Sunday, November 11, 2007
at
6:45 AM
|
A growing number of security-related incidents require handling computer-related evidence in a manner that is admissible in a court of law. This course teaches attendees generally accepted computer forensics principles and methods, such as making forensic-duplicate or qualified forensic-duplicate copies of evidence in original media, avoiding modification of forensic evidence, and establishing a "chain of custody." Additionally, even if evidence obtained from computer systems is not used for legal purposes, performing a thorough investigation of suspicious system behavior and changes in systems that have occurred as a result of security breaches has become increasingly necessary. This course thus also covers detailed incident investigation methods such as recovering deleted data, identifying rootkits that have been installed, and finding hidden files and processes in compromised and potentially compromised systems. Although this course covers a few high level legal and procedural considerations, the main focus is definitely technical; attendees should have a thorough understanding of the functionality of Windows, Linux and Unix operating systems.
Posted by
admin
Labels:
Info IT
0 comments:
Post a Comment