Page 1

EC-Council Certified Security Specialist

http://www.eccouncil.org http://www.eccouncil.org

EC-Council EC-Council

Page 2

http://www.eccouncil.org

EC-Council

Course Description
EC-Council Certified Security Specialist (ECSS) allows students to enhance their skills in three different areas namely information security, network security, and computer forensics. Information security plays a vital role in most of the organizations. Information security is a state of affairs where information, information processing, and communication are protected against the confidentiality, integrity, and availability of information and information processing. In communications, information security also covers trustworthy authentication of messages that cover identification of the parties, verifying, and recording the approval and authorization of the information, non-alteration of the data, and the non-repudiation of the communication or stored data. Network security plays a vital role in most of the organizations. It is the process of preventing and detecting the unauthorized use of your computer. It protects the networks and their services from the unauthorized modification, destruction, or disclosure. Network security provides assurance that a network performs its critical functions correctly and there are no harmful side effects. Computer forensics is the process of detecting hacking attacks and properly extracting evidence to report the crime and conduct audits to prevent future attacks. Computer forensics is the application of computer investigation and analysis techniques in the interests of determining potential legal evidence. Evidence might be sought in a wide range of computer crime or misuse, including but not limited to theft of trade secrets, theft of or destruction of intellectual property, and fraud. Computer forensics enables the systematic and careful identification of evidence in computer related crime and abuse cases. This course will benefit the students who are interested in learning fundamentals of information security, network security, and computer forensics. The EC-Council Certified Security Specialist (ECSS) program is designed primarily for students of academic institutions. It covers the fundamental basics of information security, computer forensics, and network security. The program will give a holistic overview of the key components of information security. Students, who complete the ECSS program, will be equipped with the adequate foundation knowledge and should be able to progress onto the next level. Page 3

http://www.eccouncil.org

EC-Council

Who Should Attend

This course will significantly benefit individuals who are entering into the world of computer security. ECSS is an entry level security program.

Duration
2 days (9:00 5:00) Page 4

Certification
The ECSS exam will be conducted on the last day of training. Students need to pass the online Prometric exam to receive the ECSS certification.

http://www.eccouncil.org

EC-Council

Page 5

EC-Council Certified Security Specialist

E CS S

TM

Master the Security Technologies.

http://www.eccouncil.org

EC-Council

Course Outline v3
Module 01: Information Security Fundamentals 2009 Data Breach Investigations Report Security Threat Report 2009: SOPHOS Data Breach Investigations Report Internet Crime Report: IC3 Top Internet Security Threats of 2008 Emerging Cyber Threats Report for 2009 The Most Prevalent Web Vulnerabilities Information Security Need for Security Cost of Computer Crime The Security, Functionality, and Ease of Use Triangle Common Terminologies Elements of Information Security: CIA Trends in Security 20-Year Trend: Stronger Attack Tools Information Security More Than An IT Challenge For SME Statistics Related to Security Attack on Social Network Sites for Identity Theft The Top Ten List Of Malware-hosting Countries in 2009 2010 Threat Predictions Information Security Laws and Regulations Computer Misuse Act Data Protection Act 1998 Gramm-Leach Bliley Act

Page 6

http://www.eccouncil.org

EC-Council

Module 02: Addressing Threats What is a Threat Current Scenario Knowing Terms: Vulnerability, Exploit Internal Threat Sniffing External Threat Types of External Threats External Threats o Social Engineering o o o o o o Social Engineering Example 1 Social Engineering Example 2 What are Denial of Service Attacks Impact and the Modes of Attack Jolt2 Bubonic.c Land and LaTierra Targa Characteristics of DDoS Attacks DDoS Tool: Tribal Flood Network DDoS Tool: Shaft DDoS Tool: Trinity stacheldraht

Page 7

Denial of Service Attacks

DoS Attack Tools

Distributed Denial of Service Attack (DDoS) DDoS Attack Tool

Virus and Worm Trojan and Rootkit

http://www.eccouncil.org

EC-Council

 o o

Worms and their Role in DoS Attack Worms and their Role in DoS Attack: Troj/Pointu-A Introduction To Corporate Espionage Information that the Corporate Spies Seek How the Information is Attacked Insider Threat Different Categories of Insider Threat Process of Hacking Corporate Espionage: Case Study Activity Monitor Imonitor Employee Activity Monitor Chily Employee Activity Monitor Net Spy Pro Guardian Monitor Professional Accidental Security Breach Automated Computer Attack Countermeasures Vulnerabilities in Windows

