Posts Tagged ‘Forensics’


One of my co-workers, Rodger Wille, will be mentoring SANS’ Computer Forensic Investigations – Windows In-Depth course (FOR408) in Atlanta, Georgia starting February 20th.  This course is great for any Intrusion and Security Analyst, Incident Handlers, and other members of the security staff (or those wishing to get a job with their security teams) who are looking to gain more information and understanding on how to conduct computer forensic investigations within the windows environment and what/where artifacts can be found within a windows system.

This course will cover forensic image acquisition, analysis techniques and tools and will utilize a full-featured forensic lab students will take with them.

Topics covered in the course will include:

  • Windows File System Foundations
  • Evidence Acquisition Tools and Techniques
  • Law Enforcement Bag and Tag
  • Evidence Integrity
  • Registry Forensics
  • Windows Artifact Analysis
    • Facebook, Gmail, Hotmail, Yahoo Chat and Webmail Analysis
    • E-Mail Forensics (Host, Server, Web)
    • Microsoft Office Document Analysis
    • Windows Link File Investigation
    • Windows Recycle Bin Analysis
    • File and Picture Metadata Tracking and Examination
    • Prefetch Analysis
    • Event Log File Analysis
    • Firefox, Chrome, and Internet Explorer Browser Forensics
    • Deleted File Recovery
    • String Searching and Data Carving
    • Examination of Cases involving Windows XP, VISTA, and Windows 7, and Windows 8
    • Media Analysis And Exploitation
    • Forensic Analysis Report Writing

In addition to the great training, each participant will also receive the following:

  • Windows version of the SIFT Workstation Virtual Machine with full Windows 8 standard license
  • Full 3 month trial license to AccessData FTK and Guidance Software EnCase
  • Full 15-day trial license to MagnetForensics Internet Evidence Finder
  • Course DVD
  • Real-world Windows XP and Windows 7 cases for examination
  • Wiebetech Ultradock v5 Write Blocker Kit

SANS Mentor students get the same great SANS content and material as they would at a traditional SANS conference event in a much more relaxed and intimate environment with classes spanning 10 weekly two hour evening sessions.  This format eliminates travel costs and impact to mission by being away from the office during normal business hours and allows students more time to learn the material.  With much smaller classes, usually no more than 8-10 participants, students have the opportunity to get their questions answered in-depth and gain more hands on experience during the labs.  The Mentor, an industry professional and GIAC Certified in the course being mentored, is often available to answer questions from students between class sessions and will highlight more salient portions of the material and lead hands-on exercises each week.

About Rodger:

Rodger has over 14 years of experience in the computer security arena as an Incident Handler and Forensic Analyst. Rodger began his career as a Signals Intelligence Analyst in the US Army conducting Cyber Threat Intelligence. After serving in the Army, Rodger continued supporting the US Army as a Defense Contractor with the Army Computer Emergency Response Team (ACERT) working as an Incident Handler and later as in a Senior Incident Handler role leading a team of incident handlers for the Regional Computer Emergency Response Team CONUS (RCERT-CONUS). Previously, Rodger was the Federal Lead for the Research and Forensics team within the US Department of Health and Human Services Computer Security Incident Response Center (CSIRC) where he was responsible for leading network, memory and disk based forensics, malware analysis and incident response activities.  Currently, Rodger is a Principal Security Consultant for FireEye Labs, where he helps his customers battle advanced threats, conduct forensic analysis, respond to security incidents and develop security policy.

http://www.sans.org/mentor/class/for408-atlanta-20feb2014-rodger-wille  – Rodger can offer special pricing of exceptional savings for up to two seats in the course and 10% discount to all others.  Follow him on Twitter @RAW4n6 and direct message him for details.