Well, lookee here. Nice e-mail I got from Computer Forensics and Electronic Discovery in Arizona today. Whatever were they thinking? Last year I got a load of job offers from security agencies…. and I’m just not the type. Is anyone else getting emails like this? Have you a clue as to why you have been added to their mailing list?
Looks like a nifty course on computer spying for fun and profit to me.
Computer Forensics and Electronic Discovery in Arizona
ID# 365517
Scottsdale, Arizona
March 23, 2006
Camelback Golf Club
7847 North Mockingbird Lane
Continuing education credit: NALA 0.70, IACET 0.65, AZ CLE 6.50
Faculty
Chief Security Officers
Russell Rowe
Benjamin Stephan
John Riding
——————————————————————————–
Agenda
9:00 a.m. – 9:45 a.m.
I. Overview: What Is Computer Forensics And Why Is It Important?
A. Identity Theft
B. E-Commerce Fraud
C. Intellectual Property
9:45 a.m. – 10:30 a.m.
II. Computer Processing And Concepts
A. Anatomy Of The Machine
1. Hardware And Peripherals
2. Operating System
3. The Boot Up Sequence From Start To Finish
B. Data: It Is All 1’s And 0’s
1. Complex Storage Devices
C. Does Deleting Really Make It Go Away?
10:30 a.m. – 10:45 a.m.
Break
10:45 a.m. – 11:15 a.m.
III. Forensics Tool Bag
A. Software
1. Encase
a. Servlets
2. Forensic Tool Kit
3. Password Crackers
a. Cain And Abel
b. PWL Files
4. Steganography
B. Hardware
1. Write Blockers
a. Fastbloc
2. Boot Disks
11:15 a.m. – 12:15 p.m.
Lunch (On Your Own)
12:15 p.m. – 1:00 p.m.
IV. On The Scene: How To Handle Onsite Investigations From Intro To Acquisition
A. Permission And Privacy
B. Logging And Labeling
1. Computer Connections And Components
2. A Picture Speaks A Thousand Words
C. Don’t Touch It, You’ll Corrupt It
1. Proper Shutdown Sequence
2. BIOS Check And The Boot Sequence
D. Art Of Acquisition
1. Drive To Drive
2. Network Cross Over Cable
E. Onsite Triage
1:00 p.m. – 2:30 p.m.
V. Cyber Evidence: What Tracks Are Left Behind And How Do We Find Them?
A. Partition Recovery
B. File Signature Analysis
C. Hash Sets
D. Recovering Deleted Files And Folders
1. Info2 Records
E. OS Artifacts
1. Link Files
2. Printer Spools
3. Temporary Files And Folders
F. Images
1. Gallery Review
2. Yoya And Image Headers
G. Complex Files
1. Compressed Files
2. Complex Documents
2:30 p.m. – 2:45 p.m.
Break
2:45 p.m. – 3:45 p.m.
VI. Internet Evidence
A. E-Mail Evidence
B. Outlook PST Files
C. Webmail
D. Base64
E. History
F. Cookies
G. Temporary Internet Files
H. Images
3:45 p.m. – 4:30 p.m.
VII. User Profiling
A. Putting The Pieces Together
B. Rebuilding The User
4:30 p.m. – 5:00 p.m.
VIII. Questions And Answers
——————————————————————————–
If you don’t wish to receive any more invitations for Chief Security Offices reply to this email with “Unsubscribe” in the Subject Line
Chief Security Officers
14301 N. 87th Street
Suite 215
Scottsdale, Arizona 85260
888-237-3899
I like that bit about “Rebuilding the User”…. are they talking about Post Traumatic Stress Syndrome?
And while we’re on the topic, anyone who objects to NSA domestic spying on Americans should divest themselves, as far as possible, of AT&T. Go to WORKING ASSETS. Get yourself a long-distance carrier that will work for you and the changes we all seek. (Free credits for Ben & Jerry’s and your chance to apportion 100 points of profit donations towards organizations like the ACLU and Doctors Without Borders.)
