Spy vs. Spy; Mad MagazineWell, lookee here.  Nice e-mail I got from Computer Forensics and Electronic Discovery in Arizona today.  Whatever were they thinking?  Last year I got a load of job offers from security agencies…. and I’m just not the type.  Is anyone else getting emails like this?  Have you a clue as to why you have been added to their mailing list?

Looks like a nifty course on computer spying for fun and profit to me.

Computer Forensics and Electronic Discovery in Arizona

ID# 365517

Scottsdale, Arizona

March 23, 2006

Camelback Golf Club

7847 North Mockingbird Lane    

Continuing education credit: NALA 0.70, IACET 0.65, AZ CLE 6.50


Chief Security Officers

Russell Rowe

Benjamin Stephan

John Riding



9:00 a.m. – 9:45 a.m.

I. Overview: What Is Computer Forensics And Why Is It Important?

    A. Identity Theft

    B. E-Commerce Fraud

    C. Intellectual Property

9:45 a.m. – 10:30 a.m.

II. Computer Processing And Concepts

    A. Anatomy Of The Machine

        1. Hardware And Peripherals

        2. Operating System

        3. The Boot Up Sequence From Start To Finish

    B. Data: It Is All 1’s And 0’s

        1. Complex Storage Devices

    C. Does Deleting Really Make It Go Away?

10:30 a.m. – 10:45 a.m.


10:45 a.m. – 11:15 a.m.

III. Forensics Tool Bag

    A. Software

        1. Encase

            a. Servlets

        2. Forensic Tool Kit

        3. Password Crackers

            a. Cain And Abel

            b. PWL Files

        4. Steganography

    B. Hardware

        1. Write Blockers

            a. Fastbloc

        2. Boot Disks

11:15 a.m. – 12:15 p.m.

    Lunch (On Your Own)

12:15 p.m. – 1:00 p.m.

IV. On The Scene: How To Handle Onsite Investigations From Intro To Acquisition

    A. Permission And Privacy

    B. Logging And Labeling

        1. Computer Connections And Components

        2. A Picture Speaks A Thousand Words

    C. Don’t Touch It, You’ll Corrupt It

        1. Proper Shutdown Sequence

        2. BIOS Check And The Boot Sequence

    D. Art Of Acquisition

        1. Drive To Drive

        2. Network Cross Over Cable

    E. Onsite Triage

1:00 p.m. – 2:30 p.m.

V. Cyber Evidence: What Tracks Are Left Behind And How Do We Find Them?

    A. Partition Recovery

    B. File Signature Analysis

    C. Hash Sets

    D. Recovering Deleted Files And Folders

        1. Info2 Records

    E. OS Artifacts

        1. Link Files

        2. Printer Spools

        3. Temporary Files And Folders

    F. Images

        1. Gallery Review

        2. Yoya And Image Headers

    G. Complex Files

        1. Compressed Files

        2. Complex Documents

2:30 p.m. – 2:45 p.m.


2:45 p.m. – 3:45 p.m.

VI. Internet Evidence

    A. E-Mail Evidence

    B. Outlook PST Files

    C. Webmail

    D. Base64

    E. History

    F. Cookies

    G. Temporary Internet Files

    H. Images

3:45 p.m. – 4:30 p.m.

VII. User Profiling

    A. Putting The Pieces Together

    B. Rebuilding The User

4:30 p.m. – 5:00 p.m.

VIII. Questions And Answers


If you don’t wish to receive any more invitations for Chief Security Offices reply to this email with “Unsubscribe” in the Subject Line

Chief Security Officers

14301 N. 87th Street

Suite 215

Scottsdale, Arizona 85260


I like that bit about “Rebuilding the User”…. are they talking about Post Traumatic Stress Syndrome?

And while we’re on the topic, anyone who objects to NSA domestic spying on Americans should divest themselves, as far as possible, of AT&T.  Go to WORKING ASSETS.  Get yourself a long-distance carrier that will work for you and the changes we all seek.  (Free credits for Ben & Jerry’s and your chance to apportion 100 points of profit donations towards organizations like the ACLU and Doctors Without Borders.)