DOCSLIB.ORG

CHFI: Computer Hacking Forensic Investigator Course Content

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
CHFI: Computer Hacking Forensic Investigator Course Content CHFI: Computer Hacking Forensic Investigator Course ID #: 1275-200-ZZ-W Hours: 40 Course Content Course Description: CHFI v9 covers a detailed methodological approach to computer forensic and evidence analysis. It provides the necessary skillset for identification of intruder’s footprints and gathering necessary evidence for its prosecution. All major tools and theories used by cyber forensic industry are covered in the curriculum. The certification can fortify the applied knowledge level of law enforcement personnel, system administrators, security officers, defense and military personnel, legal professionals, bankers, computer and network security professionals, and anyone who is concerned about the integrity of the network and digital investigations CHFI provides training in the necessary skills to perform effective digital forensic investigation. It is a comprehensive course covering major forensic investigation scenarios that enables students to acquire necessary hands-on experience on various forensic investigation techniques and standard forensic tools necessary to successfully carryout computer forensic investigation leading to prosecution of perpetrators. CHFI presents a methodological approach to computer forensics including searching and seizing, chain-of-custody, acquisition, preservation, analysis and reporting of digital evidence. Target Student: Anyone interested in cyber forensics/investigations Attorneys, Legal Consultants, and Lawyers Law Enforcement Officers Police Officers Federal/Government Agents Defense and Military Detectives/Investigators Incident Response Team Members Information Security Managers Network Defenders IT Professionals, IT Directors/Managers System/Network Engineers Security Analyst/Architect/Auditors/Consultants www.tcworkshop.com Pages 1 of 17 800.639.3535 CHFI: Computer Hacking Forensic Investigator Course ID #: 1275-200-ZZ-W Hours: 40 Prerequisites: IT/Forensics Professionals with basic knowledge on IT/Cyber Security, Computer Forensics, and Incident response. Prior completion of CEH training would be an advantage. Topics: Module 01: Computer Forensics in Today’s Computer Forensics as part of an Incident World Response Plan Understanding Computer Forensics Need for Forensic Investigator Why and When Do You Use Computer Roles and Responsibilities of Forensics Forensics? Investigator Cyber Crime (Types of Computer Crimes) What makes a Good Computer Forensics Case Study Investigator? Challenges Cyber Crimes Present For Investigative Challenges Investigators o Computer Forensics: Legal Issues Cyber Crime Investigation o Computer Forensics: Privacy Issues o Civil versus Criminal Investigation Legal and Privacy Issues o Case Study: Criminal Case Code of Ethics o Case Study: Civil Case Accessing Computer Forensics Resources o Administrative Investigation o Case Study: Administrative Case Module 02: Computer Forensics Investigation Rules of Forensics Investigation Process o Enterprise Theory of Investigation (ETI) Importance of Computer Forensics Process Understanding Digital Evidence Phases Involved in the Computer Forensics Types of Digital Evidence Investigation Process Characteristics of Digital Evidence Pre-investigation Phase Role of Digital Evidence o Setting Up a Computer Forensics Lab o Digital Forensics Challenges . Planning and Budgeting Sources of Potential Evidence . Physical Location and Structural Rules of Evidence Design Considerations o Best Evidence Rule . Work Area Considerations o “Hearsay” concept . Physical Security o Federal Rules of Evidence Recommendations . Scientific Working Group on . Fire-Suppression Systems Digital Evidence (SWGDE) . Evidence Locker Forensics Readiness Recommendations o Forensics Readiness Planning . Auditing the Security of a Forensics Lab www.tcworkshop.com Pages 2 of 17 800.639.3535 CHFI: Computer Hacking Forensic Investigator Course ID #: 1275-200-ZZ-W Hours: 40 . Human Resource Considerations . Incident Response: Different . Build a Forensics Workstation Situations . Basic Workstation Requirements in First Response by System a Forensics Lab Administrators . Build a Computer Forensics First Response by