Exam Code: 312-49
Course Name: Computer Hacking Forensic Investigator
Vendor: EC-Council
Passing Score: 70% of Total Marks
Computer Hacking Forensic Investigator, also known as 312-49 exam, is an important EC-Council certification. It is for IT Professionals who wish to work as security officers, auditors, security professionals, site administrators, and anyone who is concerned about the integrity of the network infrastructure.
Hacking plays a major role in damaging any organization. If you need to be successful then you have to be trained against hacking tools, techniques, patches and other related material. The 312-49 exam provides you with the technical knowledge and skills to identify an intruder's footprints and to properly gather the necessary evidence to prosecute. 312-49 exam includes specialized training of software, hardware and extra ordinary techniques and training of popular tools of the forensic trade. It also enables you to understand the working of perimeter defenses. This EC-Council certification also trains you to scan and attack their own networks so that no real network is harmed. In order to be able to learn how system intruders hack a system and how a system can be secured, one must take the 312-49 exam. This EC-Council certification ( Computer Hacking Forensic Investigator) exam explains to you about Intrusion Detection, and other cyber criminals. This particular certification gives you or your organization provides the knowledge or skills to identify, track, and prosecute the cyber-criminal. Moreover, the 312-49 exam is specially designed for Police and other law enforcement personnel, Defense and Military personnel, e-Business Security professionals, Systems administrators, Legal professionals, Banking, Insurance and other professionals, Government agencies, IT managers.
It is a fact that no one offers more detailed cram session exam study guide than TestKing. Testking is what a new candidate needs while preparing for 312-49 Exam for Computer Hacking Forensic Investigator. Testking brings about the best in you. Testking has study material that no other website has for 312-49 Exam for Computer Hacking Forensic Investigator.
Testking has a lot to offer for 312-49 Exam for Computer Hacking Forensic Investigator. Candidates taking 312-49 Exam for Computer Hacking Forensic Investigator find Testking very obliging as it has complete information of the 312-49 Exam for Computer Hacking Forensic Investigator.
Course Outline: Computer Hacking Forensic Investigator
Computer Forensics in Today's World
Introduction
History of Forensics
Definition of Forensic Science
Definition of Computer Forensics
What Is Computer Forensics?
Need for Computer Forensics
Evolution of Computer Forensics
Computer Forensics Flaws and Risks
Corporate Espionage Statistics
Modes of Attacks
Cyber Crime
Examples of Cyber Crime
Reason for Cyber Attacks
Role of Computer Forensics in Tracking Cyber Criminals
Rules of Computer Forensics
Computer Forensics Methodologies
Accessing Computer Forensics Resources
Preparing for Computing Investigations
Maintaining professional conduct
Understanding Enforcement Agency Investigations
Understanding Corporate Investigations
Investigation Process
Digital Forensics
Law And Computer Forensics
What Is Cyber Crime?
What Is Computer Forensics?
Computer Facilitated Crimes
Reporting Security Breaches to Law Enforcement
National Infrastructure Protection Center
FBI
Federal Statutes
Cyber Laws
Approaches to Formulate Cyber Laws
Scientific Working Group on Digital Evidence (SWGDE)
Federal Laws
The USA Patriot Act of 2001
Freedom of Information Act
Building Cyber Crime Case
How the FBI Investigates Computer Crime?
How to Initiate an Investigation?
Legal Issues Involved in Seizure of Computer Equipments
Searching With a Warrant
Searching Without a Warrant
Privacy Issues Involved in Investigations
International Issues Related to Computer Forensics
Crime Legislation of EU
Cyber Crime Investigation
Computer Investigation Process
Investigating Computer Crime
Investigating a Company Policy Violation
Investigation Methodology
Evaluating the Case
Before the Investigation
Document Everything
Investigation Plan
Obtain Search Warrant
Warning Banners
Shutdown the Computer
Collecting the Evidence
Confiscation of Computer Equipments
Preserving the Evidence
Importance of Data-recovery Workstations and Software
Implementing an Investigation
Understanding Bit-stream Copies
Imaging the Evidence Disk
Examining the Digital Evidence
Closing the Case
Case Evaluation
Computer Security Incident Response Team
Present Networking Scenario
Vulnerability
Vulnerability Statistics
What Is an Incident?
A Study by CERT Shows Alarming Rise in Incidents (security Breach
How to Identify an Incident
Whom to Report an Incident?
