Duration
Course Objective
CHFI v9 là một chương trình đào tạo chuyên về điều tra dấu vết Hacker do EC_Council cung cấp. CHFI bao gồm nội dung về phương pháp "xét nghiệm hiện trường" với đối tượng vừa bị tấn công (bao gồm cả phương thức lẫn công cụ dùng để xem xét thực trạng). Khóa học giúp cho học viên nhanh chóng lĩnh hội các kỷ năng xử lý các "bằng chứng số", thu thập thêm các tín hiệu, bằng chứng có giá trị pháp lý khác còn lại tại hiện trường.
Ngoài ra, CHFI V9 cung cấp kiến thức chuyên sâu cho người học về các phương thức kỹ thuật cũng như hàng trăm công cụ dò tìm dấu vết mạnh mẽ như EnCase, Access Data FTK, và ProDiscover... , đồng thời đảm bảo tính pháp lý trong cuộc chiến chống lại tội phạm mạng.
Who Can Benefit
-
Người làm công tác CNTT
-
Người đang tham gia công tác an ninh, an toàn thông tin của đơn vị.
-
Đã tham gia khóa đào tạo và có chứng chỉ CEH.
Course Content
Module 01: Computer Forensics in Today’s World
-
Understanding Computer Forensics
-
Why and When Do You Use Computer Forensics?
-
Cyber Crime (Types of Computer Crimes)
-
Case Study
-
Challenges Cyber Crimes Present For Investigators
-
Cyber Crime Investigation
-
Rules of Forensics Investigation
-
Understanding Digital Evidence
-
Types of Digital Evidence
-
Characteristics of Digital Evidence
-
Role of Digital Evidence
-
Sources of Potential Evidence
-
Rules of Evidence
-
Forensics Readiness
-
Computer Forensics as part of an Incident Response Plan
-
Need for Forensic Investigator
-
Roles and Responsibilities of Forensics Investigator
-
What makes a Good Computer Forensics Investigator?
-
Investigative Challenges
-
Legal and Privacy Issues
-
Code of Ethics
-
Accessing Computer Forensics Resources
Module 02: Computer Forensics Investigation Process
-
Importance of Computer Forensics Process
-
Phases Involved in the Computer Forensics Investigation Process
-
Pre-investigation Phase
-
Investigation Phase
-
Post-investigation Phase
Module 03: Understanding Hard Disks and File Systems
-
Hard Disk Drive Overview
-
Disk Partitions and Boot Process
-
Understanding File Systems
-
RAID Storage System
-
File System Analysis
Module 04: Operating System Forensics
-
Data Acquisition and Duplication Concepts
-
Static Acquisition
-
Validate Data Acquisitions
-
Acquisition Best Practices
Module 05: Defeating Anti-Forensics Techniques
-
What is Anti-Forensics?
-
Anti-Forensics techniques
Module 06: Data Acquisition and Duplication
-
Determining the Best Acquisition Method
-
Planning Data Recovery Contingencies
-
Using MS-DOS Acquisition Tools
-
Understanding How DriveSpy Accesses Sector Ranges
-
Data Preservation Commands
-
Using DriveSpy Data Manipulation Commands
-
Using Windows Acquisition Tools
-
AccessData FTK Explorer
-
Acquiring Data on Linux Computers
-
Using Other Forensics Acquisition Tools
-
Exploring SnapBack DatArrest
-
Exploring SafeBack
-
Exploring EnCase
-
Tool: R-Drive Image
-
Tool: DriveLook
-
Tool: DiskExplorer for NTFS
Module 07: Network Forensics
-
Introduction to Network Forensics
-
Fundamental Logging Concepts
-
Event Correlation Concepts
-
Network Forensic Readiness
-
Network Forensics Steps
-
Network Traffic Investigation
Module 08: Investigating Web Attacks
-
Introduction to Web Application Forensics
-
Web Attack Investigation
-
Investigating Web Server Logs
-
Web Attack Detection Tools
-
Tools for Locating IP Address
-
WHOIS Lookup Tools
Module 09: Database Forensics
-
Database Forensics and Its Importance
-
MSSQL Forensics
-
MySQL Forensics
-
Module 10: Cloud Forensics
-
Introduction to Cloud Computing
-
Cloud Forensics
Module 11: Malware Forensics
-
Introduction to Malware
-
Introduction to Malware Forensics
Module 12: Investigating Email Crimes
-
Email System
-
Email Crimes (Email Spamming, Mail Bombing/Mail Storm, Phishing, Email Spoofing, Crime via Chat Room, Identity Fraud/Chain Letter)
-
Email Message
-
Steps to Investigate Email Crimes and Violation
Module 13: Mobile Forensics
Module 14: Investigative Reports
-
Writing Investigation Reports
-
Expert Witness Testimony
-
Exploring the Functions of Networking
-
Introducing the Host-to-Host Communications Model
-
Operating Cisco IOS Software
-
Introducing LANs
-
Exploring the TCP/IP Link Layer
Day 2
-
Starting a Switch
-
Introducing the TCP/IP Internet Layer, IPv4 Addressing, and Subnets
-
Explaining the TCP/IP Transport Layer and Application Layer
-
Exploring the Functions of Routing
-
Configuring a Cisco Router
Day 3
-
Exploring the Packet Delivery Process
-
Troubleshooting a Simple Network
-
Introducing Basic IPv6
-
Configuring Static Routing
-
Implementing VLANs and Trunks
Day 4
-
Routing Between VLANs
-
Introducing OSPF
-
Improving Redundant Switched Topologies with EtherChannel
-
Explaining Basics of ACL
-
Enabling Internet Connectivity
Day 5
-
Explaining the Evolution of Intelligent Networks
-
Introducing System Monitoring
-
Managing Cisco Devices
-
Securing Administrative Access
-
Implementing Device Hardening
Day 6-8 Self-Study
-
Building Redundant Switched Topologies
-
Exploring Layer 3 Redundancy
-
Introducing WAN Technologies
-
Introducing QoS
-
Explaining Wireless Fundamentals
-
Introducing Architectures and Virtualization
-
Examining the Security Threat Landscape
-
Implementing Threat Defense Technologies