Portable Forensic Systems and Towers: Forensic Air-Lite V MK III Portable Forensic Systems and Towers: Forensic Tower IV Duel Xeon Portable Forensic Systems and Towers: Ultimate Forensic Machine Forensic Write Protection Devices and Kits: Ultimate Forensic Write Protection Kit II-ES Tableau T3u Forensic SATA Bridge Write Protection Kit Tableau T8 Forensic USB Bridge Kit/Addonics Mini DigiDrive READ ONLY 12-in-1 Flash Reader Tableau TACC 1441 Hardware Accelerator Multiple TACC1441 Units Tableau TD1 Forensic Duplicator Power Supplies and Switches Digital Intelligence Forensic Hardware: FRED SR (Duel Xeon) Digital Intelligence Forensic Hardware: FRED-L Digital Intelligence Forensic Hardware: FRED SC Digital Intelligence Forensic Hardware: Forensic Recovery of Evidence Data Center (FREDC) Digital Intelligence Forensic Hardware: Rack-A-TACC Digital Intelligence Forensic Hardware: FREDDIE Digital Intelligence Forensic Hardware: UltraKit Digital Intelligence Forensic Hardware: UltraBay II Digital Intelligence Forensic Hardware: UltraBlock SCSI Digital Intelligence Forensic Hardware: Micro Forensic Recovery of Evidence Device Digital Intelligence Forensic Hardware: HardCopy 3P Wiebetech: Forensics DriveDock v4 Wiebetech: Forensic UltraDock v4 Wiebetech: Drive eRazer Wiebetech: v4 Combo Adapters Wiebetech: ProSATA SS8 Wiebetech: HotPlug CelleBrite: UFED System CelleBrite: UFED Physical Pro CelleBrite: UFED Ruggedized DeepSpar: Disk Imager Forensic Edition DeepSpar: 3D Data Recovery Phase 1 Tool: PC-3000 Drive Restoration System Phase 2 Tool: DeepSpar Disk Imager Phase 3 Tool: PC-3000 Data Extractor InfinaDyne Forensic Products: Robotic Loader Extension for CD/DVD Inspector InfinaDyne Forensic Products: Robotic System Status Light Image MASSter: Solo-4 (Super Kit) Image MASSter: RoadMASSter- 3 Image MASSter: WipeMASSter Image MASSter: WipePRO Image MASSter: Rapid Image 7020CS IT Logicube: Forensic MD5 Logicube: Forensic Talon Logicube: Portable Forensic Lab Logicube: CellDEK Logicube: Forensic Quest-2 Logicube: NETConnect Logicube: RAID I/O Adapter Logicube: GPStamp Logicube: OmniPort Logicube: Desktop WritePROtects Logicube: USB Adapter Logicube: CloneCard Pro Logicube: EchoPlus OmniClone IDE Laptop Adapters Logicube: Cables VoomTech: HardCopy 3P VoomTech: SHADOW 2 Module Flow: Computer Forensics Software Basic Software Requirements in a Forensics Lab Main Operating System and Application Inventories Imaging Software: R-drive Image Demo - R-Drive Image Imaging Software: P2 eXplorer Pro Imaging Software: AccuBurn-R for CD/DVD Inspector Imaging Software: Flash Retriever Forensic Edition File Conversion Software: FileMerlin File Conversion Software: SnowBatch File Conversion Software: Zamzar File Viewer Software: File Viewer File Viewer Software: Quick View Plus 11 Standard Edition Demo - File Viewers Analysis Software: P2 Commander P2 Commander Screenshot Analysis Software: DriveSpy Analysis Software: SIM Card Seizure Analysis Software: CD/DVD Inspector Analysis Software: Video Indexer (Vindex) Monitoring Software: Device Seizure Device Seizure Screenshots Monitoring Software: Deployable P2 Commander (DP2C) Monitoring Software: ThumbsDisplay ThumbsDisplay Screenshot Monitoring Software: Email Detective Computer Forensics Software: DataLifter Computer Forensics Software: X-Ways Forensics Demo - X-Ways Forensics Computer Forensics Software: LiveWire Investigator Module 06 Review Module 07 - Understanding Hard Disks and File Systems Module Flow: Hard Disk Drive Overview Disk Drive Overview (Cont'd) Disk Drive Overview Hard Disk Drive Solid-State Drive (SSD) Physical Structure of a Hard Disk (Cont'd) Physical Structure of a Hard Disk (Cont'd) Physical Structure of a Hard Disk (Cont'd) Physical Structure of a Hard Disk Logical Structure of Hard Disk Types of Hard Disk Interfaces Hard Disk Interfaces: ATA Hard Disk Interfaces: SCSI (Cont'd) Hard Disk Interfaces: SCSI Hard Disk Interfaces: IDE/EIDE Hard Disk Interfaces: USB Hard Disk Interfaces: Fibre Channel Disk Platter Tracks Track Numbering Sector Advanced Format: Sectors Sector Addressing Cluster Cluster Size Changing the Cluster Size Demo - Cluster Size Slack Space ( Cont'd) Slack Space Demo - Slack Space Lost Clusters Bad Sector Hard Disk Data Addressing Disk Capacity Calculation Demo - Calculating Disk Capacity Measuring the Performance of the Hard Disk Module Flow: Disk Partitions and Boot Process Disk Partitions Demo - Partitioning Linux Master Boot Record Structure of a Master Boot Record (Cont'd) Demo - Backing Up the MBR Structure of a Master Boot Record What is the Booting Process? Essential Windows System Files Windows 7 Boot Process (Cont'd) Windows 7 Boot Process (Cont'd) Windows 7 Boot Process Macintosh Boot Process (Cont'd) Macintosh Boot Process (Cont'd) Macintosh Boot Process (Cont'd) Macintosh Boot Process. Module Flow: Understanding File Systems Understanding File Systems Types of File Systems List of Disk File Systems (Cont'd) List of Disk File Systems (Cont'd) List of Disk File Systems List of Network File Systems List of Special Purpose File Systems List of Shared Disk File Systems Windows File Systems Popular Windows File Systems File Allocation Table (FAT) FAT File System Layout FAT