Non- Toolkit Forensic Staff . Forensics Hardware First Response by Laboratory . Forensics Software (Cont’d) Forensic Staff o Build the Investigation Team . First Responder Common Mistakes . Forensic Practitioner Certification . Documenting the Electronic Crime and Licensing Scene o Review Policies and Laws Photographing the Scene . Forensics Laws Sketching the Scene o Establish Quality Assurance Processes Note Taking Checklist . Quality Assurance Practices in o Computer Forensics Investigation Digital Forensics Methodology: Search and Seizure . General Quality Assurance in the . Consent Digital Forensic Process Sample of Consent Search . Quality Assurance Practices: Form Laboratory Software and Witness Signatures Hardware Witness Statement Checklist . Laboratory Accreditation . Conducting Preliminary Programs Interviews o Data Destruction Industry Standards . Planning the Search and Seizure o Risk Assessment Initial Search of the Scene . Risk Assessment Matrix . Warrant for Search and Seizure Investigation Phase Obtain Search Warrant o Investigation Process Example of Search Warrant . Questions to Ask When a Client . Searches Without a Warrant Calls the Forensic Investigator . Health and Safety Issues . Checklist to Prepare for a . Securing and Evaluating Electronic Computer Forensics Investigation Crime Scene: A Checklist . Notify Decision Makers and o Computer Forensics Investigation Acquire Authorization Methodology: Collect the Evidence o Computer Forensics Investigation . Collect Physical Evidence Methodology: First Response Evidence Collection Form . First Responder . Collecting and Preserving Roles of First Responder Electronic Evidence . First Response Basics www.tcworkshop.com Pages 3 of 17 800.639.3535 CHFI: Computer Hacking Forensic Investigator Course ID #: 1275-200-ZZ-W Hours: 40 . Dealing with Powered On . Verify Image Integrity Computers MD5 Hash Calculators: . Dealing with Powered Off HashCalc, MD5 Calculator Computers and HashMyFiles . Dealing with Networked . Recover Lost or Deleted Data Computer Data Recovery Software . Dealing with Open Files and o Computer Forensics Investigation Startup Files Methodology: Data Analysis . Operating System Shutdown . Data Analysis Procedure Post-investigation Phase . Computers and Servers o Computer Forensics Investigation . Preserving Electronic Evidence Methodology: Evidence Assessment . Seizing Portable Computers . Evidence Assessment . Dealing with Switched On . Case Assessment Portable Computers . Processing Location Assessment o Computer Forensics Investigation . Collecting Evidence from Social Methodology: Secure the Evidence Networks . Evidence Management . Best Practices on how to Behave as . Chain of Custody an Investigator on Social Media Simple Format of the Chain . Best Practices to Assess the of Custody Document Evidence Chain of Custody Forms o Computer Forensics Investigation Chain of Custody on Methodology: Documentation and Property Evidence Reporting Envelope/Bag and Sign-out . Documentation in Each Phase Sheet . Gather and Organize Information . Packaging and Transporting . Writing the Investigation Report Electronic Evidence o Computer Forensics Investigation Evidence Bag Contents List Methodology: Testify as an Expert Packaging Electronic Witness Evidence . Expert Witness Exhibit Numbering . Testifying in the Court Room Transporting Electronic . Closing the Case Evidence . Maintaining Professional Conduct . Storing Electronic Evidence o Computer Forensics Investigation Methodology: Data Acquisition . Guidelines for Acquiring Evidence . Duplicate the Data (Imaging) www.tcworkshop.com Pages 4 of 17 800.639.3535 CHFI: Computer Hacking Forensic Investigator Course ID #: 1275-200-ZZ-W Hours: 40 Module 03: Understanding Hard Disks and File o What is the Booting Process? Systems o Essential Windows System Files Hard Disk Drive Overview o Windows Boot Process o Disk Drive Overview o Identifying GUID Partition Table (GPT) o Hard Disk Drive (HDD) o Analyzing the GPT Header and Entries o Solid-State Drive (SSD) o GPT Artifacts o Physical Structure of a Hard Disk o Macintosh Boot Process o Logical Structure of Hard Disk o Linux Boot Process o Types of Hard Disk Interfaces Understanding File Systems o Hard Disk Interfaces o Understanding File Systems . ATA o Types of File Systems . SCSI o Windows File Systems . IDE/EIDE . File Allocation Table (FAT) . USB FAT File System Layout . Fibre Channel FAT Partition Boot Sector o Tracks FAT Folder Structure . Track Numbering Directory Entries and Cluster o Sector Chains . Sector Addressing Filenames on FAT Volumes . Advanced Format: Sectors FAT32 o Cluster . New Technology File System . Cluster Size (NTFS) . Slack Space NTFS Architecture . Lost Clusters NTFS System Files o Bad Sectors NTFS Partition Boot Sector o Understanding Bit, Byte, and Nibble Cluster Sizes of NTFS o Hard Disk Data Addressing Volume o Data Densities on a Hard Disk NTFS Master File Table o Disk Capacity Calculation (MFT) o Measuring the Performance of the Hard o Metadata Files Stored in Disk the MFT Disk Partitions and Boot Process NTFS Attributes o Disk Partitions NTFS Data Stream o BIOS Parameter Block (BPB)Partitioning NTFS Compressed Files utilities o Setting the Compression o Master Boot Record State of a Volume . Structure of a Master Boot Record Encrypting File Systems (EFS)
Load more

Recommended publications
  • Comptia A+ Acronym List Core 1 (220-1001) and Core 2 (220-1002)
    CompTIA A+ Acronym List Core 1 (220-1001) and Core 2 (220-1002) AC: Alternating Current ACL: Access Control List ACPI: Advanced Configuration Power Interface ADF: Automatic Document Feeder ADSL: Asymmetrical Digital Subscriber Line AES: Advanced Encryption Standard AHCI: Advanced Host Controller Interface AP: Access Point APIPA: Automatic Private Internet Protocol Addressing APM: Advanced Power Management ARP: Address Resolution Protocol ASR: Automated System Recovery ATA: Advanced Technology Attachment ATAPI: Advanced Technology Attachment Packet Interface ATM: Asynchronous Transfer Mode ATX: Advanced Technology Extended AUP: Acceptable Use Policy A/V: Audio Video BD-R: Blu-ray Disc Recordable BIOS: Basic Input/Output System BD-RE: Blu-ray Disc Rewritable BNC: Bayonet-Neill-Concelman BSOD: Blue Screen of Death 1 BYOD: Bring Your Own Device CAD: Computer-Aided Design CAPTCHA: Completely Automated Public Turing test to tell Computers and Humans Apart CD: Compact Disc CD-ROM: Compact Disc-Read-Only Memory CD-RW: Compact Disc-Rewritable CDFS: Compact Disc File System CERT: Computer Emergency Response Team CFS: Central File System, Common File System, or Command File System CGA: Computer Graphics and Applications CIDR: Classless Inter-Domain Routing CIFS: Common Internet File System CMOS: Complementary Metal-Oxide Semiconductor CNR: Communications and Networking Riser COMx: Communication port (x = port number) CPU: Central Processing Unit CRT: Cathode-Ray Tube DaaS: Data as a Service DAC: Discretionary Access Control DB-25: Serial Communications
    [Show full text]
  • Winter 2004 ISSN 1741-4229
    IIRRMMAA INFORMATION RISK MANAGEMENT & AUDIT JOURNAL ◆ SPECIALIST ROUP OF THE ◆ JOURNAL A G BCS volume 14 number 5 winter 2004 ISSN 1741-4229 Programme for members’ meetings 2004 – 2005 Tuesday 7 September 2004 Computer Audit Basics 2: Auditing 16:00 for 16:30 Late afternoon the Infrastructure and Operations KPMG Thursday 7 October 2004 Regulatory issues affecting IT in the 10:00 to 16:00 Full day Financial Industry Old Sessions House Tuesday 16 November 2004 Networks Attacks – quantifying and 10:00 to 16:00 Full day dealing with future threats Chartered Accountants Hall Tuesday 18 January 2005 Database Security 16:00 for 16:30 Late afternoon KPMG Tuesday 15 March 2005 IT Governance 10:00 to 16:00 Full day BCS – The Davidson Building, 5 Southampton Street, London WC2 7HA Tuesday 17 May 2005 Computer Audit Basics 3: CAATS 16:00 for 16:30 Late afternoon Preceded by IRMA AGM KPMG AGM precedes the meeting Please note that these are provisional details and are subject to change. The late afternoon meetings are free of charge to members. For full day briefings a modest, very competitive charge is made to cover both lunch and a full printed delegate’s pack. For venue maps see back cover. Contents of the Journal Technical Briefings Front Cover Editorial John Mitchell 3 The Down Under Column Bob Ashton 4 Members’ Benefits 5 Creating and Using Issue Analysis Memos Greg Krehel 6 Computer Forensics Science – Part II Celeste Rush 11 Membership Application 25 Management Committee 27 Advertising in the Journal 28 IRMA Venues Map 28 GUIDELINES FOR POTENTIAL AUTHORS The Journal publishes various types of article.
