• Auditors de Seguretat.
• Cossos de seguretat i personal de defensa.
• Tècnics en seguretat, administradors de xarxa i de sistemes.
• Responsables de TI.

Coneixements de TCP/IP, Linux i Windows.

• Mòdul I: Computer Forensics in Today's World
• Introduction
• History of Forensics
• Definition of Forensic Science
• Definition of Computer Forensics
• What Is Computer Forensics?
• Need for Computer Forensics
• Evolution of Computer Forensics
• Computer Forensics Flaws and Risks
• Corporate Espionage Statistics
• Modes of Attacks
• Cyber Crime
• Examples of Cyber Crime
• Reason for Cyber Attacks
• Role of Computer Forensics in Tracking Cyber Criminals
• Rules of Computer Forensics
• Computer Forensics Methodologies
• Accessing Computer Forensics Resources
• Preparing for Computing Investigations
• Maintaining professional conduct
• Understanding Enforcement Agency Investigations
• Understanding Corporate Investigations
• Investigation Process
• Digital Forensics
• Mòdul II: Law And Computer Forensics
• What Is Cyber Crime?
• What Is Computer Forensics?
• Computer Facilitated Crimes
• Reporting Security Breaches to Law Enforcement
• National Infrastructure Protection Center
• FBI
• Federal Statutes
• Cyber Laws
• Approaches to Formulate Cyber Laws
• Scientific Working Group on Digital Evidence (SWGDE)
• Federal Laws
• The USA Patriot Act of 2001
• Freedom of Information Act
• Building Cyber Crime Case
• How the FBI Investigates Computer Crime?
• How to Initiate an Investigation?
• Legal Issues Involved in Seizure of Computer Equipments
• Searching With a Warrant
• Searching Without a Warrant
• Privacy Issues Involved in Investigations
• International Issues Related to Computer Forensics
• Crime Legislation of EU
• Cyber Crime Investigation
• Mòdul III: Computer Investigation Process
• Investigating Computer Crime
• Investigating a Company Policy Violation
• Investigation Methodology
• Evaluating the Case
• Before the Investigation
• Document Everything
• Investigation Plan
• Obtain Search Warrant
• Warning Banners
• Shutdown the Computer
• Collecting the Evidence
• Confiscation of Computer Equipments
• Preserving the Evidence
• Importance of Data-recovery Workstations and Software
• Implementing an Investigation
• Understanding Bit-stream Copies
• Imaging the Evidence Disk
• Examining the Digital Evidence
• Closing the Case
• Case Evaluation
• Mòdul IV: Computer Security Incident Response Team
• Present Networking Scenario
• Vulnerability
• Vulnerability Statistics
• What Is an Incident?
• A Study by CERT Shows Alarming Rise in Incidents (security Breach
• How to Identify an Incident
• Whom to Report an Incident?
• Incident Reporting
• Category of Incidents
• Handling Incidents
• Procedure for Handling Incident
• Preparation
• Identification
• Containment
• Eradication
• Recovery
• Follow up
• What Is CSIRT?
• Why an Organization Needs an Incident Response Team?
• Need for CSIRT
• Example of CSIRT
• CSIRT Vision
• Vision
• Best Practices for Creating a CSIRT
• Step 1: Obtain Management Support and Buy-In
• Step 2: Determine the CSIRT Development Strategic
• Step 3: Gather Relevant Information
• Step 4: Design your CSIRT Vision
• Step 5: Communicate the CSIRT Vision
• Step 6: Begin CSIRT Implementation
• Step 7: Announce the CSIRT
• Other Response Teams Acronyms and CSIRTs around the world
• World CSIRT
• Mòdul V: Computer Forensic Laboratory Requirements
• Budget Allocation for a Forensics Lab
• Physical Location Needs of a Forensic Lab
• Work Area of a Computer Forensics Lab
• General Configuration of a Forensic
• Equipment Needs in a Forensics Lab
• Ambience of a Forensics Lab
• Environmental Conditions
• Recommended Eyestrain Considerations
• Structural Design Considerations
• Electrical Needs
• Communications
• Basic Workstation Requirements in a Forensic Lab
• Consider stocking the following hardware peripherals
• Maintain Operating System and Application Inventories
• Common Terms
• Physical Security Recommendations for a Forensic Lab
• Fire-Suppression Systems
