CH-CHFI Computer Hacking Forensic Investigator

Introduction

Digital forensic practices stem from forensic science, the science of collecting and examining evidence or materials. Digital or computer forensics focuses on the digital domain including computer forensics, network forensics, and mobile forensics. As the cyber security profession evolves, organizations are learning the importance of employing digital forensic practices into their everyday activities. Computer forensic practices can help investigate attacks, system anomalies, or even help System administrators detect a problem by defining what is normal functional specifications and validating system information for irregular behaviours. In the event of a cyber-attack or incident, it is critical investigations be carried out in a manner that is forensically sound to preserve evidence in the event of a breach of the law. Far too many cyber-attacks are occurring across the globe where laws are clearly broken and due to improper or non-existent forensic investigations, the cyber criminals go either unidentified, undetected, or are simply not prosecuted. Cyber Security professionals who acquire a firm grasp on the principles of digital forensics can become invaluable members of Incident Handling and Incident response teams. The Computer Hacking Forensic Investigator course provides a strong baseline knowledge of key concepts and practices in the digital forensic domains relevant to today’s organizations. CHFI provides its attendees a firm grasp on the domains of digital forensics.

Target Audience

• Anyone interested in cyber forensics/investigations
• Incident response team members
• Information security managers
• Network defenders
• IT professionals, IT directors/managers
• System/network engineers
• Security analyst/ architect/auditors/ consultants

Prerequisites

• IT/forensics professionals with basic knowledge on IT/cyber security, computer forensics, and incident response.
• Prior completion of CEH training would be an advantage.

Course Objectives

Upon completing this course, the learner will be able to understand:

• Perform incident response and forensics
• Perform electronic evidence collections
• Perform digital forensic acquisitions
• Perform bit-stream Imaging/acquiring of the digital media seized during the process of investigation.
• Examine and analyze text, graphics, multimedia, and digital images
• Conduct thorough examinations of computer hard disk drives, and other electronic data storage media
• Recover information and electronic data from computer hard drives and other data storage devices
• Follow strict data and evidence handling procedures
• Maintain audit trail (i.e., chain of custody) and evidence integrity
• Work on technical examination, analysis and reporting of computer-based evidence
• Prepare and maintain case files
• Utilize forensic tools and investigative methods to find electronic data, including Internet use history, word processing documents, images and other files
• Gather volatile and non-volatile information from Windows, MAC and Linux
• Recover deleted files and partitions in Windows, Mac OS X, and Linux
• Perform keyword searches including using target words or phrases
• Investigate events for evidence of insider threats or attacks
• Support the generation of incident reports and other collateral
• Investigate and analyse all response activities related to cyber incidents
• Plan, coordinate and direct recovery activities and incident analysis tasks
• Examine all available information and supporting evidence or artefacts related to an incident or event
• Collect data using forensic technology methods in accordance with evidence handling procedures, including collection of hard copy and electronic documents
• Conduct reverse engineering for known and suspected malware files
• Identify data, images and/or activity which may be the target of an internal investigation
• Perform detailed evaluation of the data and any evidence of activity in order to analyze the full circumstances and implications of the event
• Establish threat intelligence and key learning points to support pro-active profiling and scenario modelling
• Search file slack space where PC type technologies are employed
• File MAC times (Modified, Accessed, and Create dates and times) as evidence of access and event sequences
• Examine file type and file header information
• Review e-mail communications including web mail and Internet Instant Messaging programs
• Examine the Internet browsing history
• Generate reports which detail the approach, and an audit trail which documents actions taken to support the integrity of the internal investigation process
• Recover active, system and hidden files with date/time stamp information
• Crack (or attempt to crack) password protected files
• Perform anti-forensics detection
• Maintain awareness and follow laboratory evidence handling, evidence examination, laboratory safety, and laboratory security policy and procedures
• Play a role of first responder by securing and evaluating a cybercrime scene, conducting preliminary interviews, documenting crime scene, collecting and preserving electronic evidence, packaging and transporting electronic evidence, reporting of the crime scene
• Perform post-intrusion analysis of electronic and digital media to determine the who, where, what, when, and how the intrusion occurred
• Apply advanced forensic tools and techniques for attack reconstruction
• Perform fundamental forensic activities and form a base for advanced forensics
• Identify and check the possible source/incident origin
• Perform event co-relation
• Extract and analyse logs from various devices such as proxies, firewalls, IPSes, IDSes, Desktops, laptops, servers, SIM tools, routers, switches, AD servers, DHCP servers, Access Control Systems, etc.
• Ensure that reported incident or suspected weaknesses, malfunctions and deviations are handled with confidentiality
• Assist in the preparation of search and seizure warrants, court orders, and subpoenas
• Provide expert witness testimony in support of forensic examinations conducted by the examiner

