CSITech develops and offers various training courses on specific computer forensic and data acquisition techniques and tools.
Dates for the courses can be found at www.csitraining.co.uk.
Helix Intermediate Training
This course has already been taught around the world to hundreds of Police Forces and corporate investigation teams looking to understand the complexities of live data previewing and aquisition. With the final day looking at cutting edge memory analysis this is an exciting and innovative course for the forensic professional.
Costs -
Law Enforcement - £950 + VAT
Corporate - £1250 + VAT
Advanced Live Forensics Training
We are pleased to announce the 3 day Advanced Live Forensics course. Although it is not essential to have attended the Intermediate course this continues naturally from the elements learned.
As before the course is primarily hands on but provides much more flexibility, covering the use of Helix 3.0, scripting techniques, and even working with the F-Response Field Kit for remote investigations including remote RAM analysis.
A significant time is spent in advanced memory analysis techniques including working with Hiberfil and Crash Dump files. Also interesting for all is creating and scripting your own USB toolkit including covert techniques.
Syllabus
Helix 2.0 overview (Disk included)
o New Ubuntu OS
o Faster mounting proceedures
Overview of Helix Pro
Imaging Vista RAM
Imaging Linux RAM
Imaging Intel Mac’s (OSX)
Advanced Memory analysis
o Extraction of bespoke files types
o Extraction of Gmail contacts and other data
o Extracting data from Hiberfil and Crashdump files
o Using Volatility to extract:-
• Running processes
• Open network sockets
• Open network connections
• DLLs loaded for each process
• Open files for each process
• Open registry handles for each process
• A process' addressable memory
• OS kernel modules
• Mapping physical offsets to virtual addresses (strings to process)
• Virtual Address Descriptor information
• Extract executables from memory samples
• Virus checking RAM dumps
• Extract the SAM from RAM and crack the passwords
• Locate and extract ANY registry key
Using F-Response Field Kit Edition combined with Helix to investigate a remote machine including:-
o Volatile data acquisition
o Disk imaging
o Live Memory analysis (Trial version free or Full Field Kit included with higher price)
Creating and scripting your own USB toolkits (Ruggedized USB keys to keep included)
o Script disk imaging
o Volatile data extraction
o Reverse copying key files and folders
o Creating covert running scripts
o On the fly encryption of acquired data
Creating your own Windows forensic boot disk
o The pros and cons
o Installing and implementing tools from the Helix disk
o Usage, tips and tricks
Law Enforcement £1150 + VAT incl. disk and USB key
£1350 + VAT incl. above and F-Response Field edition
Private £1300 + VAT incl. disk and USB key
£1500 + VAT incl. above and F-Response Field edition
Wireless Attack Training
With the increasing use of wireless technology to access networks and the internet, law enforcement are looking for new ways to acquire intelligence and evidence pertaining to a suspect.
This course is designed to teach law enforcement** personnel how to successfully intercept data from a wireless network and recreate the data stream into usable intelligence. We do not focus on wireless theory but aim for the student to leave the course with the equipment, software and knowledge to successfully attack and monitor traffic from a wireless source.
The course includes:-
- The law and approvals
- Finding your network
- Covert methods
- Acquiring the data stream from the air
- Breaking WEP, WPA and WPA2 encryption
- Reforming network traffic into usable files e.g. html, documents, IM chat
- GPS mapping your wireless surveillance environment
- Much more..
The student will leave the course with a fully configured Virtual Machine ready to go, specialist wireless usb adapter and hi-gain Omni-directional antenna.
Cost - £1350 + VAT including kit
** Due to proposed changes in the Computer Misuse Act this course has to be strictly limited to law enforcement personnel
Covert Data Acquisition Training
Based around a Law Enforcement product built by e-fense called Aperio this 2 day course covers preparation and deployment of the tool as well as analysis of the results.
For information about either Aperio or this training please contact us by telephone in the first instance.
|
CSITech provides a number of training courses to assist computer forensic and Law Enforcement professionals.
|