Partition Boot Sector FAT Structure FAT Folder Structure Directory Entries and Cluster Chains Filenames on FAT Volumes Examining FAT FAT32 New Technology File System (NTFS) (Cont'd) NTFS (Cont'd) NTFS NTFS Architecture NTFS System Files NTFS Partition Boot Sector Cluster Sizes of NTFS Volume NTFS Master File Table (MFT) (Cont'd) NTFS Master File Table (MFT) (Cont'd) NTFS Master File Table (MFT) Metadata Files Stored in the MFT NTFS Files and Data Storage NTFS Attributes NTFS Data Stream (Cont'd) NTFS Data Stream NTFS Compressed Files Setting the Compression State of a Volume Encrypting File Systems (EFS) Components of EFS Operation of Encrypting File System EFS Attribute Encrypting a File EFS Recovery Key Agent (Cont'd) EFS Recovery Key Agent Tool: Advanced EFS Data Recovery Tool: EFS Key Sparse Files Deleting NTFS Files Registry Data (Cont'd) Registry Data Examining Registry Data FAT vs. NTFS Linux File Systems Popular Linux File Systems Linux File System Architecture Ext2 (Cont'd) Ext2 (Cont'd) Ext2 Ext3 (Cont'd) Ext3 Mac OS X File Systems Mac OS X File Systems HFS vs. HFS Plus HFS HFS Plus HFS Plus Volumes HFS Plus Journal Sun Solaris 10 File System: ZFS CD-ROM / DVD File System CDFS Demo - Multi-sessions Discs Module Flow: RAID Storage System RAID Storage System RAID Level 0: Disk Striping RAID Level 1: Disk Mirroring RAID Level 3: Disk Striping with Parity RAID Level 5: Block Interleaved Distributed Parity RAID Level 10: Blocks Striped and Mirrored RAID Level 50: Mirroring and Striping across Multiple RAID Levels Different RAID Levels Comparing RAID Levels Recover Data from Unallocated Space Using File Carving Process Module Flow: File System Analysis Using the Sleuth Kit (TSK) Tool: The Sleuth Kit (TSK) The Sleuth Kit (TSK): fsstat The Sleuth Kit (TSK): istat (1 of 4) The Sleuth Kit (TSK): istat (2 of 4) The Sleuth Kit (TSK): istat (3 of 4) The Sleuth Kit (TSK): istat (4 of 4) The Sleuth Kit (TSK): fls and img_stat Demo - TSK and Autopsy Module 07 Review Module 08 - Windows Forensics Module Flow: Collecting Volatile Information Volatile Information System Time Logged-On Users Logged-On Users: PsLoggedOn Tool Logged-On Users: net sessions Command Logged-On Users: LogonSessions Tool Open Files Open Files: net file Command Open Files: PsFile Utility Open Files: Openfiles Command Network Information (Cont'd) Network Information Network Connections (Cont'd) Demo - Netstat Command Network Connections Process Information (Cont'd) Process Information (Cont'd) Process Information (Cont'd) Process Information (Cont'd) Process Information (Cont'd) Process Information Process-to-Port Mapping (Cont'd) Process-to-Port Mapping Process Memory Network Status (Cont'd) Demo - ipconfig Network Status Other Important Information (Cont'd) Demo - Clipboard Viewer Other Important Information Module Flow: Collecting Non-Volatile Information Non-Volatile Information Examine File Systems Registry Settings Microsoft Security ID Event Logs Index.dat File (Cont'd) Index.dat File Demo - Grabbing Registry Files Devices and Other Information Slack Space Virtual Memory Swap File Windows Search Index Collecting Hidden Partition Information Demo - Gparted Hidden ADS Streams Investigating ADS Streams: StreamArmor Other Non-Volatile Information Module Flow: Windows Memory Analysis Memory Dump (Cont'd) Memory Dump EProcess Structure Process Creation Mechanism Parsing Memory Contents Parsing Process Memory Extracting the Process Image (Cont'd) Extracting the Process Image Collecting Process Memory Module Flow: Windows Registry Analysis Inside the Registry (Cont'd) Inside the Registry (Cont'd) Inside the Registry Registry Structure within a Hive File The Registry as a Log File Registry Analysis System Information (Cont'd) System Information TimeZone Information Shares Audit Policy Wireless SSIDs Autostart Locations System Boot User Login User Activity Enumerating Autostart Registry Locations USB Removable Storage Devices (Cont'd) USB Removable Storage Devices (Cont'd) USB Removable Storage Devices (Cont'd) USB Removable Storage Devices Mounted Devices (Cont'd) Mounted Devices Finding Users (Cont'd) Finding Users (Cont'd) Finding Users: Screenshots Tracking User Activity The UserAssist Keys MRU Lists (Cont'd) MRU Lists (Cont'd) MRU Lists Search Assistant Connecting to Other Systems Analyzing Restore Point Registry Settings (Cont'd) Analyzing Restore Point Registry Settings Determining the Startup Locations (Cont'd) Determining the Startup Locations (Cont'd) Determining the Startup Locations (Cont'd) Determining the Startup Locations (Cont'd) Determining the Startup Locations (Cont'd) Determining the Startup Locations Demo - Reg Ripper Module Flow: Cache, Cookie, and History Analysis Cache, Cookie, and History Analysis in IE Cache, Cookie, and History Analysis in Firefox Cache, Cookie, and History Analysis in Chrome Analysis Tool: IECookiesView Analysis Tool: IECacheView Analysis Tool: IEHistoryView Analysis Tool: MozillaCookiesView Analysis Tool: MozillaCacheView Analysis Tool: MozillaHistoryView Analysis Tool: ChromeCookiesView Analysis Tool: ChromeCacheView Analysis Tool: ChromeHistoryView Module Flow: MD5 Calculation Message Digest Function: MD5 Why MD5 Calculation? MD5 Hash