Associated Certification & Exam

CHFI v9 Program certifies individuals in the specific security discipline of computer forensics from a vendor-neutral perspective. The CHFI certification will fortify the application knowledge of anyone who is concerned about the integrity of the network infrastructure. This course prepares you for the CHFI 312-49 exam*.

Number of Questions:	150
Passing Score:	70%
Test Duration:	4 hours
Test Format:	MCQ
Test Delivery:	ECC exam portal

Duration: 2 Days
Book Training

CH–CCISO EC-Council Certified Chief Information Security Officer

Introduction

The CCISO Certification is an industry-leading program that recognizes the real-world experience necessary to succeed at the highest executive levels of information security. Bringing together all the components required for a C-Level position, the CCISO program combines audit management, governance, IS controls, human capital management, strategic program development, and the financial expertise vital to leading a highly successful IS program. Material in the CCISO Program assumes a high-level understanding of technical topics and doesn’t spend much time on strictly technical information, but rather on the application of technical knowledge to an information security executive’s day-to-day work. The CCISO aims to bridge the gap between the executive management knowledge that CISOs need and the technical knowledge that many aspiring CISOs have. This can be a crucial gap as a practitioner endeavours to move from mid-management to upper, executive management roles. Much of this is traditionally learned as on the job training, but the CCISO Training Program can be the key to a successful transition to the highest ranks of information security management.

Target Audience

This course is best suited for professionals who aspire to attain the highest regarded title within the information security profession – Certified Chief Information Security Officer.

Prerequisites

There are no formal prerequisites to sit on the course however there are prerequisites to be met when taking the CCISO exam.

Course Objectives

Upon completing this course, the learner will be able to:

• Define, implement, and manage an information security governance program that includes leadership, organizational structures and processes.
• Establish information security management structure.
• Assess the major enterprise risk factors for compliance.
• Design and develop a program to monitor firewalls and identify firewall configuration issues.
• Identify vulnerability and attacks associated with wireless networks and manage different wireless network security tools.
• Deploy and manage anti-virus systems.
• Understand various system-engineering practices.
• Identify the volatile and persistent system information.
• Develop and manage an organizational digital forensic program.
• Identify the best practices to acquire, store and process digital evidence.
• Define key performance indicators and measure effectiveness on a continuous basis.
• Allocate financial resources to projects, processes and units within information security programs.
• Identify and report financial metrics to stakeholders.
• Design vendor selection process and management policy.
• Understand the IA security requirements to be included in statements of work and other appropriate procurement documents.

Associated Certification & Exam

The exam focuses on scenario-based questions that require applicants to apply their real-world experience in order to answer the questions successfully. To that end, in order to qualify to sit for the CCISO Exam, applicants must be approved by EC-Council in order to verify that they have at least five years of information security management experience in each of the five CCISO domains. Applicants with experience in three or less of the CCISO domains must first complete an Exam Eligibility Application and submit this to EC-Council for approval before attempting the exam – Exam Eligibility Application Applicants who do not meet these requirements have the option of sitting for the EC-Council Information Security Manager (E|ISM) exam as part of the Associate CCISO Program. This option is available to candidates who do not yet possess the required years of experience. Associate CCISOs may sit for official CCISO training and then take and pass the EC-Council Information Security Manager (EISM) exam to enter the program at the associate level. Once the prerequisite years of experience have been completed, Associate CCISOs may take the full CCISO exam and earn the full certification.