Corporate Espionage

Page 8

Employee Monitoring Tools

Module 03: Backdoors, Virus, and Worms Introduction to Virus Characteristics of a Virus Working of Virus Worms Backdoors What is a Trojan o Basic Working of Trojans

http://www.eccouncil.org

EC-Council

 Overt and Covert Channels How is a Worm Different from a Virus Virus History Stages of Virus Life Modes of Virus Infection Indications of Virus Attack Underground Writers Prevention is Better than Cure Anti-Virus Systems Anti-Virus Software AVG Antivirus Norton Antivirus McAfee Spam Killer McAfee VirusScan F-Secure Anti-Virus Kaspersky Anti-Virus How to Detect Trojans Tool:Netstat Tool: TCPView Delete Suspicious Device Drivers Check for Running Processes: Whats on My Computer Super System Helper Tool Tool: Whats Running Top 10 Latest Viruses Module 04: Introduction to the Linux Operating System Linux Linux Distributions Linux Basics Why Do Hackers Use Linux

Page 9

http://www.eccouncil.org

EC-Council

 Why is Linux Hacked How to Apply Patches to Vulnerable Programs Linux Rootkits o o o o Hacking Tool: Linux Rootkits Knark & Torn Tuxit, Adore, Ramen Linux Rootkit: phalanx2 Beastkit Rootkit Countermeasures chkrootkit Detects the Following Rootkits Scanning Networks Nmap in Linux Scanning Tool: Nessus Port Scan Detection Tools Password Cracking in Linux: John the Ripper Firewall in Linux: IPTables IPTables Command Basic Linux Operating System Defense SARA (Security Auditors Research Assistant) Linux Tool: Netcat Linux Tool: tcpdump Linux Tool: Snort Linux Tool: SAINT Linux Tool: Wireshark Linux Under Attack: Compromised SSH Keys Lead to Rootkit

Page 10

o o o o o o o o o o o o o o o o o o

Linux Hacking Tools

Module 05: Password Cracking Authentication Definition

http://www.eccouncil.org

EC-Council

 Authentication Mechanisms HTTP Authentication o o Basic Authentication Digest Authentication

Page 11

Microsoft Passport Authentication What is a Password Cracker Modus Operandi of an Attacker Using Password Cracker How does a Password Cracker Work Attacks Classification Password Guessing Dictionary Maker Password Cracking Tools o o o o o o o o o o o L0phtcrack (LC4) John the Ripper Brutus Hydra Cain & Abel Other Password Cracking Tools WebPassword Password Administrator Password Safe Passwords: Dos and Donts Password Generators

Security Tools

Module 06: Cryptography Basics of Cryptography Public-key Cryptography

http://www.eccouncil.org

EC-Council

 Working of Encryption Digital Signature What is SSH SSH (Secure Shell) RSA (Rivest Shamir Adleman) Example of RSA algorithm RSA Attacks

Page 12

RSA Challenge MD5 SHA (Secure Hash Algorithm) Code Breaking: Methodologies Disk Encryption Cryptography Attacks Role of Cryptography in Data Security Magic Lantern Cleversafe Grid Builder Microsoft Cryptography Tools Module 07: Web Servers and Web Applications Symantec Government Internet Security Threat Report, Published April 2009 Symantec Government Internet Security Threat Report, Published April 2009 Symantec Government Internet Security Threat Report, Published April 2009 Report: Active Servers Across All Domains Top Web Server Developers Web Servers o o o How Web Servers Work Why Web Servers are Compromised Web Application Vulnerabilities Categories

http://www.eccouncil.org

EC-Council

o o o o o o o o o o o o o o o o o o o o o o o o o o o

Popular Web Servers IIS 7 Components IIS Vulnerabilities IIS Vulnerabilities Detection: Tools Apache Vulnerability Increasing Web Servers Security Web Application Architecture Components Web Application Software Components Web Application Setup Web Application Threats Cross-Site Scripting/XSS Flaws An Example of XSS Countermeasures SQL Injection Command Injection Flaws Countermeasures Cookie/Session Poisoning Countermeasures Instant Source Wget GUI for Wget WebSleuth BlackWidow WindowBomb WindowBomb: Report Burpsuite cURL