Calculators: HashCalc, MD5 Calculator and HashMyFiles MD5 Checksum Verifier ChaosMD5 Module Flow: Windows File Analysis Recycle Bin (Cont'd) Recycle Bin System Restore Points (Rp.log Files) System Restore Points (Change.log.x Files) Prefetch Files (Cont'd) Prefetch Files Shortcut Files Word Documents PDF Documents Image Files File Signature Analysis NTFS Alternate Data Streams Executable File Analysis Documentation Before Analysis Static Analysis Process Search Strings PE Header Analysis Import Table Analysis Export Table Analysis Dynamic Analysis Process Creating Test Environment Collecting Information Using Tools Process of Testing the Malware Module Flow: Metadata Investigation Metadata Types of Metadata (Cont'd) Types of Metadata Metadata in Different File Systems (Cont'd) Metadata in Different File Systems Metadata in PDF Files Metadata in Word Documents Tool: Metadata Analyzer Module Flow: Text Based Logs Understanding Events Event Logon Types (Cont'd) Event Logon Types (Cont'd) Event Logon Types Event Record Structure (Cont'd) Event Record Structure (Cont'd) Event Record Structure (Cont'd) Event Record Structure Vista Event Logs (Cont'd) Vista Event Logs: Screenshots IIS Logs Parsing IIS Logs (Cont'd) Parsing IIS Logs (Cont'd) Parsing IIS Logs (Cont'd) Parsing IIS Logs (Cont'd) Parsing IIS Logs Parsing FTP Logs FTP sc-status Codes (Cont'd) FTP sc-status Codes (Cont'd) FTP sc-status Codes Parsing DHCP Server Logs (Cont'd) Parsing DHCP Server Logs Parsing Windows Firewall Logs Using the Microsoft Log Parser Module Flow: Other Audit Events Evaluating Account Management Events (Cont'd) Evaluating Account Management Events Examining Audit Policy Change Events Examining System Log Entries Examining Application Log Entries Examining Application Log Entries (Screenshot) Module Flow: Forensic Analysis of Event Logs Searching with Event Viewer Using EnCase to Examine Windows Event Log Files Windows Event Log Files Internals Module Flow: Windows Password Issues Understanding Windows Password Storage (Cont'd) Understanding Windows Password Storage Cracking Windows Passwords Stored on Running Systems (Cont'd) Cracking Windows Passwords Stored on Running Systems Exploring Windows Authentication Mechanisms LanMan Authentication Process NTLM Authentication Process Kerberos Authentication Process Sniffing and Cracking Windows Authentication Exchanges Cracking Offline Passwords Module Flow: Forensics Tools Windows Forensics Tool: OS Forensics Windows Forensics Tool: Helix3 Pro Helix3 Pro Screenshot Helix3 Pro Screenshot Integrated Windows Forensics Software: X-Ways Forensics X-Ways Forensics Screenshot X-Ways Trace Windows Forensic Toolchest (WFT) Built-in Tool: Sigverif Computer Online Forensic Evidence Extractor (COFEE) System Explorer Tool: System Scanner SecretExplorer Registry Viewer Tool: Registry Viewer Registry Viewer Tool: RegScanner Registry Viewer Tool: Alien Registry Viewer MultiMon CurrProcess Process Explorer Security Task Manager PrcView ProcHeapViewer Memory Viewer Tool: PMDump Word Extractor Belkasoft Evidence Center Belkasoft Browser Analyzer Metadata Assistant HstEx XpoLog Center Suite XpoLog Center Suite Screenshot LogViewer Pro Event Log Explorer LogMeister ProDiscover Forensics PyFlag LiveWire Investigator ThumbsDisplay ThumbsDisplay Screenshot DriveLook Module 08 Review Module 09 - Data Acquisition and Duplication Module Flow: Data Acquisition and Duplication Concepts Data Acquisition Forensic and Procedural Principles Types of Data Acquisition Systems Data Acquisition Formats (Cont'd) Data Acquisition Formats (Cont'd) Data Acquisition Formats Bit Stream vs. Backups Why to Create a Duplicate Image? Issues with Data Duplication Data Acquisition Methods (Cont'd) Data Acquisition Methods Determining the Best Acquisition Method (Cont'd) Determining the Best Acquisition Method Contingency Planning for Image Acquisitions (Cont'd) Contingency Planning for Image Acquisitions Data Acquisitions Mistakes Module Flow: Data Acquisition Types Rules of Thumb Static Data Acquisition Collecting Static Data Demo - Forensic Imaging Using Linux Demo - Forensic Imaging Using Windows Static Data Collection Process Live Data Acquisition Why Volatile Data is Important? Volatile Data (Cont'd) Volatile Data Order of Volatility Common Mistakes in Volatile Data Collection Volatile Data Collection Methodology (Cont'd) Volatile Data Collection Methodology (Cont'd) Volatile Data Collection Methodology Basic Steps in Collecting Volatile Data Types of Volatile Information (Cont'd) Types of Volatile Information (Cont'd) Types of Volatile Information (Cont'd) Types of Volatile Information (Cont'd) Types of Volatile Information (Cont'd) Types of Volatile Information (Cont'd) Types of Volatile Information (Cont'd) Types of Volatile Information (Cont'd) Types of Volatile Information (Cont'd) Types of Volatile Information (Cont'd) Types of Volatile Information Demo - WinTaylors Module Flow: Disk Acquisition Tool Requirements Disk Imaging Tool Requirements Disk Imaging Tool Requirements: Mandatory (Cont'd) Disk Imaging Tool Requirements: Mandatory Disk Imaging Tool Requirements: Optional (Cont'd) Disk Imaging Tool Requirements: Optional Module Flow: Validation Methods Validating