This course attempts to marry two enormously challenging areas facing IT security professionals today: incidence response and virtualization. The cat-and-mouse game between policy enforcers and incident perpetrators within traditional, physical enterprises, is even more pronounced as enterprise architects seek to avail the benefits of virtual platforms, operating systems, applications,
processes and desktops.
The great news is that we have an opportunity to embed features within the virtual components of our enterprise architecture, so as to make incidence response that much easier. We will discuss
these here. And for those already operating within a virtual environment, we will explore emerging techniques, tools and tips to plan and control virtual incidence response more effectively.
This course takes the point of view that forensics is at the heart of incidence response, and so will focus on how to gather evidence relating to an incident – the what, when, where, who and why of
an incident – within common virtual environments today.
Digital forensics is the 'forensically-sound' acquisition of evidence from computers, networks, data repositories and fixed or mobile client devices, to support a specific hypothesis. Techniques and tools have been developed to deal with the various scenarios in which forensics investigators find hemselves. Increasingly though, forensics investigators have been called on to forensically examine hybrid infrastructures consisting of both physical and virtual entities; some have been asked to examine purely virtual infrastructures.
Do current techniques and tools, designed for physical infrastructure-based scenarios, lend themselves naturally to virtual infrastructures? Yes, and, no.
This course will dive deeply into what is commonly referred to as a "virtual infrastructure" by three vendors (VMware, Microsoft and Citrix), and contrast the various virtual entities against their
physical counterparts, clearly demonstrating the forensically-relevant differences therein; we will then utilize a lab-centric, scenario-based approach to demonstrate how to forensically examine relevant components of a virtual infrastructure for specific use cases.
Wat kan ik na deze training?
Participants will be able to apply forensically-sound best practice techniques against virtual infrastructure entities in the following use case scenarios:
- Identifying direct evidence of a crime
- Attributing evidence to specific suspects
- Confirming (or negating) suspect alibis
- Confirming (or negating) suspect statements
- Determining (or negating) suspect intent
- Identifying sources
- Authenticating documents
- Be Prepared to take the CVFE Exam
Voor wie is deze training geschikt?
Virtual infrastructure specialists (architects, engineers, administrators) who desire to augment their virtual infrastructure expertise with forensically-sound best practices knowledge and skills; and Forensic investigators who wish to investigate virtual infrastructure components with the same degree of skill and use of best practices they apply to the physical infrastructure components they currently investigate.
Must have a Digital or Computer Forensics certification or equivalent knowledge
- Digital Forensics - the what, where, when, how and why
- Virtual Infrastructure
- Forensic Investigation Process
- VI Forensics Scenario 1: Identifying direct evidence of a crime
- VI Forensics Scenario 2: Attributing evidence to specific suspects
- VI Forensics Scenario 3: Confirming (or negating) suspect alibis
- VI Forensics Scenario 4: Confirming (or negating) suspect statements
- VI Forensics Scenario 5: Determining (or negating) suspect intent
- VI Forensics Scenario 6: Identifying sources
- VI Forensics Scenario 7: Authenticating documents
- Putting it all together
Rooster komende maanden:
Cursisten over deze cursus:
Geen testimonials gevonden.