• Evidence Locker Recommendations
• Evidence Locker Combination Recommendations
• Evidence Locker Padlock Recommendations
• Facility Maintenance
• Auditing a Computer Forensics Lab
• Auditing a Forensics Lab
• Forensics Lab
• Mid Sized Lab
• Forensic Lab Licensing Requisite
• Forensic Lab Manager Responsibilities
• Mòdul VI: Understanding File systems and Hard disks
• Disk Drive Overview - I
• Hard Disk
• Disk Platter
• Tracks
• Tracks Numbering
• Sector
• Sector addressing
• Cluster
• Cluster Size
• Slack Space
• Lost Clusters
• Bad Sector
• Understanding File Systems
• Types of File System
• List of Disk File Systems
• List of Network file systems
• Special Purpose File systems
• Popular Linux File systems
• Sun Solaris 10 File system - ZFS
• Windows File systems
• Mac OS X File system
• CD-ROM / DVD File system
• File system Comparison
• Boot Sector
• Exploring Microsoft File Structures
• Disk Partition Concerns
• Boot Partition Concerns
• Examining FAT
• NTFS
• NTFS System Files
• NTFS Partition Boot Sector
• NTFS Master File Table (MFT)
• NTFS Attributes
• NTFS Data Stream
• NTFS Compressed Files
• NTFS Encrypted File Systems (EFS)
• EFS File Structure
• Metadata File Table (MFT)
• EFS Recovery Key Agent
• Deleting NTFS Files
• Understanding Microsoft Boot Tasks
• Windows XP system files
• Understanding Boot Sequence DOS
• Understanding MS-DOS Startup Tasks
• Other DOS Operating Systems
• Registry Data
• Examining Registry Data
• Mòdul VII: Windows Forensics
• Locating Evidence on Windows Systems
• Gathering Volatile Evidence
• Pslist
• Forensic Tool: fport
• Forensic Tool - Psloggedon
• Investigating Windows File Slack
• Examining File Systems
• Built-in Tool: Sigverif
• Word Extractor
• Checking Registry
• Reglite.exe
• Tool: Resplendent Registrar 3.30
• Microsoft Security ID
• Importance of Memory Dump
• Manual Memory Dumping in Windows 2000
• Memory Dumping in Windows XP and Pmdump
• System State Backup
• How to Create a System State Backup?
• Investigating Internet Traces
• Tool - IECookiesView
• Tool - IE History Viewer
• Forensic Tool: Cache Monitor
• CD-ROM Bootable Windows XP
• Bart PE
• Ultimate Boot CD-ROM
• List of Tools in UB CD-ROM
• Desktop Utilities
• File Analysis Tools
• File Management Tools
• File Recovery Tools
• File Transfer Tools
• Hardware Info Tools
• Process Viewer Tools
• Registry Tools
• Mòdul VIII: Linux and Macintosh Boot processes
• UNIX Overview
• Linux Overview
• Understanding Volumes -I
• Exploring Unix/Linux Disk Data Structures
• Understanding Unix/linux Boot Process
• Understanding Linux Loader
• Linux Boot Process Steps
• Step 1: The Boot Manager
• Step 2: init
• Step 2.1: /etc/inittab
• runlevels
• Step 3: Services
• Understanding Permission Modes
• Unix and Linux Disk Drives and Partitioning Schemes
• Mac OS X
• Mac OS X Hidden Files
• Booting Mac OS X
• Mac OS X Boot Options
• The Mac OS X Boot Process
• Installing Mac OS X on Windows XP
• PearPC
• MacQuisition Boot CD
• Mòdul IX: Linux Forensics
• Use of Linux as a Forensics Tool
• Recognizing Partitions in Linux
• File System in Linux
• Linux Boot Sequence
• Linux Forensics
• Case Example
• Step-by-step approach to Case 1 (a)
• Step-by-step approach to Case 1 (b)
• Step-by-step approach to Case 1 (c)
• Step-by-step approach to Case 1 (d)
• Case 2
• Challenges in disk forensics with Linux
• Step-by-step approach to Case 2 (a)
• Step-by-step approach to Case 2 (b)
• Step-by-step approach to Case 2 (c)
• Popular Linux Tools
• Mòdul X: Data Acquisition and Duplication
• Determining the Best Acquisition Methods
• Data Recovery Contingencies
• MS-DOS Data Acquisition Tools
• DriveSpy
• DriveSpy Data Manipulation Commands
• DriveSpy Data Preservation Commands
• Using Windows Data Acquisition Tools
• Data Acquisition Tool: AccessData FTK Explorer
• FTK
• Acquiring Data on Linux
• dd.exe (Windows XP Version)
• Data Acquisition Tool: Snapback Exact
• Data Arrest
• Data Acquisition Tool: SafeBack
• Data Acquisition Tool: Encase
• Need for Data Duplication