    [Show full text]
  • Disk Management (4 Min) When We Want to Install a Hard Drive in Our System We're Going to Need to Make That Hard Drive Either a Basic Disk Or a Dynamic Disk
    Video – Disk Management (4 min) When we want to install a hard drive in our system we're going to need to make that hard drive either a basic disk or a dynamic disk. A basic disk, which is the default, contains primary and extended partitions as well as logical drives. A basic disk is limited to four partitions. The Windows operating system needs to be installed onto a basic disk. After it's installed the basic disk can then be converted to a dynamic disk. Primary partition. The primary partition contains the operating system. There can be up to four primary partitions per hard drive and a primary partition cannot be subdivided into smaller sections. A primary partition can also be marked as the active partition. The operating system uses the active partition to boot the computer. Only one primary partition per disk can be marked as active. In most cases, the C: drive is the active partition and contains the boot and system files. Meaning the MBR or Master Boot Record Partition Table. Newer systems that use EFI instead of BIOS are using the GPT or GUID partition table. If you're using the GPT instead of the MBR partition table you can have more than four primary partitions on a disk. An extended partition. There can only be one extended partition per hard drive. Once again, primary partitions, active partitions and extended partitions are all part of a basic disk. An extended partition cannot hold the operating system, but it can be subdivided into smaller sections called logical drives.
    [Show full text]
  • An Introduction to Windows Operating System
    EINAR KROGH AN INTRODUCTION TO WINDOWS OPERATING SYSTEM Download free eBooks at bookboon.com 2 An Introduction to Windows Operating System 2nd edition © 2017 Einar Krogh & bookboon.com ISBN 978-87-403-1935-4 Peer review by Høgskolelektor Lars Vidar Magnusson, Høgskolen i Østfold Download free eBooks at bookboon.com 3 AN INTRODUCTION TO WINDOWS OPERATING SYSTEM CONTENTS CONTENTS Introduction 9 1 About Windows history 10 1.1 MS-DOS 10 1.2 The first versions of Windows 11 1.3 Windows NT 12 1.4 Windows versions based on Windows NT 13 1.5 Windows Server 15 1.6 Control Questions 17 2 The tasks of an operating system 18 2.1 About the construction of computers 19 2.2 Central tasks for an operating system 20 2.3 Control Questions 22 �e Graduate Programme I joined MITAS because for Engineers and Geoscientists I wanted real responsibili� www.discovermitas.comMaersk.com/Mitas �e Graduate Programme I joined MITAS because for Engineers and Geoscientists I wanted real responsibili� Maersk.com/Mitas Month 16 I wwasas a construction Month 16 supervisorI wwasas in a construction the North Sea supervisor in advising and the North Sea Real work helpinghe foremen advising and IInternationalnternationaal opportunities ��reeree wworkoro placements solves Real work problems helpinghe foremen IInternationalnternationaal opportunities ��reeree wworkoro placements solves problems Download free eBooks at bookboon.com Click on the ad to read more 4 AN INTRODUCTION TO WINDOWS OPERATING SYSTEM CONTENTS 3 Some concepts and terms of the Windows operating system 23 3.1
    [Show full text]
  • Tahoe-LAFS Documentation Release 1.X
    Tahoe-LAFS Documentation Release 1.x The Tahoe-LAFS Developers January 19, 2017 Contents 1 Welcome to Tahoe-LAFS! 3 1.1 What is Tahoe-LAFS?..........................................3 1.2 What is “provider-independent security”?................................3 1.3 Access Control..............................................4 1.4 Get Started................................................4 1.5 License..................................................4 2 Installing Tahoe-LAFS 5 2.1 First: In Case Of Trouble.........................................5 2.2 Pre-Packaged Versions..........................................5 2.3 Preliminaries...............................................5 2.4 Install the Latest Tahoe-LAFS Release.................................6 2.5 Running the tahoe executable.....................................8 2.6 Running the Self-Tests..........................................8 2.7 Common Problems............................................9 2.8 Using Tahoe-LAFS............................................9 3 How To Run Tahoe-LAFS 11 3.1 Introduction............................................... 11 3.2 Do Stuff With It............................................. 12 3.3 Socialize................................................. 13 3.4 Complain................................................. 13 4 Configuring a Tahoe-LAFS node 15 4.1 Node Types................................................ 16 4.2 Overall Node Configuration....................................... 16 4.3 Connection Management........................................
