 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
|
Forensic Extreme Instructors: Tobias Klein, Marco Lorenz and a lawyer from the Amann law office Length: 3 days Content: Using a variety of case examples, the proper procedure will be discussed in the event of suspicion of hacking intrusion, data abuse, data theft, data deletion or unauthorized use of company communication systems. The course comprises a technical part where tools for forensic analysis will be introduced and a legal/organizational part where the legal conditions for in-house investigations with regard to suspects will be presented. In the technical part each participant will learn how to look for traces in IT systems and how to preserve and interpret them, based on many exercises which he can follow in his own notebook which is provided. Each participant will receive a tool set for life analysis which includes, among other things, collection and analysis tools previously not available. Moreover, in dead analysis established commercial products will be introduced and used in addition to freely available tools. Life analysis focuses on the collection and analysis of volatile data from running systems, looking at kernel components, network status and main memory as well as at the virtual memory of individual processes. Contrary to the well-known methods of hard disk analysis, advanced methods are used here to gather information for identifying malware (worms, trojans etc.) as well as kernel rootkits, for reproducing code injection attacks or extracting general data directly from memory (images, documents etc.): The dead analysis focuses on the collection and analysis of persistent data. The participants will be familiarized with the creation of hard disk images, evaluation of file system meta data, handling of various file systems (NTFS, ext3, etc.), recovery of deleted data and the evaluation of log files. In the legal/organizational part, a lawyer from the Amann law office will explain in detail the procedure after intrusion detection. Case after case, the collection, preservation and evaluation of legally unassailable digital traces to provide evidence for successful legal prosecution will be played through.. It will be taken into account which group of offenders is involved, what the primary target (for example damage to the company) of the attack actually was, what has to be protected and what the damage potential of the attack was. It will also be discussed what evidence can be procured by one’s own investigations and what evidence can be procured by commissioning a third-party or notifying the police and to which extent filing charges against suspects can help. After completion of the courses, the participants will be able to recognize and comprehend the tracks of an intruder. They will know how they have to respond in the event of a system intrusion and the requirements that have to be observed with regard to the legally unassailable collection, storage and evaluation of digital traces as evidence. Topic areas: Operating systems covered: Windows, Linux, Unix Target group: Prerequisites: Price: 2.400,- Euro The training is conducted in the German language by an experienced trainer and in cooperation with the Amann law office. Dates: Place: We would be happy to reserve a room for you at a special rate in the hotel where the training course will take place. |
 |