Incident Reporting
Category of Incidents
Handling Incidents
Procedure for Handling Incident
Preparation
Identification
Containment
Eradication
Recovery
Follow up
What Is CSIRT?
Why an Organization Needs an Incident Response Team?
Need for CSIRT
Example of CSIRT
CSIRT Vision
Vision
Best Practices for Creating a CSIRT
Step 1: Obtain Management Support and Buy-In
Step 2: Determine the CSIRT Development Strategic
Step 3: Gather Relevant Information
Step 4: Design your CSIRT Vision
Step 5: Communicate the CSIRT Vision
Step 6: Begin CSIRT Implementation
Step 7: Announce the CSIRT
Other Response Teams Acronyms and CSIRTs around the world
World CSIRT
Computer Forensic Laboratory Requirements
Budget Allocation for a Forensics Lab
Physical Location Needs of a Forensic Lab
Work Area of a Computer Forensics Lab
General Configuration of a Forensic
Equipment Needs in a Forensics Lab
Ambience of a Forensics Lab
Environmental Conditions
Recommended Eyestrain Considerations
Structural Design Considerations
Electrical Needs
Communications
Basic Workstation Requirements in a Forensic Lab
Consider stocking the following hardware peripherals
Maintain Operating System and Application Inventories
Common Terms
Physical Security Recommendations for a Forensic Lab
Fire-Suppression Systems
Evidence Locker Recommendations
Evidence Locker Combination Recommendations
Evidence Locker Padlock Recommendations
Facility Maintenance
Auditing a Computer Forensics Lab
Auditing a Forensics Lab
Forensics Lab
Mid Sized Lab
Forensic Lab Licensing Requisite
Forensic Lab Manager Responsibilities
Understanding File systems and Hard disks
Disk Drive Overview - I
Hard Disk
Disk Platter
Tracks
Tracks Numbering
Sector
Sector addressing
Cluster
Cluster Size
Slack Space
Lost Clusters
Bad Sector
Understanding File Systems
Types of File System
List of Disk File Systems
List of Network file systems
Special Purpose File systems
Popular Linux File systems
Sun Solaris 10 File system - ZFS
Windows File systems
Mac OS X File system
CD-ROM / DVD File system
File system Comparison
Boot Sector
Exploring Microsoft File Structures
Disk Partition Concerns
Boot Partition Concerns
Examining FAT
NTFS
NTFS System Files
NTFS Partition Boot Sector
NTFS Master File Table (MFT)
NTFS Attributes
NTFS Data Stream
NTFS Compressed Files
NTFS Encrypted File Systems (EFS)
EFS File Structure
Metadata File Table (MFT)
EFS Recovery Key Agent
Deleting NTFS Files
Understanding Microsoft Boot Tasks
Windows XP system files
Understanding Boot Sequence DOS
Understanding MS-DOS Startup Tasks
Other DOS Operating Systems
Registry Data
Examining Registry Data
Windows Forensics
Locating Evidence on Windows Systems
Gathering Volatile Evidence
Pslist
Forensic Tool: fport
Forensic Tool - Psloggedon
Investigating Windows File Slack
Examining File Systems
Built-in Tool: Sigverif
Word Extractor
Checking Registry
Reglite.exe
Tool: Resplendent Registrar 3.30
Microsoft Security ID
Importance of Memory Dump
Manual Memory Dumping in Windows 2000
Memory Dumping in Windows XP and Pmdump
System State Backup
How to Create a System State Backup?
