From:"Dennis Portney" <>
Subject: Linux User Group - 9/8 - Advanced Linux Forensics with Andrew Rosen - Chicago - 10/25 - 10/25 - Syllabus and CV enclosed
Date: Wed, 8 Sep 2004 13:22:49 -0500

Linux User Group Admin,

I hope all is with you and you had a good summer. I was hoping you could post to your list serve or distribute among your group.


Advanced Linux Forensics course with Andrew Rosen in Chicago. If there is an interest, or if I can facilitate anything for you or others in the Linux User Group who may have an interest, please let me know.


Please feel free to forward this syllabus onto those whom you think may benefit from this course.



Kind regards,





Advanced Linux Data Forensics with Andrew Rosen

October 25th – 28th     



Security Forensics, Inc. has partnered with Andrew Rosen, the U.S. Government's lead forensic investigator in the Enron case, the creator of SMART for Linux, the Founder of ASR Data and Guidance Software’s first application Expert Witness (the foundation of the Encase application) and the foremost expert on Linux Data Forensics in the world.  As a partner of Security Forensics, Inc., Andrew will be teaching this course and will bring his real world experiences into the classroom.  His experience is extensive and date back to the beginnings of Computer Forensics. He is willing to make himself available if you would like to speak with him. Please let me know.      


The course will focus on the intellectual process and the methodology to perform Linux Data Forensics.  In order for the intellectual process to flow, a baseline approach is taken. SMART for Linux is the baseline, which will enable a cross platform approach to the forensic process.


This Advanced Linux Data Forensics course is a hands-on intensive course, intended for anyone performing activities that will require the acquisition of digital media and content.  Advanced Linux Data Forensics will train you on how to perform audits and Forensic Investigations using SMART for Linux. By learning the methodology, and the intellectual process of Linux Data Forensics, the student is enabled to perform the practice of post-mortem analysis, data and network acquisition across the enterprise, mounting images, creating a case and methodically processing the evidence while preserving the integrity of the forensic process. Moreover, this course will train you on the advanced conceptual understanding of using Linux Data Forensics to capture the essence of forensic theory, in addition to, performing methods based analysis on all Windows, Linux, Macintosh and UNIX systems. Linux Data Forensics is platform independent and can collect forensic data on many operating systems, file systems and storage-devices (please review the included course Syllabus, below). 


Included with the Price of Training:

One License of SMART for Linux

Lifetime Support for the SMART for Linux Application

Use of a Computer for all hands on labs

All required course materials



Please go to to learn more about the course and for registration details



The Andrew Rosen Factor:

Andrew has developed a philosophy and methodology that thousands of students from around the world agree is unique, effective, engaging and delivers exceptional value. Understanding adult learning dynamics, the needs and requirements of the students and the core foundation of Linux Data Forensics allows Andrew to deliver an overall experience that far exceeds traditional classroom based instruction, more than simply providing technical information or training on a specific tool or platform, Andrew’s training embraces and addresses data forensics from a holistic perspective.


Pre-requisites for the course:   Students for this course should have a minimum of 2 years experience working with the Linux OS and understanding of the Linux File System Hierarchy. Having a forensics background would give you an advantage and is a plus, but not considered imperative.


About ASR Data

ASR Data has been conducting technology based and Data Forensics Training for over a decade. ASR Data is the creator of SMART for Linux, the market leader for Linux Data Forensics in the world. SMART for Linux, has been used in some of the worlds most notable forensic investigations and used by some of the worlds largest organizations.


About Security Forensics, Inc.

Security Forensics, Inc. is a Chicago based Data Forensic Organization. Our core service offerings revolve around Data Forensic training and providing forensic applications. We perform services of electronic discovery, forensic-analysis, litigation-support, enterprise message tracking and monitoring. Security Forensics’ helps organizations become stronger, while granularly enabling them to peer into an elusive architectural spectrum of networked pathways. We provide clarity, efficiency and protection from external and internal threats.  


Day One



Course Direction and Flow

Advanced Data Forensics Defined

Post Mortem Analysis

Live Analysis


Advanced Scenarios

Disked-based File System

Network File System

Enterprise Servers

Live System

Current and Future Challenges

Power of Linux

SMART for Linux

            SMART Architecture

            SMART Features

            SMART and Linux

SMART Introduction

            Installing and Running

            Creating Users

            Storage Devices

            Device Information and Options

            SMART Preferences

            Cases and SMART

            SMART Logging

SMART Servers

            SMART Processes

            Server Technology

            Properly Configured Operating Systems

            Remote Administration Software

SMART Clients


            Remote Client Software


Day 2

Review Day One



Smart Client Server Communication

            Communication Technologies

            Securing Data Transmission

Remote Case Study

            Remote Case Study Background

            Configure SMART Client

            Create Case

            Import Image File

            Process Case Work

SMART Hash Sets

            Creating Hash Sets


            Architecture and Overview

            Included Utilities




            Linux and RAID

Working with RAID

            Initializing RAID

            Acquiring RAID



Day 3

Review Day 2


Advanced Linux Forensics

            Statically Compiled Binaries

            Building a Forensic Super Kernel

            Patching the Kernel

Live Analysis Intro

            Live Analysis Fundamentals

            Concerns and Implications


Live Analysis Toolkit



            Program Table


Linux Live Analysis Case Study

            Live Case Information

            Pitfalls and Mistakes



Day 4

Review Day 3           




FreeBSD Analysis Case Study

            FreeBSD Design and Overview

            Analysis using Linux

            Analysis using SMART

Advanced Acquisition

            Network Acquisition

            Chunking Image Files

Linux Loopholes

            Odd Sector Issue

            dd’ and Block Sizes

            Proprietary Programs and File Formats

Course Practical

Please go to to learn more about the course and for registration details




Dennis Y. Portney

Security Forensics, Inc.



Security Forensics, Inc. - Investigative Forensic Analysis, Performance Measurement, Corporate e-Mail Monitoring and Electronic Messaging Audits, Incident Response, Forensics Training, Data-Flow Visibility, Evidentiary Discovery, Litigation-Support, Regulatory Compliance and Acceptable Usage Policies.



*NOTE:This message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this in error, please notify us immediately and delete it from your computer. Thank you.