From:"Dennis Portney" <>
To:"Nwclugadmin" <>
Subject: Nwclugadmin - 3/15 - Data Forensics - Malware/Spyware and Phishing course - April 19, 2005 - Chicago, IL -
Date: Tue, 15 Mar 2005 13:54:58 -0600


I hope everything is going well with you. Enclosed is a syllabus for a course I thought might be of interest to you and others on your team.

Data Forensics: Malware/Spyware and Phishing course– April 19, 2005 - 1 Day - Chicago, IL

This course will provide students with the knowledge and learned skills necessary to take preventive measures to eradicate malware and spyware residing within the corporate enterprise and a proactive approach to protect against phishing schemes. Students will get a strong understanding of how best practiced procedures will cut engineering life-cycles, increase awareness and eliminate the time-intensive, cost oppresive and antiquated process of “search and destroy”.

Students will explore the methodology of the most malevolent malware and spyware agents facing today’s organizations and institutions. Students will discover information-gathering techniques and preventive measures of phishing expeditions, malware definitions, signatures and data sets. Students will learn about exploited vectors and threats targeted at the kernel and router level.  An emphasis will be placed on investigative procedure, registry analysis, methodology and the preservation of evidentiary integrity and shortening the time-sensitive engineering life-cycles of the “malware investigative procedure”. 

    * This forensics malware/spyware and phishing course is intended for security engineers, network administrators and tech-support services dealing with the eradication of malware and/or spyware on a day-to-day or week-to-week basis. This course will enable organizations to learn preventive measures and decrease the time intensive engineering life-cycles, while increasing their knowledge and awareness of exploitive schemes targeted at the business, civilian and institutional communities.

Data Forensics: Malware/Spyware and Phishing course – April 19, 2005 - 1 Day - Chicago, IL

Overview and History of Malware, Spyware and Phishing Schemes

  1. Where and when did malicious targeted activity begin?
  2. The Adware and Phishing economy
  3. Corporate and Institutional loss and damage
  4. Overview of congressional impact and governmental intervention

The Differentiation and Definitions of Malware, Spyware and Phishing

  1. Methodologies of today’s most malevolent agents
  2. Trends of malware and phishing schemes
  3. Types of malware and spyware information gathering techniques (Hijackers, Keyloggers, Trojans, Dialers, Data Miners, Phishing Schemes, Cross-site cookies, Loyaltywares)
  4. Malware and phishing identification/profiling
  5. Exploits at the kernel and router level (Unicode Traversal, SQL Insertion, Byte Verify, RPC DCOM, Cisco SNMP)
  6. Vector/ Silent Vector breaches, Malware Data Sets, Malware Signatures, IE drive by and Social Engineering aspect
  7. Drilling Deep into the Top threats facing corporations and institutions (including:  -Purity Scan, N-Case (m-SBB.exe), Gator, Cool Web Search (CWS), Transponder (VXXZ), IST Bar AVupate, TIBS Dialer, Perfect Keylogger, Internet Optimization, Keenvalue)
  8. Practical demonstration of steps to analyze and eradicate agents with an infected PC

        -What to look for

        -Performing a registry back-up

-Searching the registry and log files

        -Determinant signs and where agents are residing

        -Practical on Scanning Tools and Anti-spyware offerings

        -Task Manager Investigation

Forensic analysis – Defining the Methodology and Procedure

  1. Practical on how to perform a forensic based, un-corrupted drive copy (MD5 hash-sets)
  2. Practical on drive analysis and suspect profiling
  3. Preserving the evidentiary integrity
  4. Developing and defining a Chain of Custody

Proactive and Preventive Measures

  1. Plugging the security holes
  2. Educating the end-user
  3. URL blocking
  4. Updating vulnerabilities
  5. Adhering to compliance (GLB, SOX, HIPAA)

System Recovery and rebuilding

  1. Disk Imaging
  2. Mirroring
  3. Clean Wipe of HDD

Please let me know if you, any members on your team or others may have any questions or if we can facilitate anything for you on our end. 

To register, please visit our website at, a click on the course title under "Training". This will take you to the registration page. If you have an interest in an on-site course for your team(s), this is available, so please let me know.

Kind regards,


Dennis Y. Portney

Security Forensics, Inc.



Security Forensics, Inc. - Data forensic training, investigative forensic services, post-mortem forensic analysis, litigation-support, forensic applications, electronic discovery, message tracking, auditing and monitoring for Corporate, Legal and Law Enforcement communities. Additional ancillary and value added services to meet mandated regulatory compliance.