Investigating Internet Traces
Tool - IECookiesView
Tool - IE History Viewer
Forensic Tool: Cache Monitor
CD-ROM Bootable Windows XP
Bart PE
Ultimate Boot CD-ROM
List of Tools in UB CD-ROM
Desktop Utilities
File Analysis Tools
File Management Tools
File Recovery Tools
File Transfer Tools
Hardware Info Tools
Process Viewer Tools
Registry Tools
Linux and Macintosh Boot processes
UNIX Overview
Linux Overview
Understanding Volumes -I
Exploring Unix/Linux Disk Data Structures
Understanding Unix/linux Boot Process
Understanding Linux Loader
Linux Boot Process Steps
Step 1: The Boot Manager
Step 2: init
Step 2.1: /etc/inittab
runlevels
Step 3: Services
Understanding Permission Modes
Unix and Linux Disk Drives and Partitioning Schemes
Mac OS X
Mac OS X Hidden Files
Booting Mac OS X
Mac OS X Boot Options
The Mac OS X Boot Process
Installing Mac OS X on Windows XP
PearPC
MacQuisition Boot CD
Linux Forensics
Use of Linux as a Forensics Tool
Recognizing Partitions in Linux
File System in Linux
Linux Boot Sequence
Linux Forensics
Case Example
Step-by-step approach to Case 1 (a)
Step-by-step approach to Case 1 (b)
Step-by-step approach to Case 1 (c)
Step-by-step approach to Case 1 (d)
Case 2
Challenges in disk forensics with Linux
Step-by-step approach to Case 2 (a)
Step-by-step approach to Case 2 (b)
Step-by-step approach to Case 2 (c)
Popular Linux Tools
Data Acquisition and Duplication
Determining the Best Acquisition Methods
Data Recovery Contingencies
MS-DOS Data Acquisition Tools
DriveSpy
DriveSpy Data Manipulation Commands
DriveSpy Data Preservation Commands
Using Windows Data Acquisition Tools
Data Acquisition Tool: AccessData FTK Explorer
FTK
Acquiring Data on Linux
dd.exe (Windows XP Version)
Data Acquisition Tool: Snapback Exact
Data Arrest
Data Acquisition Tool: SafeBack
Data Acquisition Tool: Encase
Need for Data Duplication
Data Duplication Tool: R-drive Image
Data Duplication Tool: DriveLook
Data Duplication Tool: DiskExplorer
Recovering Deleted Files
Introduction
Digital Evidence
Recycle Bin in Windows
Recycle Hidden Folder
Recycle folder
How to Undelete a File?
Tool: Search and Recover
Tool: Zero Assumption Digital Image Recovery
Data Recovery in Linux
Data Recovery Tool: E2undel
Data Recovery Tool: O&O Unerase
Data Recovery Tool: Restorer 2000
Data Recovery Tool: Badcopy Pro
Data Recovery Tool: File Scavenger
Data Recovery Tool: Mycroft V3
Data Recovery Tool: PC Parachute
Data Recovery Tool: Stellar Phoenix
Data Recovery Tool: Filesaver
Data Recovery Tool: Virtual Lab
Data Recovery Tool: R-linux
Data recovery tool: Drive and Data Recovery
Data recovery tool: active@ UNERASER - DATA recovery
Data recovery tool: Acronis Recovery Expert
Data Recovery Tool: Restoration
Data Recovery Tool: PC Inspector File Recovery
Image Files Forensics
Introduction to Image Files
Recognizing an Image File
Understanding Bitmap and Vector Images
Metafile Graphics
Understanding Image File Formats
File types
Understanding Data Compression
Understanding Lossless and Lossy Compression
Locating and Recovering Image Files
Repairing Damaged Headers
Reconstructing File Fragments
Identifying Unknown File Formats
Analyzing Image File Headers
Picture Viewer: Ifran View
Picture Viewer: Acdsee
Picture Viewer: Thumbsplus
Steganography in Image Files
Steganalysis Tool: Hex Workshop
Steganalysis Tool: S-tools
Identifying Copyright Issues With
Graphics
Steganography
Introduction
Important Terms in Stego-forensics
Background Information to Image Steganography
Steganography History
Evolution of Steganography
Steps for Hiding Information in Steganography
Six Categories of Steganography in Forensics