Data Acquisitions Linux Validation Methods (Cont'd) Linux Validation Methods (Cont'd) Linux Validation Methods (Cont'd) Linux Validation Methods Windows Validation Methods Module Flow: Raid Data Acquisition Understanding RAID Disks (Cont'd) Understanding RAID Disks (Cont'd) Understanding RAID Disks Acquiring RAID Disks (Cont'd) Acquiring RAID Disks Remote Data Acquisition Module Flow: Acquisition Best Practices Acquisition Best Practices (Cont'd) Acquisition Best Practices (Cont'd) Acquisition Best Practices (Cont'd) Acquisition Best Practices Module Flow: Data Acquisition Software Tools Acquiring Data on Windows Acquiring Data on Linux dd Command dcfldd Command Extracting the MBR Netcat Command EnCase Forensic EnCase Forensic Screenshot Analysis Software: DriveSpy ProDiscover Forensics AccessData FTK Imager Mount Image Pro Data Acquisition Toolbox SafeBack ILookPI ILookPI Screenshot RAID Recovery for Windows R-Tools R-Studio F-Response PyFlag LiveWire Investigator ThumbsDisplay ThumbsDisplay Screenshot DataLifter X-Ways Forensics R-drive Image Demo - Forensic Imaging DriveLook DiskExplorer P2 eXplorer Pro Flash Retriever Forensic Edition Module Flow: Data Acquisition Hardware Tools US-LATT Image MASSter: Solo-4 (Super Kit) Image MASSter: RoadMASSter- 3 Tableau TD1 Forensic Duplicator Logicube: Forensic MD5 Logicube: Portable Forensic Lab Logicube: Forensic Talon Logicube: RAID I/O Adapter DeepSpar: Disk Imager Forensic Edition Logicube: USB Adapter Disk Jockey PRO Logicube: Forensic Quest-2 Logicube: CloneCard Pro Logicube: EchoPlus Paraben Forensics Hardware: Chat Stick Image MASSter: Rapid Image 7020CS IT Digital Intelligence Forensic Hardware: UltraKit Digital Intelligence Forensic Hardware: UltraBay II Digital Intelligence Forensic Hardware: UltraBlock SCSI Digital Intelligence Forensic Hardware: HardCopy 3P Wiebetech: Forensics DriveDock v4 Wiebetech: Forensics UltraDock v4 Image MASSter: WipeMASSter Image MASSter: WipePRO Portable Forensic Systems and Towers: Forensic Air-Lite V MK III Forensic Tower IV Dual Xeon Digital Intelligence Forensic Hardware: FREDDIE DeepSpar: 3D Data Recovery Phase 1 Tool: PC-3000 Drive Restoration System Phase 2 Tool: DeepSpar Disk Imager Phase 3 Tool: PC-3000 Data Extractor Logicube: Cables Logicube: Adapters Logicube: GPStamp Logicube: OmniPort Logicube: CellDEK Paraben Forensics Hardware: Project-a-Phone Paraben Forensics Hardware: Mobile Field Kit Paraben Forensics Hardware: iRecovery Stick CelleBrite: UFED System CelleBrite: UFED Physical Pro Module 09 Review Module 10 - Recovering Deleted Files and Deleted Partition Module Flow: Recovering the Deleted Files Deleting Files What Happens When a File is Deleted in Windows? Recycle Bin in Windows (Cont'd) Recycle Bin in Windows Storage Locations of Recycle Bin in FAT and NTFS Systems How the Recycle Bin Works (Cont'd) How the Recycle Bin Works Demo - Recycle Bins Damaged or Deleted INFO File Damaged Files in Recycle Bin Folder Damaged Recycle Folder File Recovery in Mac OS X (Cont'd) File Recovery in Mac OS X File Recovery in Linux Module Flow: File Recovery Tools for Windows Recover My Files EASEUS Data Recovery Wizard PC INSPECTOR File Recovery Demo - PC INSPECTOR File Recovery Recuva DiskDigger Handy Recovery Quick Recovery Stellar Phoenix Windows Data Recovery Tools to Recover Deleted Files Tools to Recover Deleted Files Tools to Recover Deleted Files Module Flow: File Recovery Tools for Mac Mac File Recovery Mac Data Recovery Boomerang Data Recovery Software VirtualLab File Recovery Tools for Mac OS X Module Flow: File Recovery Tools for Linux R-Studio for Linux Quick Recovery for Linux Kernal for Linux Data Recovery TestDisk for Linux Demo - File Carving Module Flow: Recovering the Deleted Partitions Disk Partition Deletion of Partition Recovery of the Deleted Partition (Cont'd) Recovery of the Deleted Partition (Cont'd) Recovery of the Deleted Partition (Cont'd) Recovery of the Deleted Partition Module Flow: Partition Recovery Tools Active@ Partition Recovery for Windows Acronis Recovery Expert DiskInternals Partition Recovery NTFS Partition Data Recovery GetDataBack EASEUS Partition Recovery Advanced Disk Recovery Power Data Recovery Remo Recover (Mac) - Pro Mac Data Recovery Software Quick Recovery for Linux Stellar Phoenix Linux Data Recovery Software Tools to Recover Deleted Partitions Tools to Recover Deleted Partitions Demo - Partition Recovery Module 10 Review Module 11 - Forensics Investigation Using AccessData FTK Module Flow: Overview and Installation of FTK Overview of Forensic Toolkit (FTK) Features of FTK Software Requirement Configuration Option Database Installation (Cont'd) Database Installation FTK Application Installation (1 of 6) FTK Application Installation (2 of 6) FTK Application Installation (3 of 6) FTK Application Installation (4 of 6) FTK Application Installation (5 of 6) FTK Application Installation (6 of 6) Module Flow: FTK Case Manager User Interface Case Manager Window Case Manager Database Menu Setting Up Additional Users and Assigning Roles Case Manager Case Menu Assigning Users Shared Label Visibility Case Manager Tools Menu Recovering Processing Jobs Restoring an Image to a Disk Case Manager Manage Menu Managing