    [Show full text]
  • GIAC.GCFA.V2018-03-11.Q309
    GIAC.GCFA.v2018-03-11.q309 Exam Code: GCFA Exam Name: GIAC Certified Forensics Analyst Certification Provider: GIAC Free Question Number: 309 Version: v2018-03-11 # of views: 403 # of Questions views: 24822 https://www.freecram.com/torrent/GIAC.GCFA.v2018-03-11.q309.html NEW QUESTION: 1 Which of the following statements is NOT true about the file slack spaces in Windows operating system? A. File slack is the space, which exists between the end of the file and the end of the last cluster. B. File slack may contain data from the memory of the system. C. It is possible to find user names, passwords, and other important information in slack. D. Large cluster size will decrease the volume of the file slack. Answer: D (LEAVE A REPLY) NEW QUESTION: 2 In which of the following files does the Linux operating system store passwords? A. Passwd B. SAM C. Shadow D. Password Answer: (SHOW ANSWER) NEW QUESTION: 3 Which of the following password cracking attacks is based on a pre-calculated hash table to retrieve plain text passwords? A. Rainbow attack B. Dictionary attack C. Hybrid attack D. Brute Force attack Answer: A (LEAVE A REPLY) NEW QUESTION: 4 You work as a Network Administrator for NetTech Inc. The company has a network that consists of 200 client computers and ten database servers. One morning, you find that an unauthorized user is accessing data on a database server on the network. Which of the following actions will you take to preserve the evidences? Each correct answer represents a complete solution.
    [Show full text]
  • Abkürzungs-Liste ABKLEX
    Abkürzungs-Liste ABKLEX (Informatik, Telekommunikation) W. Alex 1. Juli 2021 Karlsruhe Copyright W. Alex, Karlsruhe, 1994 – 2018. Die Liste darf unentgeltlich benutzt und weitergegeben werden. The list may be used or copied free of any charge. Original Point of Distribution: http://www.abklex.de/abklex/ An authorized Czechian version is published on: http://www.sochorek.cz/archiv/slovniky/abklex.htm Author’s Email address: [email protected] 2 Kapitel 1 Abkürzungen Gehen wir von 30 Zeichen aus, aus denen Abkürzungen gebildet werden, und nehmen wir eine größte Länge von 5 Zeichen an, so lassen sich 25.137.930 verschiedene Abkür- zungen bilden (Kombinationen mit Wiederholung und Berücksichtigung der Reihenfol- ge). Es folgt eine Auswahl von rund 16000 Abkürzungen aus den Bereichen Informatik und Telekommunikation. Die Abkürzungen werden hier durchgehend groß geschrieben, Akzente, Bindestriche und dergleichen wurden weggelassen. Einige Abkürzungen sind geschützte Namen; diese sind nicht gekennzeichnet. Die Liste beschreibt nur den Ge- brauch, sie legt nicht eine Definition fest. 100GE 100 GBit/s Ethernet 16CIF 16 times Common Intermediate Format (Picture Format) 16QAM 16-state Quadrature Amplitude Modulation 1GFC 1 Gigabaud Fiber Channel (2, 4, 8, 10, 20GFC) 1GL 1st Generation Language (Maschinencode) 1TBS One True Brace Style (C) 1TR6 (ISDN-Protokoll D-Kanal, national) 247 24/7: 24 hours per day, 7 days per week 2D 2-dimensional 2FA Zwei-Faktor-Authentifizierung 2GL 2nd Generation Language (Assembler) 2L8 Too Late (Slang) 2MS Strukturierte
    [Show full text]
  • Of File Systems and Storage Models