Page 13

Web Applications

http://www.eccouncil.org

EC-Council

Module 08: Wireless Networks Wireless Networking Effects of Wireless Attacks on Business Wireless Standards o o o Wireless Standard: 802.11a Wireless Standard: 802.11b WiFi Wireless Standard: 802.11g Wireless Standard: 802.11i Wireless Standard: 802.11n Wireless Standard:802.15 (Bluetooth) Wireless Standard:802.16 (WiMax)

Page 14

o o o o

Components of Wireless Network Types of Wireless Network Setting up WLAN Detecting a Wireless Network How to Access a WLAN Advantages and Disadvantages of a Wireless Network Antennas SSID Access Point Positioning Rogue Access Points Techniques to Detect Open Wireless Networks Wireless Security Guidelines Netstumbler Tool MiniStumbler Tool Kismet Tool

http://www.eccouncil.org

EC-Council

Module 09: Intrusion Detection System Intrusion Detection Systems IDS Placement Cybersecurity Plan to Boost IT Firms, But Doubts Persist Types of Intrusion Detection Systems Ways to Detect an Intrusion System Integrity Verifiers (SIV) General Indications of System Intrusions General Indications of File System Intrusions General Indications of Network Intrusions Intrusion Detection Tools o Snort IDS Testing Tool: Traffic IQ Professional IDS Software Vendors Module 10: Firewalls and Honeypots Introduction Terminology Firewwall o o o o o o o o o What is a Firewall What does a Firewall do What cant a Firewall do How does a Firewall Work Firewall Operations Hardware Firewall Software Firewall Types of Firewalls Firewall Identification

Page 15

http://www.eccouncil.org

EC-Council

o o o o o o

Firewalking Banner Grabbing Placing Backdoors through Firewalls What is a Honeypot The Honeynet Project Types of Honeypots Advantages and Disadvantages of a Honeypot Where to Place a Honeypot Honeypots How to Set Up a Honey Pot Honeypot - KFSensor Honeypot-SPECTER Honeypot - honeyd What to do When Hacked

Honeypot

Page 16

o o o o o o o o

Module 11: Hacking Cycle Hacking History Who is a Hacker? Types of Hackers What Does a Hacker Do o o o o o o Phase 1 - Reconnaissance Reconnaissance Types Phase 2 - Scanning Phase 3 - Gaining Access Phase 4 - Maintaining Access Phase 5 - Covering Tracks

Types of Attacks on a System

http://www.eccouncil.org

EC-Council

o o

Operating System Attacks Application Level Attacks

Page 17

Computer Crimes and Implications Legal Perspective (US Federal Law) Module 12: Introduction to Ethical Hacking Attacks Carried out Using Hacked PC Hacker Classes Hacktivism Why Ethical Hacking is Necessary Scope and Limitations of Ethical Hacking What Do Ethical Hackers Do How to Become an Ethical Hacker Skills of an Ethical Hacker Classification of Ethical Hacker Jobs for Ethical Hackers: Job Skills in Order of Popularity Jobs for Ethical Hacker Jobs for Ethical Hacker How Do They Go About It Penetration Testing vis--vis Ethical Hacking How to Simulate an Attack on the Network Testing Approaches General Prevention Vulnerability Research Websites Computer Crimes and Security Survey Computer Crimes and Security Survey

http://www.eccouncil.org

EC-Council

Module 13: Networking Revisited Network Layers Application Layer Transport Layer Internet Layer Network Interface Layer Physical Layer

Page 18

Differentiating Protocols and Services Mapping Internet Protocol to OSI OSI Layers and Device Mapping Network Security o Essentials of Network Security Ingress and Egress Traffic Data Security Threats over a Network Network Security Policies What Defines a Good Security Policy Types of Network Security Policies o o Sample Security Policy Computer Acceptable Use Policy

Module 14: Secure Network Protocols Secure Network Protocols o o o o o o E-mail Security Protocol - S/MIME E-mail Security Protocol - PGP Web Security Protocol - SSL Web Security Protocol - SSH Web Security Protocol -HTTP Web Security Protocol -HTTPS

http://www.eccouncil.org

EC-Council

o o o o o o

VPN Security Protocol - IPSec VPN Security Protocol - PPTP VPN Security Protocol -L2TP Wireless Security Protocol - WEP VoIP Security Protocol -H.323 VoIP Security Protocol- SIP

