|
 Events ::
Upcoming Events :: Forensic and Cyber Security Investigation (CSI) Workshop
Stealing Office data? Computer forensic can track you down
On January 2008, seven former Citibank employees faced 1,223 charges under Computer Misuse Act of taking clients information before leaving to join rival UBS
ST 27 January 2008
|
How do you know that confidential files on your computer have not been copied, deleted or stolen?
Come to this workshop and learn ways to track and record your employee’s activities . . .
Course Description
This course will provide you with an understanding of the following areas: forensics analysis fundamentals, data recorder technology, data-mining, forensic analysis, specialized filtering, network security principles including encryption technologies, security threat recognition of common user protocols including IP, ICMP, ARP, POP3 / IMAP / SMTP and HTTP and Network Forensics Analysis techniques. Real-World examples will be utilized throughout the course.
- Forensic 5Q
- Forensic Analysis of Network Behaviour in Wired, Wireless
- Conversation Forensic Analysis
- Data Recorder technology
- Reconstruct email, web pages and voice conversation
- Lots of hands-on and exercises
Two Day Workshop |
22 & 23 May 2008
GALLERY HOTEL
SINGAPORE
|
About the Speaker
Phillip D. Shade
Chief Security Officer – Merlion’s Keep Consulting
Mr. Shade is an internationally recognized Network Security and Forensics Expert, having work for numerous projects for governmental security agencies. Drawing from his over 30 years of hands-on, real world experience, Mr. Shade specializes in presenting at seminars and road shows using a highly energetic, knowledgeable and informative style. He founded Merlion’s Keep Consulting, having previously worked with WildPackets and IBM Global services.
Mr. Shade served in the United States Navy for 20 years, specializing in Electronics Systems and Computer Security. He attended the University of San Francisco for a Bachelor of Science degree in Information Systems Management.
He was a certified Sniffer University Instructor, WildPackets Academy International Chief Instructor and Planet3 (CWNA) Instructor. Most recently, a WireShark (Ethereal) Forensic Instructor.
Phill holds numerous networking certifications including CNX-Ethernet (Certified Network Expert), Cisco CCNA, CWNA (Certified Wireless Network Administrator), WildPackets PasTech and WNAX (WildPackets Certified Network Analysis Expert).
Course Agenda
Day 1
I. Introduction To Network Forensic Analysis
- Overview and history of Network Forensics Analysis
- Five key questions
- Data Recorder technology
II. Collecting the Data – Data Capture and Statistical Forensics Analysis
- Getting Started
a. Data Collection – How Network Infrastructure Devices Affect Forensics Analysis i. Switches, Bridges, Routers, Firewalls and CSU / DSU
b. Stealth / Silent Collection of Data
Case Study #1 – Firewall Capture and the Welchia Worm penetration
Hands-on Lab / Exercise #1 – Getting Acquainted
- Forensic Evaluation of Statistical Network Data
a.Assessment of Key Network and Forensics Statistics
Hands-on Lab / Exercise #2 - Statistical Assessment of the Network
- Forensics Analysis of Network Behavior in Wired and WLAN Environments
a.Forensic Assessment of Protocol Statistics
b.Layer 2 vs. Layer 3 vs. Later 4 Addressing
c.IEEE 802.3 Ethernet vs. IEEE 802.11 Frame Formats
d.Using Names as a Forensics Analysis Aid
e.WLAN Device Analysis
Hands-on Lab / Exercise #3 - Analyzing Node and Protocol Statistics for suspicious activities
- Expert Forensics Analysis
a.Using Expert Systems to Determine Suspicious Activity
b.Determining Which Conversations Have Problems - Analyzing Latency and Throughput
Hands-on Lab / Exercise #4 –A Tale of Two Networks
Case Study#2 – VoIP Call Interception and Playback
- Protocol and Conversation Forensic Analysis
a.Analyzing the 3 Different Network Communication Architectures
b.Analyzing Suspicious Conversations and Activities
c.Interpreting Protocol Decodes and Packet File Navigation Tips
Hands-on Lab / Exercise #5 – Protocol and Conversation Forensic Analysis
- Forensic Filtering Techniques
a.Constructing and Applying Specialty Forensics Filters
b.Importing / Exporting Filters
Case Study #3 – Locating key Text-Strings & Identifying Information
Lab / Hands-on Exercise #6 - Advanced Filtering for Forensic Analysis
- Tracking and Reconstruction of Packet Flows
a.Diagramming and Interpreting a Conversation
b.Packet Flow Reconstruction and Analysis
c.Deep-Level Forensic Analysis of Packet Contents
Case Study #4 – Reconstructing Suspicious Multiple Segment Conversations
Lab / Hands-on Exercise #7 – Diagramming a Conversation
Day 2
III. TCP / IP Forensics Analysis
- Forensics Analysis of IP
a.Structure and Analysis of IPv4 vs. IPv6
a.IP Fragmentation, IP Header Checksums and Forensic analysis of IPv4 Option fields
b.Common IP Exploits
Hands-on Lab / Exercise #8 – Evaluating IP Security
- Internet Control Message Protocol (ICMP) and Network Forensics
a.Structure and Analysis of ICMP
b.Analyzing ICMP Messages and Suspicious ICMP Traffic Analysis
Hands-on Lab / Exercise #9 – Forensic Analysis of ICMP
Case Study#5 – Who is Knocking on the Door – Identifying a Network Mapping Intrusion
- Forensics Analysis of TCP
a.Structure and Analysis of TCP
b.TCP Header Checksums and Forensic Analysis of TCP Option fields
c.Common TCP Exploits
Case Study#6 – Determining the Source of a TCP SYN Flood Attack
- Forensic Analysis of User protocols and Common User Protocol Exploits
a. POP / SMTP / IMAP
b. HTTP
c. VoIP
Hands-on Lab / Exercise#10 – Forensic Analysis of User Protocols
Case Study#7 – Application Reconstruction – Email / Web / Instant Messenger / File Transfers
- Appendix 1 – Forensic Analysis Reference Information
|