    Chapter 4 Of File Systems and Storage Models Disks are always full. It is futile to try to get more disk space. Data expands to fill any void. –Parkinson’sLawasappliedto disks 4.1 Introduction This chapter deals primarily with how we store data. Virtually all computer systems require some way to store data permanently; even so-called “diskless” systems do require access to certain files in order to boot, run and be useful. Albeit stored remotely (or in memory), these bits reside on some sort of storage system. Most frequently, data is stored on local hard disks, but over the last few years more and more of our files have moved “into the cloud”, where di↵erent providers o↵er easy access to large amounts of storage over the network. We have more and more computers depending on access to remote systems, shifting our traditional view of what constitutes a storage device. 74 CHAPTER 4. OF FILE SYSTEMS AND STORAGE MODELS 75 As system administrators, we are responsible for all kinds of devices: we build systems running entirely without local storage just as we maintain the massive enterprise storage arrays that enable decentralized data replication and archival. We manage large numbers of computers with their own hard drives, using a variety of technologies to maximize throughput before the data even gets onto a network. In order to be able to optimize our systems on this level, it is important for us to understand the principal concepts of how data is stored, the di↵erent storage models and disk interfaces.Itisimportanttobeawareofcertain physical properties of our storage media, and the impact they, as well as certain historic limitations, have on how we utilize disks.
    [Show full text]
  • Design and Implementation of a Distributed Back-Up System Thomas Mager
    Design and implementation of a distributed back-up system Thomas Mager To cite this version: Thomas Mager. Design and implementation of a distributed back-up system. Cryptography and Security [cs.CR]. Télécom ParisTech, 2014. English. NNT : 2014ENST0036. tel-01413484 HAL Id: tel-01413484 https://pastel.archives-ouvertes.fr/tel-01413484 Submitted on 9 Dec 2016 HAL is a multi-disciplinary open access L’archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destinée au dépôt et à la diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publiés ou non, lished or not. The documents may come from émanant des établissements d’enseignement et de teaching and research institutions in France or recherche français ou étrangers, des laboratoires abroad, or from public or private research centers. publics ou privés. 2014-ENST-0036 EDITE - ED 130 Doctorat ParisTech THÈSE pour obtenir le grade de docteur délivré par TELECOM ParisTech Spécialité « réseaux et sécurité » présentée et soutenue publiquement par Thomas MAGER le 30 juin 2014 Conception et implémentation d’un système de sauvegarde distribué Directeur de thèse : Prof. Ernst BIERSACK Jury M. Pietro MICHIARDI, EURECOM, Sophia-Antipolis - France Examinateur M. Guillaume URVOY-KELLER, Université Nice Sophia Antipolis - France Examinateur et Président M. Georg CARLE, TU Munich, Munich - Allemagne Rapporteur M. Pascal FELBER, Université de Neuchâtel, Neuchâtel - Suisse Rapporteur TELECOM ParisTech école de l’Institut Télécom - membre de ParisTech ii Abstract As computer users, we create increasing amounts of data, such as digital docu- ments, pictures, and videos. Because these data have high value in our daily life the need for back-ups arises.