Page 19

Public Key Infrastructure (PKI) Access Control Lists (ACL) Authentication, Authorization, Accounting (AAA) RADIUS TACACS+ Kerberos Internet Key Exchange protocol (IKE) Module 15: Authentication Authentication Definition AuthenticationAuthorization Authentication Mechanisms HTTP Authentication o o o o Basic Authentication Digest Authentication Certificate-based Authentication Forms-based Authentication

RSA SecurID Token Biometrics Authentication Types of Biometrics Authentication o o Face Recognition Retina Scanning

http://www.eccouncil.org

EC-Council

o o

Fingerprint-based Identification Hand Geometry-based Identification

Digital Certificates Attacks on Password Authentication Module 16: Network Attacks Network Attacks

Page 20

o o o o o o o o o

Denial of Service (DoS) DoS Countermeasures Scanning Countermeasures Packet Sniffing Countermeasures IP Spoofing Countermeasures ARP Spoofing Countermeasures Session Hijacking Countermeasures Scanning Packet Sniffing IP Spoofing ARP Spoofing Session Hijacking Spam Statistics-2009 Spamming Spamming Countermeasures Eavesdropping Countermeasures Eavesdropping

Module 17: Bastion Hosts and DMZ Bastion Host - Introduction Types of Bastion Hosts

http://www.eccouncil.org

EC-Council

 Need for a Bastion Host Basic Principles for Building a Bastion Host General Requirements to Setup a Bastion Host Hardware Requirements Selecting the Operating System for the Bastion Host Positioning the Bastion Host o o o Physical Location Network Location Select a Secure Location

Page 21

Auditing the Bastion Host Connecting the Bastion Host Tool: IPSentry What is DMZ Different Ways to Create a DMZ Where to Place Bastion Host in the DMZ Benefits of DMZ Module 18: Proxy Servers What are Proxy Servers Benefits of a Proxy Server Other Benefits of a Proxy Server Working of a Proxy Server Functions of a Proxy Server Communication Via a Proxy Server Proxy Server-to-Proxy Server Linking Proxy Servers vs. Packet Filters Networking Protocols for Proxy Servers o S-HTTP

http://www.eccouncil.org

EC-Council

 Types of Proxy Servers o o o o o Transparent Proxies Non-transparent Proxy SOCKS Wingate Symantec Enterprise Firewall

Proxy Server-based Firewalls

Page 22

Microsoft Internet Security & Acceleration Server (ISA) ISA Server 2006 components Steps to Configure Proxy Server on IE Limitations of a Proxy server List of Proxy Sites Module 19: Virtual Private Network What is a VPN VPN Deployment Tunneling Described Types of Tunneling Popular VPN Tunneling Protocols VPN Security VPN via SSH and PPP VPN via SSL and PPP VPN via Concentrator Other Methods VPN Registration and Passwords Intro to IPSec IPSec Services Combining VPN and Firewalls

http://www.eccouncil.org

EC-Council

 VPN Vulnerabilities

Page 23

Module 20: Introduction to Wireless Network Security Introduction to Wireless Networking Basics Types of Wireless Networks o o o o WLANS WPANs WMANs WWANs

Antennas SSIDs Rogue Access Points Tools to Detect Rogue Access Points: NetStumbler Netstumbler What is Wired Equivalent Privacy (WEP) WEP Tool: AirSnort 802.11 Wireless LAN Security Limitations of WEP Security Wireless Transportation Layer Security (WTLS) Extensible Authentication Protocol (EAP) Methods 802.11i Wi-Fi Protected Access (WPA) TKIP and AES Denial of Service Attacks Man-in-the-Middle Attack (MITM) WIDZ, Wireless Intrusion Detection System Securing Wireless Networks

http://www.eccouncil.org

EC-Council

 Maximum Security: Add VPN to Wireless LAN Module 21: Voice over Internet Protocol VoIP Introduction Benefits of VoIP Basic VoIP Architecture VoIP Layers

Page 24

VoIP Standards Wireless VoIP VoIP Threats VoIP Vulnerabilities VoIP Security Skypes International Long Distance Share Grows, Fast. VoIP Services in Europe VoIP Sniffing Tools o o o o o o o o o o o AuthTool VoIPong Vomit PSIPDump Web Interface for SIP Trace (WIST) SNScan Netcat SiVus SipBomber Spitter Scapy

