Linux User Group Admin,

I hope all is with you and you had a good summer. I was hoping you could post to your list serve or distribute among your group.

Advanced Linux Forensics course with Andrew Rosen in Chicago. If there is an interest, or if I can facilitate anything for you or others in the Linux User Group who may have an interest, please let me know.

Please feel free to forward this syllabus onto those whom you think may benefit from this course.

Kind regards,

Dennis

773-343-6335

Advanced Linux Data Forensics with Andrew Rosen

October 25^th – 28^th

Security Forensics, Inc. has partnered with Andrew Rosen, the U.S. Government's lead forensic investigator in the Enron case, the creator of SMART for Linux, the Founder of ASR Data and Guidance Software’s first application Expert Witness (the foundation of the Encase application) and the foremost expert on Linux Data Forensics in the world. As a partner of Security Forensics, Inc., Andrew will be teaching this course and will bring his real world experiences into the classroom. His experience is extensive and date back to the beginnings of Computer Forensics. He is willing to make himself available if you would like to speak with him. Please let me know.

The course will focus on the intellectual process and the methodology to perform Linux Data Forensics. In order for the intellectual process to flow, a baseline approach is taken. SMART for Linux is the baseline, which will enable a cross platform approach to the forensic process.

This Advanced Linux Data Forensics course is a hands-on intensive course, intended for anyone performing activities that will require the acquisition of digital media and content. Advanced Linux Data Forensics will train you on how to perform audits and Forensic Investigations using SMART for Linux. By learning the methodology, and the intellectual process of Linux Data Forensics, the student is enabled to perform the practice of post-mortem analysis, data and network acquisition across the enterprise, mounting images, creating a case and methodically processing the evidence while preserving the integrity of the forensic process. Moreover, this course will train you on the advanced conceptual understanding of using Linux Data Forensics to capture the essence of forensic theory, in addition to, performing methods based analysis on all Windows, Linux, Macintosh and UNIX systems. Linux Data Forensics is platform independent and can collect forensic data on many operating systems, file systems and storage-devices (please review the included course Syllabus, below).

Included with the Price of Training:

One License of SMART for Linux

Lifetime Support for the SMART for Linux Application

Use of a Computer for all hands on labs

All required course materials

Please go to www.SecurityForensics.com to learn more about the course and for registration details

The Andrew Rosen Factor:

Andrew has developed a philosophy and methodology that thousands of students from around the world agree is unique, effective, engaging and delivers exceptional value. Understanding adult learning dynamics, the needs and requirements of the students and the core foundation of Linux Data Forensics allows Andrew to deliver an overall experience that far exceeds traditional classroom based instruction, more than simply providing technical information or training on a specific tool or platform, Andrew’s training embraces and addresses data forensics from a holistic perspective.

Pre-requisites for the course: Students for this course should have a minimum of 2 years experience working with the Linux OS and understanding of the Linux File System Hierarchy. Having a forensics background would give you an advantage and is a plus, but not considered imperative.

About ASR Data

ASR Data has been conducting technology based and Data Forensics Training for over a decade. ASR Data is the creator of SMART for Linux, the market leader for Linux Data Forensics in the world. SMART for Linux, has been used in some of the worlds most notable forensic investigations and used by some of the worlds largest organizations.

About Security Forensics, Inc.

Security Forensics, Inc. is a Chicago based Data Forensic Organization. Our core service offerings revolve around Data Forensic training and providing forensic applications. We perform services of electronic discovery, forensic-analysis, litigation-support, enterprise message tracking and monitoring. Security Forensics’ helps organizations become stronger, while granularly enabling them to peer into an elusive architectural spectrum of networked pathways. We provide clarity, efficiency and protection from external and internal threats.

Day One

Welcome

Introductions

Course Direction and Flow

Advanced Data Forensics Defined

Post Mortem Analysis

Live Analysis

Matrix

Advanced Scenarios

Disked-based File System

Network File System

Enterprise Servers

Live System

Current and Future Challenges

Power of Linux

SMART for Linux

SMART Architecture

SMART Features

SMART and Linux

SMART Introduction

Installing and Running

Creating Users

Storage Devices

Device Information and Options

SMART Preferences

Cases and SMART

SMART Logging

SMART Servers

SMART Processes

Server Technology

Properly Configured Operating Systems

Remote Administration Software

SMART Clients

Requirements

Remote Client Software

Day 2

Review Day One

Smart Client Server Communication

Communication Technologies

Securing Data Transmission

Remote Case Study

Remote Case Study Background

Configure SMART Client

Create Case

Import Image File

Process Case Work

SMART Hash Sets

Creating Hash Sets

SMART Boot CD-ROM

Architecture and Overview

Included Utilities

Methodology

SMART and RAID

RAID

Linux and RAID

Working with RAID

Initializing RAID

Acquiring RAID

Day 3

Review Day 2

Advanced Linux Forensics

Statically Compiled Binaries

Building a Forensic Super Kernel

Patching the Kernel

Live Analysis Intro

Live Analysis Fundamentals

Concerns and Implications

Methodology

Live Analysis Toolkit

Programs

Logging

Program Table

Targets

Linux Live Analysis Case Study

Live Case Information

Pitfalls and Mistakes

Day 4

Review Day 3

FreeBSD Analysis Case Study

FreeBSD Design and Overview

Analysis using Linux

Analysis using SMART

Advanced Acquisition

Network Acquisition

Chunking Image Files

Linux Loopholes

Odd Sector Issue

‘dd’ and Block Sizes

Proprietary Programs and File Formats

Course Practical

Please go to www.SecurityForensics.com to learn more about the course and for registration details

Dennis Y. Portney

Security Forensics, Inc.

773-343-6335

www.SecurityForensics.com

Security Forensics, Inc. - Investigative Forensic Analysis, Performance Measurement, Corporate e-Mail Monitoring and Electronic Messaging Audits, Incident Response, Forensics Training, Data-Flow Visibility, Evidentiary Discovery, Litigation-Support, Regulatory Compliance and Acceptable Usage Policies.

*NOTE:This message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this in error, please notify us immediately and delete it from your computer. Thank you.