• Data Duplication Tool: R-drive Image
• Data Duplication Tool: DriveLook
• Data Duplication Tool: DiskExplorer
• Mòdul XI: Recovering Deleted Files
• Introduction
• Digital Evidence
• Recycle Bin in Windows
• Recycle Hidden Folder
• Recycle folder
• How to Undelete a File?
• Tool: Search and Recover
• Tool: Zero Assumption Digital Image Recovery
• Data Recovery in Linux
• Data Recovery Tool: E2undel
• Data Recovery Tool: O&O Unerase
• Data Recovery Tool: Restorer 2000
• Data Recovery Tool: Badcopy Pro
• Data Recovery Tool: File Scavenger
• Data Recovery Tool: Mycroft V3
• Data Recovery Tool: PC Parachute
• Data Recovery Tool: Stellar Phoenix
• Data Recovery Tool: Filesaver
• Data Recovery Tool: Virtual Lab
• Data Recovery Tool: R-linux
• Data Recovery tool: Drive and Data Recovery
• Data Recovery tool: active@ UNERASER - DATA recovery
• Data Recovery tool: Acronis Recovery Expert
• Data Recovery Tool: Restoration
• Data Recovery Tool: PC Inspector File Recovery
• Mòdul XII: Image Files Forensics
• Introduction to Image Files
• Recognizing an Image File
• Understanding Bitmap and Vector Images
• Metafile Graphics
• Understanding Image File Formats
• File types
• Understanding Data Compression
• Understanding Lossless and Lossy Compression
• Locating and Recovering Image Files
• Repairing Damaged Headers
• Reconstructing File Fragments
• Identifying Unknown File Formats
• Analyzing Image File Headers
• Picture Viewer: Ifran View
• Picture Viewer: Acdsee
• Picture Viewer: Thumbsplus
• Steganography in Image Files
• Steganalysis Tool: Hex Workshop
• Steganalysis Tool: S-tools
• Identifying Copyright Issues With Graphics
• Mòdul XIII: Steganography
• Introduction
• Important Terms in Stego-forensics
• Background Information to Image Steganography
• Steganography History
• Evolution of Steganography
• Steps for Hiding Information in Steganography
• Six Categories of Steganography in Forensics
• Types of Steganography
• What Is Watermarking
• Classification of Watermarking
• Types of Watermarks
• Steganographic Detection
• Steganographic Attacks
• Real World Uses of Steganography
• Steganography in the Future
• Unethical Use of Steganography
• Hiding Information in Text Files
• Hiding Information in Image Files
• Process of Hiding Information in Image Files
• Least Significant Bit
• Masking and Filtering
• Algorithms and Transformation
• Hiding Information in Audio Files
• Low-bit Encoding in Audio Files
• Phase Coding
• Spread Spectrum
• Echo Data Hiding
• Hiding Information in DNA
• TEMPEST
• The Steganography Tree
• Steganography Tool: Fort Knox
• Steganography Tool: Blindside
• Steganography Tool: S- Tools
• Steganography Tool: Steghide
• Steganography Tool: Digital Identity
• Steganography Tool: Stegowatch
• Tool: Image Hide
• Data Stash
• Tool: Mp3Stego
• Tool: Snow.exe
• Tool: Camera/Shy
• Steganography Detection
• Mòdul XIV: Computer Forensic Tools
• Dump Tool: DS2DUMP
• Dump Tool: Chaosreader
• Slack Space & Data Recovery Tools: Drivespy
• Slack Space & Data Recovery Tools: Ontrack
• Hard Disk Write Protection Tools: Pdblock
• Hard Disk Write Protection Tools: Nowrite & Firewire Drivedock
• Permanent Deletion of Files:pdwipe
• Disk Imaging Tools: Image & Iximager
• Disk Imaging Tools: Snapback Datarrest
• Partition Managers: PART & Explore2fs
• Linux/unix Tools: Ltools and Mtools
• Linux/UNIX tools: TCT and TCTUTILs
• Password Recovery Tool: @Stake
• ASRData
• SMART Screenshot
• Ftime
• Oxygen Phone Manager
• Multipurpose Tools: Byte Back & Biaprotect
• Multipurpose Tools: Maresware
• Multipurpose Tools: LC Technologies Software
• Multipurpose Tools: Winhex Specialist Edition
• Multipurpose Tools: Prodiscover DFT
• Toolkits: NTI tools
• Toolkits: R-Tools-I
• Toolkits: R-Tools-II
• Toolkits: DataLifter
• Toolkits: AccessData
• LC Technology International Hardware
• Screenshot of Forensic Hardware
• Image MASSter Solo and FastBloc
• RMON2 Tracing Tools and MCI DoStracker
• EnCase
• Mòdul XV: Application password crackers
• Password - Terminology
