TechNow's Incident Response, Forensic Analysis & Discovery course combines forensic examinations & digital content analysis with immediate real-time response in an enterprise LAN/WAN environment.

Duration: 5 Days

Applying investigative techniques to incident response, forensic analysis & discovery
Acquisition & verification of digital evidence across the network infrastructure
Proactive analysis for unauthorized use, malicious applications, & corporate compliance
Investigating & analysis for corporate police violations
Acquisition and reporting of terminated employees data in secure & verifiable manner
Discovering files, directories & entire volumes of live machines
Conducting keyword searches
Recognizing & validating files signatures
Browsing file system artifacts such as the swap file, file slack & spooler files
Identifying Windows NTFS artifacts
Recovering printed & faxed pages
Exporting file lists & obtaining file statistics to support discovery
Discovering web-based e-mail & other common e-mail types
Bookmarking findings & evidence & creating reports to support findings
Storage of evidence in a corporate environment
Determining whether a computer system contains evidence within the scope of your investigation
Acquiring & authenticating the most common types of media
Identifying files using hash values & building has libraries
Recovering NTFS file system artifacts such as swap file, file slack, & spooler files
Authenticating the Evidence File format using CRC & hash values
Developing an Incident Response Plan
Coordinating & Incident Response Team (CERT)
Testing the Incident Response plan
Collecting evidence
Restoration of normal business processing
Crisis management
NTFS, FAT, Ext3 filesystem analysis
Worm & Virus disassembly analysis

Students must have solid computer knowledge & administration skills, with prior coursework in computer forensics.  Experience with Forensics & a good understanding of the File Allocation Table (FAT) file system is recommended.

This course can be delivered on-site anywhere in the USA and Europe, or at one of TechNow's Training Centers.  You can even purchase Ultra-Inclusive packages which include training, travel expenses and exam fees through our Travel + Training program.  For current course dates, locations and prices, click here or contact a Training Advisor at 1-800-324-2294.