Types of Steganography
What Is Watermarking
Classification of Watermarking
Types of Watermarks
Steganographic Detection
Steganographic Attacks
Real World Uses of Steganography
Steganography in the Future
Unethical Use of Steganography
Hiding Information in Text Files
Hiding Information in Image Files
Process of Hiding Information in Image Files
Least Significant Bit
Masking and Filtering
Algorithms and Transformation
Hiding Information in Audio Files
Low-bit Encoding in Audio Files
Phase Coding
Spread Spectrum
Echo Data Hiding
Hiding Information in DNA
TEMPEST
The Steganography Tree
Steganography Tool: Fort Knox
Steganography Tool: Blindside
Steganography Tool: S- Tools
Steganography Tool: Steghide
Steganography Tool: Digital Identity
Steganography Tool: Stegowatch
Tool : Image Hide
Data Stash
Tool: Mp3Stego
Tool: Snow.exe
Tool: Camera/Shy
Steganography Detection
Computer Forensic Tools
Dump Tool: DS2DUMP
Dump Tool: Chaosreader
Slack Space & Data Recovery Tools: Drivespy
Slack Space & Data Recovery Tools: Ontrack
Hard Disk Write Protection Tools: Pdblock
Hard Disk Write Protection Tools: Nowrite & Firewire Drivedock
Permanent Deletion of Files:pdwipe
Disk Imaging Tools: Image & Iximager
Disk Imaging Tools: Snapback Datarrest
Partition Managers: PART & Explore2fs
Linux/unix Tools: Ltools and Mtools
Linux/UNIX tools: TCT and TCTUTILs
Password Recovery Tool: @Stake
ASRData
SMART Screenshot
Ftime
Oxygen Phone Manager
Multipurpose Tools: Byte Back & Biaprotect
Multipurpose Tools: Maresware
Multipurpose Tools: LC Technologies Software
Multipurpose Tools: Winhex Specialist Edition
Multipurpose Tools: Prodiscover DFT
Toolkits: NTI tools
Toolkits: R-Tools-I
Toolkits: R-Tools-II
Toolkits: DataLifter
Toolkits: AccessData
LC Technology International Hardware
Screenshot of Forensic Hardware
Image MASSter Solo and FastBloc
RMON2 Tracing Tools and
MCI DoStracker
EnCase
Application password crackers
Password - Terminology
What is a Password Cracker?
How Does A Password Cracker Work?
Various Password Cracking Methods
Classification of Cracking Software
System Level Password Cracking
Application Password Cracking
Application Software Password Cracker
Distributed Network Attack-I
Distributed Network Attack-II
Passware Kit
Accent Keyword Extractor
Advanced Zip Password Recovery
Default Password Database
http://phenoelit.darklab.org/
http://www.defaultpassword.com/
http://www.cirt.net/cgi-bin/passwd.pl
Password Cracking Tools List
Investigating Logs
Audit Logs and Security
Audit Incidents
Syslog
Remote Logging
Linux Process Accounting
Configuring Windows Logging
Setting up Remote Logging in Windows
NtSyslog
EventReporter
Application Logs
Extended Logging in IIS Server
Examining Intrusion and Security Events
Significance of Synchronized Time
Event Gathering
EventCombMT
Writing Scripts
Event Gathering Tools
Forensic Tool: Fwanalog
End-to End Forensic Investigation
Correlating Log files
Investigating TCPDump
IDS Loganalyais:RealSecure
IDS Loganalysis :SNORT
Investigating network traffic
Overview of Network Protocols
Sources of Evidence on a Network
Overview of Physical and Data-link Layer of the OSI Model
Evidence Gathering at the Physical Layer
Tool: Windump
Evidence Gathering at the Data-link Layer
Tool: Ethereal
Tool: NetIntercept
Overview of Network and Transport Layer of the OSI Model
Evidence Gathering at the Network and Transport Layer-(I)
Gathering Evidence on a Network
GPRS Network Sniffer : Nokia LIG
NetWitness
McAffee Infinistream Security Forensics
Snort 2.1.0
Documenting the Gathered Evidence on a Network
Evidence Reconstruction for Investigation
Router Forensics
What Is a Router?