Carvers Managing Custom Identifiers Module Flow: FTK Examiner User Interface FTK Examiner User Interface Menu Bar: File Menu Exporting Files Exporting Case Data to a Custom Content Image Exporting the Word List Menu Bar: Edit Menu Menu Bar: View Menu Menu Bar: Evidence Menu Menu Bar: Tools Menu Verifying Drive Image Integrity Demo - Verifying Image Integrity Mounting an Image to a Drive File List View Using Labels Creating and Applying a Label Module Flow: Starting with FTK Creating a case Selecting Detailed Options: Evidence Processing (Cont'd) Selecting Detailed Options: Evidence Processing Selecting Detailed Options: Fuzzy Hashing (Cont'd) Selecting Detailed Options: Fuzzy Hashing Selecting Detailed Options: Data Carving Selecting Detailed Options: Custom File Identification (Cont'd) Selecting Detailed Options: Custom File Identification Selecting Detailed Options: Evidence Refinement (Advanced) (Cont'd) Selecting Detailed Options: Evidence Refinement (Advanced) Selecting Detailed Options: Index Refinement (Advanced) (Cont'd) Selecting Detailed Options: Index Refinement (Advanced) Module Flow: FTK Interface Tabs Demo - FTK Imaging and Adding FTK Interface Tabs Explore Tab Overview Tab Email Tab Graphics Tab Bookmarks Tab Live Search Tabs Volatile Tab Demo - File Overview Tab Module Flow: Adding and Processing Static, Live, and Remote Evidence Adding Evidence to a Case Evidence Groups Acquiring Local Live Evidence FTK Role Requirements For Remote Acquisition Types of Remote Information Acquiring Data Remotely Using Remote Device Management System (RDMS) (Cont'd) Acquiring Data Remotely Using Remote Device Management System (RDMS) Imaging Drives Mounting and Unmounting a Device Module Flow: Using and Managing Filters Accessing Filter Tools Using Filters Customizing Filters Using Predefined Filters Demo - Filtering Module Flow: Using Index Search and Live Search Conducting an Index Search Selecting Index Search Options Viewing Index Search Results Documenting Search Results Conducting a Live Search: Live Text Search Conducting a Live Search: Live Hex Search Conducting a Live Search: Live Pattern Search Demo - Indexed and Live Searches Demo - FTK File Carving Module Flow: Decrypting EFS and other Encrypted Files Decrypting EFS Files and Folders Decrypting MS Office Files Viewing Decrypted Files Decrypting Domain Account EFS Files from Live Evidence (Cont'd) Decrypting Domain Account EFS Files from Live Evidence Decrypting Credant Files Decrypting Safeboot Files Demo - FTK File Encryption Module Flow: Working with Reports Creating a Report Entering Case Information Managing Bookmarks in a Report Managing Graphics in a Report Selecting a File Path List Adding a File Properties List Making Registry Selections Selecting the Report Output Options Customizing the Formatting of Reports Viewing and Distributing a Report Demo - Reporting Module 11 Review Module 12 - Forensics Investigation Using EnCase Module Flow: Overview of EnCase Forensic Official Licensed Content Provided by EnCase to EC-Council Overview of EnCase Forensic EnCase Forensic Features (Cont'd) EnCase Forensic Features EnCase Forensic Platform EnCase Forensic Modules (Cont'd) EnCase Forensic Modules Module Flow: Installing EnCase Forensic Minimum Requirements Installing the Examiner Installed Files Installing the EnCase Modules Configuring EnCase Configuring EnCase: Case Options Tab Configuring EnCase: Global Tab Configuring EnCase: Debug Tab Configuring EnCase: Colors Tab and Fonts Tab Configuring EnCase: EnScript Tab and Storage Paths Tab Sharing Configuration (INI) Files Module Flow: EnCase Interface Demo - EnCase Options Main EnCase Window System Menu Bar Toolbar Panes Overview (Cont'd) Panes Overview Tree Pane Table Pane Table Pane: Table Tab Table Pane: Report Tab Table Pane: Gallery Tab Table Pane: Timeline Tab Table Pane: Disk Tab and Code Tab View Pane (Cont'd) View Pane Filter Pane Filter Pane Tabs Creating a Filter Creating Conditions Status Bar Demo - EnCase Tabs and Views Module Flow: Case Management Overview of Case Structure Case Management Indexing a Case (Cont'd) Indexing a Case Case Backup Options Dialog Box Logon Wizard New Case Wizard Setting Time Zones for Case Files Setting Time Zone Options for Evidence Files Module Flow: Working with Evidence Types of Entries Adding a Device (Cont'd) Adding a Device Adding a Device using Tableau Write Blocker (Cont'd) Adding a Device using Tableau Write Blocker Performing a Typical Acquisition Acquiring a Device (Cont'd) Acquiring a Device Canceling an Acquisition Verifying Evidence Files Demo - Imaging with EnCase Delayed Loading of Internet Artifacts Hashing the Subject Drive Logical Evidence File (LEF) Creating a Logical Evidence File (Cont'd) Creating a Logical Evidence File Recovering Folders on FAT Volumes Restoring a Physical Drive Demo - Restoring a Drive from an Image Module Flow: Source Processor Source Processor Starting to Work with Source Processor Setting Case Options Collection Jobs Creating a Collection Job (Cont'd) Creating a Collection Job Copying a Collection Job Running a Collection Job (Cont'd) Running a Collection Job Analysis Jobs Creating an Analysis Job Running an Analysis Job (Cont'd) Running an Analysis