• What is a Password Cracker?
• How Does A Password Cracker Work?
• Various Password Cracking Methods
• Classification of Cracking Software
• System Level Password Cracking
• Application Password Cracking
• Application Software Password Cracker
• Distributed Network Attack-I
• Distributed Network Attack-II
• Passware Kit
• Accent Keyword Extractor
• Advanced Zip Password Recovery
• Default Password Database
• http://phenoelit.darklab.org/
• http://www.defaultpassword.com/
• http://www.cirt.net/cgi-bin/passwd.pl
• Password Cracking Tools List
• Mòdul XVI: Investigating Logs
• Audit Logs and Security
• Audit Incidents
• Syslog
• Remote Logging
• Linux Process Accounting
• Configuring Windows Logging
• Setting up Remote Logging in Windows
• NtSyslog
• EventReporter
• Application Logs
• Extended Logging in IIS Server
• Examining Intrusion and Security Events
• Significance of Synchronized Time
• Event Gathering
• EventCombMT
• Writing Scripts
• Event Gathering Tools
• Forensic Tool: Fwanalog
• End-to End Forensic Investigation
• Correlating Log files
• Investigating TCPDump
• IDS Loganalyais: RealSecure
• IDS Loganalysis: SNORT
• Mòdul XVII: Investigating network traffic
• Overview of Network Protocols
• Sources of Evidence on a Network
• Overview of Physical and Data-link Layer of the OSI Model
• Evidence Gathering at the Physical Layer
• Tool: Windump
• Evidence Gathering at the Data-link Layer
• Tool: Ethereal
• Tool: NetIntercept
• Overview of Network and Transport Layer of the OSI Model
• Evidence Gathering at the Network and Transport Layer-(I)
• Gathering Evidence on a Network
• GPRS Network Sniffer: Nokia LIG
• NetWitness
• McAffee Infinistream Security Forensics
• Snort 2.1.0
• Documenting the Gathered Evidence on a Network
• Evidence Reconstruction for Investigation
• Mòdul XVIII: Router Forensics
• What Is a Router?
• Functions of a Router
• A Router in an OSI Model
• Routing Table and Its Components
• Router Architecture
• Implications of a Router Attack
• Types of Router Attacks
• Denial of Service (DoS) Attacks
• Investigating Dos Attacks
• Smurfing - Latest in Dos Attacks
• Packet 'Mistreating' Attacks
• Routing Table Poisoning
• Hit-and-run Attacks Vs. Persistent Attacks
• Router Forensics Vs. Traditional Forensics
• Investigating Routers
• Chain of Custody
• Incident Response & Session Recording
• Accessing the Router
• Volatile Evidence Gathering
• Router Investigation Steps - I
• Analyzing the Intrusion
• Logging
• Incident Forensics
• Handling a Direct Compromise Incident
• Other Incidents
• Mòdul XIX: Investigating Web Attacks
• Indications of a web attack
• Responding to a web attack
• Overview of web logs
• Mirrored Sites
• N-Stealth
• Investigating static and dynamic IP address
• Tools for locating IP Address: Nslookup
• Tools for locating IP Address: Traceroute
• Tools for locating IP Address: NeoTrace (Now McAfee Visual Trace)
• Tools for locating IP Address: Whois
• Web page defacement
• Defacement using DNS compromise
• Investigating DNS Poisoning
• SQL Injection Attacks
• Investigating SQL Injection Attacks
• Investigating FTP Servers
• Investigating FTP Logs
• Investigating IIS Logs
• Investigating Apache Logs
• Investigating DHCP Server Logfile
• Mòdul XX: Tracking E-mails and Investigating E-mail crimes
• Understanding Internet Fundamentals
• Understanding Internet Protocols
• Exploring the Roles of the Client and Server in E-mail
• E-mail Crime
• Spamming, Mail Bombing, Mail Storm
• Chat Rooms
• Identity Fraud , Chain Letter
• Sending Fakemail
• Investigating E-mail Crime and Violation
• Viewing E-mail Headers
• Examining an E-mail Header
• Viewing Header in Microsoft Outlook
• Viewing Header in Eudora
• Viewing Header in Outlook Express
• Viewing Header in AOL
• Viewing Header in Hot Mail
• Viewing Header using Pine for Unix
• Viewing Header in Juno
• Viewing Header in Yahoo
• Examining Additional Files
• Microsoft Outlook Mail
• Pst File Location
• Tracing an E-mail Message
• Using Network Logs Related to E-mail