VoIP Scanning and Enumeration Tools

VoIP Packet Creation and Flooding Tools

http://www.eccouncil.org

EC-Council

 VoIP Fuzzing Tools o o o o o o o o o o o Ohrwurm SIP Forum Test Framework Asteroid RTP Tools Tcpdump Wireshark Softperfect Network Sniffer HTTP Sniffer SmartSniff P.862 RTCP XR RFC3611

Page 25

VoIP Signaling Manipulation Tools Other VoIP Tools

VoIP Troubleshooting Tools

Module 22: Computer Forensics Fundamentals Forensic Science Computer Forensics Evolution of Computer Forensics Objectives of Computer Forensics Need for Computer Forensics Cyber Crime Modes of Attacks Examples of Cyber Crime Types of Computer Crimes How Serious Are Different Types of Incidents Disruptive Incidents to the Business

http://www.eccouncil.org

EC-Council

 Time Spent Responding to the Security Incident Cost Expenditure Responding to the Security Incident Cyber Crime Investigation Process Challenges in Cyber Crime Investigation Rules of Forensic Investigation Role of Forensics Investigator Investigative Agencies: FBI

Page 26

Investigative Agencies: National Infrastructure Protection Center Role of Law Enforcement Agencies in Forensics Investigation Reporting Security Breaches to Law Enforcement Agencies in the U.S.A Cyber Laws Approaches to Formulation of Cyber Laws Some Areas Addressed by Cyber Law Important Federal Statutes Module 23: Trademark, Copyright, and Patents Trademark Infringement o o o o o o o o o o Trademarks Trademark Eligibility and Benefits of Registering It Service Marks and Trade Dress Trademark Infringement Trademark Search Monitoring Trademark Infringements Key Considerations Before Investigating Trademark Infringements Steps for Investigating Trademark Infringements Copyright and Copyright Notice Investigating Copyright Status of a Particular Work

Copyright Infringement

http://www.eccouncil.org

EC-Council

o o o o o o o o o o o o o o o o o o o o o o o o

How Long Does a Copyright Last U.S. Copyright Office Doctrine of Fair Use How are Copyrights Enforced Types of Plagiarism Steps for Plagiarism Prevention Plagiarism Detection Factors iParadigms: Plagiarism Detection Tool iThenticate: Uploading Document iThenticate: Generating Report iThenticate: Report Turnitin Essay Verification Engine 2 (EVE2) Jplag Sherlock: Plagiarism Detector Dupli Checker SafeAssignment PlagiarismDetect.com Patent Patent Infringement Types of Patent Infringement Patent Search USPTO Recommended Seven-step Strategy for Patent Search U.S. Laws for Trademarks and Copyright Indian Laws for Trademarks and Copyright

Page 27

Plagiarism

Plagiarism Detection Tools

Patent Infringement

Trademarks and Copyright Laws

http://www.eccouncil.org

EC-Council

o o

UK Laws for Trademarks and Copyright Hong Kong Laws for Intellectual Property

Module 24: Network and Router Forensics Fundamentals Network Forensics o o Challenges in Network Forensics Internal Threat External Threat Network Attacks Automated Computer Attack Sources of Evidence on a Network Wireshark Tcpdump NetIntercept CommView EtherSnoop eTrust Network Forensics ProDiscover Investigator Documenting the Evidence Gathered on a Network Evidence Reconstruction for Investigation What is a Router Functions of a Router A Router in an OSI Model Routing Table and its Components Router Architecture Implications of a Router Attack

Page 28

o o o o o o o o o o o o o o o o o o o

Traffic Capturing and Analysis Tools

Router Forensics

http://www.eccouncil.org

EC-Council

o o o

Routers Vulnerabilities Types of Router Attacks Router Attack Topology Denial of Service (DoS) Attacks Packet Mistreating Attacks Routing Table Poisoning Hit-and-Run and Persistent Attacks

Page 29

o o o o o o o o o o

Router Forensics Vs. Traditional Forensics Investigating Routers Seize the Router and Maintain Chain of Custody Incident Response & Session Recording Accessing the Router Volatile Evidence Gathering Router Investigation Steps Link Logger Router Audit Tool (RAT) Generate the Report

Module 25: Incident Response and Forensics Cyber Incident Statistics What is an Incident Security Incidents Category of Incidents o o o Category of Incidents: Low Level Category of Incidents: Mid Level Category of Incidents: High Level