Job Creating a Report (Cont'd) Creating a Report Demo - Enscripts Module Flow: Analyzing and Searching Files Viewing the File Signature Directory Performing a Signature Analysis Hash Analysis Hashing a New Case Demo - Signature Analysis and Hashing Creating a Hash Set Keyword Searches Creating Global Keywords Adding Keywords Importing and Exporting Keywords Searching Entries for Email and Internet Artifacts Viewing Search Hits Generating an Index Tag Records Demo - Keyword Searcher Module Flow: Viewing File Content Viewing Files Copying and Unerasing Files (Cont'd) Copying and Unerasing Files Adding a File Viewer Demo - Adding a File Viewer Viewing File Content Using View Pane Viewing Compound Files Viewing Base64 and UUE Encoded Files Demo - Compound Files Module Flow: Bookmarking Items Bookmarks Overview Creating a Highlighted Data Bookmark Creating a Note Bookmark Creating a Folder Information/Structure Bookmark Creating a Notable File Bookmark Creating a File Group Bookmark Creating a Log Record Bookmark Creating a Snapshot Bookmark Organizing Bookmarks Copying/Moving a Table Entry into a Folder Viewing a Bookmark on the Table Report Tab Excluding Bookmarks (Cont'd) Excluding Bookmarks Copying Selected Items from One Folder to Another Demo - Bookmarks Module Flow: Reporting Reporting Report User Interface Creating a Report Using the Report Tab Report Single/Multiple Files Viewing a Bookmark Report Viewing an Email Report Viewing a Webmail Report Viewing a Search Hits Report Creating a Quick Entry Report Creating an Additional Fields Report E What's IncludedWhat do I get when I enrol? Your course fee covers everything you will need to successfully complete the EC Council: CHFI (Computer Hacking Forensic Investigator) v8 home study course 6 DVDs featuring live instructor-led classroom sessions with full audio, video & demonstration components Official EC-Council CHFI Courseware Kit * CHFI v8 printed textbook Volume 1 * CHFI v8 printed textbook Volume 2 * EC-Council Computer Hacking Forensics Investigator v8.0 Lab Manual * CHFI v8 DVD pack * EC-Council Computer Hacking Forensic Investigator T-Shirt * EC-Council Logo Backpack Exclusive LearningZone Live Mentor Tutor Support Help whenever you need it! - Why wait for email support? Chat Live with our Certified Instructors anytime around the clock (24x7) Proven technique - Actual Exam Secrets Review Free 1 Year Upgrade Policy Certificate of Completion Home Study ExplainedHow does home study work and is it right for me? Distance Learning Explained Distance Learning is a term used to describe a method of learning where you; the learner, are not physically required to be ‘onsite’ to be guided through learning materials. Learners and tutors will use methods such as email and telephone to communicate, with you deciding how, when and where you learn. UK Learning College gives you the flexibility to complete our programmes as quickly or as slowly as is convenient for you. To make this possible, our learning programmes have been written and prepared in such a way that it enables you to take control over these decisions. We also have a varied range of e-learning courses available to complement our full portfolio of distance learning courses. Distance Learning allows you to develop the personal confidence and independence needed for success. Once you have become familiar with your distance learning course materials and you feel you know your way around the programme, then it is time to put together your own personal study plan to help you decide how best to study. We would advise that you write down your plan to assist you in following your timetable. Although our distance learning course guides are primarily aimed at the first time user, you may already have some experience of distance learning. Whatever your experience, it is important to understand that to be a successful distance learner you need to become familiar and comfortable with the learning materials. Online Learning Explained Online learning descends from computer-based training, interactive multimedia and integrated learning centers and is the delivery of a learning, training or education program by electronic means. With the internet boom in the mid '90s, the concept of online learning has spread broadly. Online learning or e-learning (electronic learning) is a term used to describe learning materials that are not physically provided to you, but are accessible online where you; the learner, are not physically required to be ‘onsite’ to be guided through any of these online learning materials. Learners and tutors will use methods such as email and telephone to communicate, with you deciding how, when and where you learn. UK Learning College gives you the flexibility to complete our online courses as quickly or as slowly as is convenient for you. To make this possible, our online learning courses have been written and prepared in such a way that they enable you to take control over these decisions. Online learning allows you to develop the personal confidence and independence needed for success. Once you have become familiar with your online course and you feel you know your way around the program, then it is time to put together your own personal