• Understanding E-mail Server
• Examining UNIX E-mail Server Logs
• Examining Microsoft E-mail Server Logs
• Examining Novell GroupWise E-mail Logs
• Using Specialized E-mail Forensic Tools
• Tool: FINALeMAIL
• Tool: R-Mail
• E-Mail Examiner by Paraben
• Network E-Mail Examiner by Paraben
• Tracing Back
• Tracing Back Web Based E-mail
• Searching E-mail Addresses
• E-mail Search Site
• Handling Spam
• Network Abuse Clearing House
• Abuse.Net
• Protecting Your E-mail Address From Spam
• Tool: Enkoder Form
• Tool: eMailTrackerPro
• Tool: SPAM Punisher
• Mòdul XXI: Mobile and PDA Forensics
• Latest Mobile Phone Access Technologies
• Evidence in Mobile Phones
• Mobile Phone Forensic Examination Methodology
• Examining Phone Internal Memory
• Examining SIM
• Examining Flash Memory and Call data records
• Personal Digital Assistant (PDA)
• PDA Components
• PDA Forensics
• PDA Forensics - Examination
• PDA Forensics - Identification
• PDA Forensics - Collection
• PDA Forensics - Documentation
• Points to Be Remembered While Conducting Investigation
• PDA Seizure by Paraben
• SIM Card Seizure by Paraben (SIM Card acquisition tool)
• Forensic Tool: Palm dd (pdd)
• Forensic Tool: POSE
• Mòdul XXII: Investigating Trademark and Copyright Infringement
• Trademarks
• Trademark Eligibility and Benefits of Registering It
• Service Mark and Trade Dress
• Trademark infringement
• Trademark Search
• www.uspto.gov
• Copyright and Copyright Notice
• Investigating Copyright Status of a Particular Work
• How Long Does a Copyright Last?
• U.S Copyright Office
• Doctrine of 'Fair Use'
• How Are Copyrights Enforced?
• SCO Vs. IBM
• SCO Vs Linux
• Line-by-Line Copying
• Plagiarism
• Turnitin
• Plagiarism detection tools
• CopyCatch
• Patent
• Patent Infringement
• Patent Search
• Case Study: Microsoft Vs Forgent
• Internet Domain Name and ICANN
• Domain Name Infringement
• Case Study: Microsoft.com Vs MikeRoweSoft.com
• How to check for Domain Name Infringement?
• Mòdul XXIII: Investigative Reports
• Need of an investigative report
• Report specification
• Report Classification
• Report and Opinion
• Layout of an Investigative Report
• Writing Report
• Use of Supporting Material
• Importance of Consistency
• Salient Features of a Good Report
• Investigative Report Format
• Before Writing the Report
• Writing Report Using FTK
• Mòdul XXIV: Becoming an Expert Witness
• Who Is an Expert?
• Who Is an Expert Witness?
• Role of an Expert Witness
• Technical Testimony Vs. Expert Testimony
• Preparing for Testimony
• Evidence Preparation and Documentation
• Evidence Processing Steps
• Rules Pertaining to an Expert Witness' Qualification
• Importance of Curriculum Vitae
• Technical Definitions
• Testifying in Court
• The Order of Trial Proceedings
• Voir dire
• General Ethics While Testifying-i
• Evidence Presentation
• Importance of Graphics in a Testimony
• Helping Your Attorney
• Avoiding Testimony Problems
• Testifying During Direct Examination
• Testifying During Cross Examination
• Deposition
• Guidelines to Testify at a Deposition
• Dealing With Reporters
• Mòdul XXV: Forensics in action
• E-mail Hoax
• Trade Secret Theft
• Operation Cyberslam

40 hores + 2 hores d'examen

Barcelona:

• Course: 13-17 de octubre de 2008 (9:00 a 18:00).
• Exam: 31 d'octubre 2008 (15:00 a 17:00).

Els professors del curs de CHFI són membres de l'equip de Consultoria i Forensics d'Internet Security Auditors, S.L. que poseeixen el títol oficial de CHFI Instructor, concedit per l'EC-Council.

El curs s'imparteix en castellà, l'examen en anglés.

IL3 - Barcelona | C/ Ciutat de Granada, 131 | Metro Glòries.

• Inscripció anticipada (data límit 29 d'agost de 2008): 1.750 € (IVA no inclós).
• Inscripció normal: 1.950 € (IVA no inclós).

• Un ordinador per alumne
• Kit Oficial CHFI del curs en anglés (3 llibres amb els materials i 5 CDs)
• Coffee break i dinar
• Examen oficial EC-Council

La data límit per inscriure's al curs és el 26 de setembre de 2008.

Més informació e inscripcions al telèfon +34 93 305 13 18 o e-mail