CCISO Exam Info:

Number of Questions:	150
Passing Score	72%
Test Duration:	2.5 Hours
Test Format:	Scenario based Multiple Choice

EISM Exam Info:

Number of Questions:	150
Passing Score	70%
Test Duration:	2 Hours
Test Format:	Multiple Choice

Duration: 5 Days
Book Training

CH-EHC EC-Council Ethical Hacking and Countermeasures

Introduction

The Certified Ethical Hacker (CEH) program is the pinnacle of the most desired information security training program any information security professional will ever want to be in. To master the hacking technologies, you will need to become one, but an ethical one! The accredited course provides the advanced hacking tools and techniques used by hackers and information security professionals alike to break into an organization. As we put it, “To beat a hacker, you need to think like a hacker”. This course will immerse you into the Hacker Mindset so that you will be able to defend against future attacks. The security mindset in any organization must not be limited to the silos of a certain vendor, technologies or pieces of equipment. This ethical hacking course puts you in the driver’s seat of a hands-on environment with a systematic process. Here, you will be exposed to an entirely different way of achieving optimal information security posture in their organization; by hacking it! You will scan, test, hack and secure your own systems. You will be taught the five phases of ethical hacking and taught how you can approach your target and succeed at breaking in every time! The five phases include Reconnaissance, Gaining Access, Enumeration, Maintaining Access, and covering your tracks!

Target Audience

This course will significantly benefit security officers, auditors, security professionals, site administrators, and anyone who is concerned about the integrity of the network infrastructure.

Prerequisites

The knowledge and skills that a learner must have before attending this course is as follows:

• Have successfully completed EC-Council’s Certified Network Defender (CND) course
• Have successfully completed Comptia’s Security+ course

There is a minimum age requirement that applies and attendance of the Ethical Hacking and Countermeasures training course or attempts at the relevant exam, is restricted to candidates who are at least 18 years old.

Course Objectives

Upon completing this course, the learner will be able to: Master an ethical hacking methodology that can be used in a penetration testing or ethical hacking situation. You walk out the door with ethical hacking skills that are highly in demand, as well as the internationally recognized Certified Ethical Hacker certification! This course prepares you for EC-Council Certified Ethical Hacker exam 312-50.

Duration: 5 Days
Book Training

CH-CND Certified Network Defender

Introduction

The Certified Network Defender (CND) certification program focuses on creating Network Administrators who are trained on protecting, detecting and responding to the threats on the network. These skills will help the Network Administrators foster resiliency and continuity of operations during attacks. Organizational focus on cyber defence is more important than ever as cyber breaches have a far greater financial impact and can cause broad reputational damage. Despite best efforts to prevent breaches, many organizations are still being compromised. Therefore organizations must have, as part of their defence mechanisms, trained network engineers who are focused on protecting, detecting, and responding to the threats on their networks. Network administrators spend a lot of time with network environments, and are familiar with; network components; network traffic; performance and utilization; network topology; location of each system; and security policies etc. The Certified Network Defender (CND) course is a vendor-neutral, hands-on, instructor-led comprehensive network security certification training program that prepares Network Administrators on network security technologies and operations to attain Defence-in-Depth network security skills. The course contains hands-on labs, based on major network security tools and techniques which will provide Network Administrators real world expertise on current network security technologies and operations.

Target Audience

• Network Administrators
• Network Security Administrators
• Network Security Engineers
• Network Defence Technicians
• Security Analysts
• Security Operators
• Anyone who is involved in network operations

Prerequisites

The knowledge and skills that a learner must have before attending this course is as follows:

• Fundamental knowledge of Networking Concepts.

Course Objectives

You will learn how to protect, detect and respond to network attacks. You will learn network defence fundamentals, the application of network security controls, protocols, perimeter appliances, secure IDS, VPN and firewall configuration. You will then learn the intricacies of network traffic signature, analysis and vulnerability scanning which will help you when you design greater network security policies and successful incident response plans. These skills will help you foster resiliency and continuity of operations during attacks.

Duration: 5 Days
Book Training