Viện Công Nghệ Kỹ Thuật Sài Gòn - Đào tạo CNTT

Chương trình đào tạo
Trang chủ   //   Chương trình đào tạo   //   Hãng đào tạo   //  

COMPUTER HACKING FORENSIC INVESTIGATOR V9 (CHFIv9)

Computer Hacking Forensic Investigator (CHFI v9)

40 giờ

CHFI v9 là một chương trình đào tạo chuyên về điều tra dấu vết Hacker do EC_Council cung cấp. CHFI bao gồm nội dung về phương pháp "xét nghiệm hiện trường" với đối tượng vừa bị tấn công (bao gồm cả phương thức lẫn công cụ dùng để xem xét thực trạng). Khóa học giúp cho học viên nhanh chóng lĩnh hội các kỷ năng xử lý các "bằng chứng số", thu thập thêm các tín hiệu, bằng chứng có giá trị pháp lý khác còn lại tại hiện trường.

Ngoài ra, CHFI V9 cung cấp kiến thức chuyên sâu cho người học về các phương thức kỹ thuật cũng như hàng trăm công cụ dò tìm dấu vết mạnh mẽ như EnCase, Access Data FTK, và ProDiscover... , đồng thời đảm bảo tính pháp lý trong cuộc chiến chống lại tội phạm mạng.

  • Người làm công tác CNTT
  • Người đang tham gia công tác an ninh, an toàn thông tin của đơn vị.
  • Đã tham gia khóa đào tạo và có chứng chỉ CEH.

Module 01: Computer Forensics in Today’s World

  • Understanding Computer Forensics
  • Why and When Do You Use Computer Forensics?
  • Cyber Crime (Types of Computer Crimes)
  • Case Study
  • Challenges Cyber Crimes Present For Investigators
  • Cyber Crime Investigation
  • Rules of Forensics Investigation
  • Understanding Digital Evidence
  • Types of Digital Evidence
  • Characteristics of Digital Evidence
  • Role of Digital Evidence
  • Sources of Potential Evidence
  • Rules of Evidence
  • Forensics Readiness
  • Computer Forensics as part of an Incident Response Plan
  • Need for Forensic Investigator
  • Roles and Responsibilities of Forensics Investigator
  • What makes a Good Computer Forensics Investigator?
  • Investigative Challenges
  • Legal and Privacy Issues
  • Code of Ethics
  • Accessing Computer Forensics Resources

Module 02: Computer Forensics Investigation Process

  • Importance of Computer Forensics Process
  • Phases Involved in the Computer Forensics Investigation Process
  • Pre-investigation Phase
  • Investigation Phase
  • Post-investigation Phase

Module 03: Understanding Hard Disks and File Systems

  • Hard Disk Drive Overview
  • Disk Partitions and Boot Process
  • Understanding File Systems
  • RAID Storage System
  • File System Analysis

Module 04: Operating System Forensics

  • Data Acquisition and Duplication Concepts
  • Static Acquisition
  • Validate Data Acquisitions
  • Acquisition Best Practices

Module 05: Defeating Anti-Forensics Techniques

  • What is Anti-Forensics?
  • Anti-Forensics techniques

Module 06: Data Acquisition and Duplication

  • Determining the Best Acquisition Method
  • Planning Data Recovery Contingencies
  • Using MS-DOS Acquisition Tools
  • Understanding How DriveSpy Accesses Sector Ranges
  • Data Preservation Commands
  • Using DriveSpy Data Manipulation Commands
  • Using Windows Acquisition Tools
  • AccessData FTK Explorer
  • Acquiring Data on Linux Computers
  • Using Other Forensics Acquisition Tools
  • Exploring SnapBack DatArrest
  • Exploring SafeBack
  • Exploring EnCase
  • Tool: R-Drive Image
  • Tool: DriveLook
  • Tool: DiskExplorer for NTFS

Module 07: Network Forensics

  • Introduction to Network Forensics
  • Fundamental Logging Concepts
  • Event Correlation Concepts
  • Network Forensic Readiness
  • Network Forensics Steps
  • Network Traffic Investigation

Module 08: Investigating Web Attacks

  • Introduction to Web Application Forensics
  • Web Attack Investigation
  • Investigating Web Server Logs
  • Web Attack Detection Tools
  • Tools for Locating IP Address
  • WHOIS Lookup Tools

Module 09: Database Forensics

  • Database Forensics and Its Importance
  • MSSQL Forensics
  • MySQL Forensics
  • Module 10: Cloud Forensics
  • Introduction to Cloud Computing
  • Cloud Forensics

Module 11: Malware Forensics

  • Introduction to Malware
  • Introduction to Malware Forensics

Module 12: Investigating Email Crimes

  • Email System
  • Email Crimes (Email Spamming, Mail Bombing/Mail Storm, Phishing, Email Spoofing, Crime via Chat Room, Identity Fraud/Chain Letter)
  • Email Message
  • Steps to Investigate Email Crimes and Violation

Module 13: Mobile Forensics

  • Mobile Device Forensics

Module 14: Investigative Reports

  • Writing Investigation Reports
  • Expert Witness Testimony

COURSE OUTLINE

Day 1

  • Exploring the Functions of Networking
  • Introducing the Host-to-Host Communications Model
  • Operating Cisco IOS Software
  • Introducing LANs
  • Exploring the TCP/IP Link Layer

Day 2

  • Starting a Switch
  • Introducing the TCP/IP Internet Layer, IPv4 Addressing, and Subnets
  • Explaining the TCP/IP Transport Layer and Application Layer
  • Exploring the Functions of Routing
  • Configuring a Cisco Router

Day 3

  • Exploring the Packet Delivery Process
  • Troubleshooting a Simple Network
  • Introducing Basic IPv6
  • Configuring Static Routing
  • Implementing VLANs and Trunks

Day 4

  • Routing Between VLANs
  • Introducing OSPF
  • Improving Redundant Switched Topologies with EtherChannel
  • Explaining Basics of ACL
  • Enabling Internet Connectivity

Day 5

  • Explaining the Evolution of Intelligent Networks
  • Introducing System Monitoring
  • Managing Cisco Devices
  • Securing Administrative Access
  • Implementing Device Hardening

Day 6-8 Self-Study

  • Building Redundant Switched Topologies
  • Exploring Layer 3 Redundancy
  • Introducing WAN Technologies
  • Introducing QoS
  • Explaining Wireless Fundamentals
  • Introducing Architectures and Virtualization
  • Examining the Security Threat Landscape
  • Implementing Threat Defense Technologies