study plan to help you decide how best to study. We would advise that you write down your plan to assist you in following your online course study timetable. Home Study Explained Home Study Courses are a type of learning material in the form of manuals, CD Roms, Online courses etc. where you; the learner, are not physically required to be ‘onsite’ to be guided through any of these learning materials. Learners and tutors will use methods such as email and telephone to communicate, with you deciding how, when and where you learn. UK Learning College gives you the flexibility to complete our home study courses as quickly or as slowly as is convenient for you. To make this possible, our home learning courses have been written and prepared in such a way that they enable you to take control over these decisions. Home study courses allow you to develop the personal confidence and independence needed for success. Once you have become familiar with your home learning course materials and you feel you know your way around the course, then it is time to put together your own personal study plan to help you decide how best to study. We would advise that you write down your plan to assist you in following your home study timetable. Although our home learning course guides are primarily aimed at the first time user, you may already have some experience of home learning. Whatever your experience, it is important to understand that to be a successful home study course learner, you need to become familiar and comfortable with the learning materials. Student PortalHow can I interact with other students? Student Community We understand that studying from home may be a new experience for you. You could even be excused for feeling a little daunted since you will not be studying in a traditional "classroom environment". To help our students overcome these concerns we have developed a friendly online student community. The Student Community encourages a high level of interaction with your tutor and other like-minded students. All of our students receive access to the Student Community. You will be able to use the student community for the following: Access the student forum which allows you to share ideas and chat with other students. View your tutor's feedback on your marked assignments. View optional reading lists for your course (where available). Access free online games, for when you need a break from studying. View the study guide with plenty of useful hints and tips on how to get the most out of your course. Access free courses such as: Improving Learning Skills, Job Interview Skills, The Effective Learner, Goal Setting and Time Management, Ten Tips to Complete a Good Test Paper VISIT THE STUDENT COMMUNITY Related CoursesI am not sure this is for me. Are there similar courses? Related Courses Below you will find a list of courses that previous students have taken to complement their course. We hope that this list will give you some idea of the types of progression courses we offer, or alternative course options that may be of interest to you. Microsoft Certified IT Professional (MCITP) - Database Developer - Database developers design and implement relational database models (logical and physical) and database storage objects. They also program servers by using user-defined functions, triggers, stored procedures, Transact-SQL, or the CLR. They retrieve or modify data using SQL queries or tune and optimize queries. Database developers are typically employed by mid-sized to large-sized organizations......Read More » Microsoft Certified IT Professional (MCITP) - Enterprise Support - This certification prepares you for various job roles, which include: system administrators, network administrators, or technical support specialists. The test is appropriate for you if you have experience in resolving issues concerning network connectivity, desktop operating systems, security, and other issues related with desktop applications........Read More » Cisco Certified Network Assosiate (CCNA) - Cisco Certified Network Associate CCNA training course provides students with the knowledge and skills that are needed to install, configure, operate, and troubleshoot medium-size routed and switched networks, including implementation and verification of connections to remote sites in a WAN. The CCNA training course curriculum includes basic mitigation of security threats, introduction to wireless networking concepts and terminology, and performance-based skills......Read More » Further InformationWhat else do I need to know? Please remember that you will not be able to cancel your course once you have unsealed any supplied software or accessed any online courseware. The course can be enrolled upon by students Internationally. There are no deadlines for enrolments. How to EnrolHow do I enrol? Step One It's simple - Choose from our list of 100s Accredited Courses. Click on the enrol now button to select your enrolment option Step Two After you enrol, Course Material will be delivered to you within 7 working days (Normally 48 Hours). Step Three A personal tutor and a Dedicated Support advisor will be allocated to you throughout the course. Step Four On successful completion of the