    [Show full text]
  • AA Auto Answer AAB All-To-All Broadcast AAL Asynchronous
    AA Auto Answer Advanced Communications Function AAB All-to-All Broadcast ACH Automated Clearing House AAL Asynchronous Transfer Mode Adaption Layer ACIAS Automated Calibration Interval Analysis System AAP Applications Access Point [DEC] ACIS American Committee for Interoperable Systems AAS All-to-All Scatter ACK Acknowledgment AASP ASCII Asynchronous Support Package ACL Access Control List AAT Average Access Time ACM Association for Computing Machinery ABC * Atanasoff-Berry Computer (First digital Audio Compression Manager [Microsoft] calculating machine that used vacuum tubes) ACMS Application Control Management System ABEND Abnormal End ACP Ancillary Control Program + Auxilary Control Process ABI Application Binary Interface ACPI Advanced Configuration Power Interface ABIOS Advanced BIOS ACROSS Automated Cargo Release and Operations ABIST Automatic Built-In Self-Test [IBM] Service System ABLE Adaptive Battery Life Extender ACS Access + Access Control Set + ABR Available Bit Rate Access Control System + ABRS Automated Book Request System [British Library] * Advanced Computer System [IBM] + ABS Address Book Synchronization [IBM] + Absolute Asynchronous Communication Server ABT Abort ACTS Automated Computer Time Service ABTS ASCII Block Terminal Services ACTT Advanced Communication and Timekeeping AC Autocheck + Automatic Computer + Alternating Current Technology [Seiko] ACAP Application Configuration Access Protocol ACU Automatic Calling Unit ACC Accumulator A/D Analog to Digital ACD Automatic Call Distribution ADA Automatic Data Acquisitions
    [Show full text]
  • Generating Computer Forensic Supertimelines Under Linux
    Generating computer forensic super- timelines under Linux A comprehensive guide for Windows-based disk images R. Carbone Certified Hacking Forensic Investigator (EC-Council) DRDC Valcartier C. Bean Certified Hacking Forensic Investigator (EC Council) Defence R&D Canada – Valcartier Technical Memorandum DRDC Valcartier TM 2011-216 October 2011 Generating computer forensic super- timelines under Linux A comprehensive guide for Windows-based disk images R. Carbone Certified Hacking Forensic Investigator (EC Council) DRDC Valcartier C. Bean Certified Hacking Forensic Investigator (EC Council) Defence R&D Canada – Valcartier Technical Memorandum DRDC Valcartier TM 2011-216 October 2011 Principal Author Richard Carbone Programmer/Analyst Approved by Guy Turcotte Head/System of Systems Approved for release by Christian Carrier Chief Scientist © Her Majesty the Queen in Right of Canada, as represented by the Minister of National Defence, 2011 © Sa Majesté la Reine (en droit du Canada), telle que représentée par le ministre de la Défense nationale, 2011 Abstract …….. This technical memorandum examines the basics surrounding computer forensic filesystem timelines and provides an enhanced approach to generating superior timelines for improved filesystem analysis and contextual awareness. Timelines are improved by polling multiple sources of information across the filesystem resulting in an approach that is surprisingly flexible and customizable. The timeline is further enhanced by incorporating key time-based metadata found across a disk image which, when taken as a whole, increases the forensic investigator’s understanding. Résumé …..... Ce mémorandum technique examine les bases entourant la création d’un calendrier des événements inforensiques des systèmes de fichier et fournit une approche améliorée pour générer des calendriers supérieurs pour une analyse améliorée des systèmes de fichiers et un meilleur éveil contextuel.
    [Show full text]
  • II. the Essential Role You Play. III. Review Texas Computer Security Laws
    TMCEC Cyber Security Training Agenda I. Why is cyber‐security important? II. The essential role you play. III. Review Texas Computer Security Laws. IV. Overview Information Security Threats. V. Communications security. VI. Computer and network security. VII. Physical security. VIII. Cyber security best practices. Cyberattacks on State Databases Escalate By Jeffrey Stinson, Stateline.org McClatchy‐Tribune Information Services Oct. 02‐‐NASHVILLE, Tenn. ‐‐ State governments are facing a daily barrage of cyberattacks from increasingly sophisticated computer hackers. The hackers' rapidly changing tactics threaten the exposure of personal information of millions of citizens and can cost taxpayers millions of dollars to fix. "We see attacks on Texas' system to the tune of millions a month," said Karen Robinson, Texas' state chief information officer. Although breaches of Texas' state computers are rare, Robinson said, the risks are high. They can result in the theft of citizens' Social Security numbers, dates of birth, driver's license numbers and even personal and business financial information. All states are facing a growing number of wide‐ranging, quickly evolving attacks, according to a new report released here Wednesday at the start of National Cybersecurity Awareness Month, sponsored by the U.S. Department of Homeland Security and backed by the states. Despite the threat, the report found, state legislators often don't give their technology and security officials enough money to combat it, and states struggle to retain technologically savvy cybersecurity personnel. The report, from the National Association of State Chief Information Officers and the consulting firm Deloitte & Touche LLP, said the dangers of insufficient cybersecurity are high‐‐not only for citizens whose personal information can be compromised, but for taxpayers and the public's trust in government.
    [Show full text]