Functions of a Router
A Router in an OSI Model
Routing Table and Its Components
Router Architecture
Implications of a Router Attack
Types of Router Attacks
Denial of Service (DoS) Attacks
Investigating Dos Attacks
Smurfing - Latest in Dos Attacks
Packet "Mistreating" Attacks
Routing Table Poisoning
Hit-and-run Attacks Vs. Persistent Attacks
Router Forensics Vs. Traditional Forensics
Investigating Routers
Chain of Custody
Incident Response & Session Recording
Accessing the Router
Volatile Evidence Gathering
Router Investigation Steps - I
Analyzing the Intrusion
Logging
Incident Forensics
Handling a Direct Compromise Incident
Other Incidents
Investigating Web Attacks
Indications of a web attack
Responding to a web attack
Overview of web logs
Mirrored Sites
N-Stealth
Investigating static and dynamic IP address
Tools for locating IP Address: Nslookup
Tools for locating IP Address: Traceroute
Tools for locating IP Address:
NeoTrace (Now McAfee Visual Trace)
Tools for locating IP Address: Whois
Web page defacement
Defacement using DNS compromise
Investigating DNS Poisoning
SQL Injection Attacks
Investigating SQL Injection Attacks
Investigating FTP Servers
Investigating FTP Logs
Investigating IIS Logs
Investigating Apache Logs
Investigating DHCP Server Logfile
Tracking E-mails and Investigating E-mail crimes
Understanding Internet Fundamentals
Understanding Internet Protocols
Exploring the Roles of the Client and Server in E-mail
E-mail Crime
Spamming, Mail Bombing, Mail Storm
Chat Rooms
Identity Fraud , Chain Letter
Sending Fakemail
Investigating E-mail Crime and Violation
Viewing E-mail Headers
Examining an E-mail Header
Viewing Header in Microsoft Outlook
Viewing Header in Eudora
Viewing Header in Outlook Express
Viewing Header in AOL
Viewing Header in Hot Mail
Viewing Header using Pine for Unix
Viewing Header in Juno
Viewing Header in Yahoo
Examining Additional Files
Microsoft Outlook Mail
Pst File Location
Tracing an E-mail Message
Using Network Logs Related to E-mail
Understanding E-mail Server
Examining UNIX E-mail Server Logs
Examining Microsoft E-mail Server Logs
Examining Novell GroupWise E-mail Logs
Using Specialized E-mail Forensic Tools
Tool:FINALeMAIL
Tool: R-Mail
E-Mail Examiner by Paraben
Network E-Mail Examiner by Paraben
Tracing Back
Tracing Back Web Based E-mail
Searching E-mail Addresses
E-mail Search Site
Handling Spam
Network Abuse Clearing House
Abuse.Net
Protecting Your E-mail Address From Spam
Tool: Enkoder Form
Tool:eMailTrackerPro
Tool:SPAM Punisher
Mobile and PDA Forensics
Latest Mobile Phone Access Technologies
Evidence in Mobile Phones
Mobile Phone Forensic Examination Methodology
Examining Phone Internal Memory
Examining SIM
Examining Flash Memory and Call data records
Personal Digital Assistant (PDA)
PDA Components
PDA Forensics
PDA Forensics - Examination
PDA Forensics - Identification
PDA Forensics - Collection
PDA Forensics - Documentation
Points to Be Remembered While Conducting Investigation
PDA Seizure by Paraben
SIM Card Seizure by Paraben
(SIM Card acquisition tool)
Forensic Tool - Palm dd (pdd)
Forensic Tool - POSE
Investigating Trademark and Copyright Infringement
Trademarks
Trademark Eligibility and Benefits of Registering It
Service Mark and Trade Dress
Trademark infringement
Trademark Search
www.uspto.gov
Copyright and Copyright Notice
Investigating Copyright Status of a Particular Work
How Long Does a Copyright Last?
U.S Copyright Office
Doctrine of "Fair Use"
How Are Copyrights Enforced?
SCO Vs. IBM
SCO Vs Linux
Line-by-Line Copying
Plagiarism
Turnitin
Plagiarism detection tools
CopyCatch
Patent
Patent Infringement
Patent Search
Case Study: Microsoft Vs Forgent
Internet Domain Name and ICANN
Domain Name Infringement
Case Study: Microsoft.com Vs MikeRoweSoft.com
How to check for Domain Name Infringement?
Investigative Reports
Need of an investigative report
Report specification
Report Classification
Report and Opinion
Layout of an Investigative Report
Writing Report
Use of Supporting Material
Importance of Consistency
Salient Features of a Good Report
Investigative Report Format
Before Writing the Report
Writing Report Using FTK
Becoming an Expert Witness
Who Is an Expert?
Who Is an Expert Witness?
Role of an Expert Witness
Technical Testimony Vs.
Expert Testimony
Preparing for Testimony
Evidence Preparation and Documentation
Evidence Processing Steps
Rules Pertaining to an Expert Witness' Qualification
Importance of Curriculum Vitae
Technical Definitions
Testifying in Court
The Order of Trial Proceedings
Voir dire
General Ethics While Testifying-i
Evidence Presentation
Importance of Graphics in a Testimony
Helping Your Attorney
Avoiding Testimony Problems
Testifying During Direct Examination
Testifying During Cross Examination
Deposition
Guidelines to Testify at a Deposition
Dealing With Reporters
Forensics in action
E-mail Hoax
Trade Secret Theft
Operation Cyberslam
|