course, You will be given a Recognised Qualification towards a successful career. FAQsWhat are the most frequent questions? Course Frequently Asked Questions Q. How does distance learning work? To ensure studying is flexible and convenient, most of our courses are divided into sections. You work through each section at your own pace and time. Once completed, send the test paper back to your personal tutor for marking. You will then move onto the next section once successfully completing the previous section. The support period is dependent on the type of course you choose; our minimum support period is one year. Q. When can I start the course? The answer is simple, when YOU want; you can start the course at any time we do not have any set enrolment dates. Most of our courses don’t require any previous experience or qualifications. All you need is a desire and motivation to succeed. You can even start right now - call and speak to one of our Professional Course Advisors. Q. How long do the courses take? This is dependent upon your choice of course and how fast you want to learn. A full breakdown of the course is available in your course literature. We do provide estimated number of study hours; ask our course advisors for details. Q. Do the courses have tutorial support? Yes, You will be allocated an experienced tutor who will guide you through the course, mark your assignments and generally help you with any problems you may have. Your tutors can be contacted via email and post. Q. If I fail an assignment can I retake it? Yes, your tutor will ask you to resubmit your assignment and give you support as to where you could improve. How do I get help with my course work? You can get help 7 days a week by email, or post from your dedicated tutor, you just email your assignments for marking. You have to send your assignments one at a time so the tutor can mark one and give you the feedback. Q. Will I get a qualification at the end? Yes, for all our courses, you will receive a diploma or a recognised qualification from the awarding body of your course. Q. Is the course work done online or sent via the internet? No, the course work can be done offline using your PC or for paper based courses working through your course folder. Q. Is there a time limit or any deadlines? We do like you to complete the course within the tutor support period but we can extend this for a small charge (currently £40 for 12 months). If you follow the recommended study hours, this will give you a good guide to complete the course withim the specified time period. Q. Will I have to sit an examination? Most of our paper based courses do not require you to sit examinations, only continual assessments. Where there are examinations required, you will receive all the information you need to make your own exam arrangements. Please note exam fees are not included in your course fee, unless otherwise stated. Q. How quickly will I receive my course material? Once your payment has been received and cleared your enrolment should be processed within two days and your course materials delivered within 5 days, for customers who choose to pay in instalments this can take longer as we need a signed agreement back from you before we send the course materials. Q. Do I have to buy any other materials? Our comprehensive course materials are designed to be self-contained with all the relevant information you require to complete the course and gain the relevant certification. However some of our students undertake additional reading via relevant textbooks/study guides and/or the Internet to add value to their studies. Q. I’m not sure of what course I should take? Can you help? Yes we can, it is important that you pursue a course which you will enjoy. Although we cannot make this decision for you, we employ a team of dedicated Professional Course Advisors, who will guide you towards making the right choice. Whether you want specific information, or just a chat about what’s available, contact us now. Q. Why choose UK Learning College? The breadth and depth of our portfolio of courses means that we will have a course to interest you. We are committed to your success, and offer advice and support through every step of the process. We have a dedicated team of Professional Course Advisors that can give you access to career and recruitment advice, whilst offering excellent value and quality courses. Please contact us if you have not found the answer you are looking for. Contact UsI’m still not sure can you help me? Get in touch... If you would like to talk to someone about your choice of home learning course, or if you would like to discuss anything else with us please don't hesitate to call us on 0800 009 6249. You can also call us on Skype at dialgia.group Postal Address: UK Learning College 22 Turnbull Street Suite 108 Glasgow G1 5PR United Kingdom Contact Us

20% Website Wide Discount All this Month 

There are no reviews yet.

Share your review

Do you have experience with this course? Submit your review and help other people make the right choice. As a thank you for your effort we will donate £1.- to Stichting Edukans.

There are no frequently asked questions yet. Send an Email to info@springest.co.uk