How to Identify an Incident How to Prevent an Incident

http://www.eccouncil.org

EC-Council

 Incident Management Reporting an Incident Pointers to Incident Reporting Process Report a Privacy or Security Violation Preliminary Information Security Incident Reporting Form Incident Response Procedure Incident Response Policy

Page 30

Incident Response Checklist Handling Incidents Procedure for Handling Incidents o o o o o o Preparation Identification Containment Eradication Recovery Follow-up

Post-Incident Activity CSIRT o o o o CSIRT Overview Need for CSIRT How CSIRT Handles Case: Steps Best Practices for Creating a CSIRT

CERT World CERTs GFIRST FIRST IRTs Around the World

http://www.eccouncil.org

EC-Council

Module 26: Digital Evidence Digital Evidence Challenging Aspects of Digital Evidence The Role of Digital Evidence Characteristics of Digital Evidence Fragility of Digital Evidence Types of Digital Data Rules of Evidence Best Evidence Rule Evidence Life Cycle Digital Evidence Investigative Process Where to Find Digital Evidence Securing Digital Evidence Documenting Evidence Evidence Examiner Report Handling Digital Evidence in a Forensics Lab Obtaining a Digital Signature and Analyzing it Processing Digital Evidence Storing Digital Evidence Evidence Retention and Media Storage Requirements Forensics Tool: Dcode Forensics Tool: WinHex Forensics Tool: PDA Secure Forensics Tool: Device Seizure Module 27: Understanding Windows, DOS, Linux, and Macintosh File Systems Types of File Systems

Page 31

http://www.eccouncil.org

EC-Council

 Understanding System Boot Sequence Exploring Microsoft File Structures Exploring Microsoft File Structures: FAT vs. NTFS FAT o o FAT Structure NTFS Architecture NTFS System Files EFS File Structure NTFS

Page 32

o o

Encrypted File Systems (EFS) CDFS Comparison of File Systems Exploring Microsoft File Structures: Cluster Gathering Evidence on Windows Systems Gathering Volatile Evidence on Windows Example: Checking Current Processes With Forensic Tool pslist Example: Checking Open Ports With Forensic Tool fport Checking Registry Entries Features of Forensic Tool: Resplendent Registrar How to Create a System State Backup Windows Forensics Tool: Helix Tools Present in Helix CD for Windows Forensics Integrated Windows Forensics Software: X-Ways Forensics Windows Forensics Tool: Traces Viewer UNIX Overview Linux Overview Exploring Unix/Linux Disk Data Structures Understanding Unix/Linux Boot Process

http://www.eccouncil.org

EC-Council

 Understanding Linux Loader Popular Linux File Systems Use of Linux as a Forensics Tool Advantages of Linux in Forensics Popular Linux Forensics Tools Mac OS X Mac Security Architecture Overview Exploring Macintosh Boot Tasks Mac OS X File System Mac Forensic Tool: MacLockPick Mac Forensic Tool: MacAnalysis Module 28: Steganography Introduction Definition of Steganography Model of Stegosystem Application of Steganography Steganography Vs. Cryptography Classification of Steganography Technical Steganography Linguistic Steganography Digital Steganography Strides in Steganography Different Forms of Steganography o o o Text File Steganography Hiding Information In Text Files Image File Steganography Steganography - Steps for Hiding Information

Page 33

http://www.eccouncil.org

EC-Council

o o

Audio File Steganography Low-bit Encoding in Audio Files Video File Steganography

Hiding Information in DNA Steganographic File System Real World Applications of Steganography Practical Applications of Steganography

Page 34

Unethical Use of Steganography Introduction to Stego-Forensics Detecting Steganography Detecting Text, Image, Audio and Video Steganography Steganography Tools o o o o o o o o Stegdetect Stego Watch Snow Fort Knox S- Tools Steghide Mp3Stego Invisible Secrets

Module 29: Analyzing Logs Computer Security Logs o o o Operating System Logs Application Logs Security Software Logs

Importance of Logs in Forensics Security Logging

http://www.eccouncil.org

EC-Council

 Examining Intrusion and Security Events Logon Event in Window Windows Log File Logging in Windows Remote Logging in Windows Ntsyslog Logs and Legal Issues o o o o o o o o o o o o o o o o o o Legality of Using Logs Laws and Regulations Functions of Log Management Challenges in Log Management Central Logging Design Centralized Logging Setup Logging in Unix / Linux -Syslog Remote Logging with Syslog Significance of Synchronized Time Event Gathering EventCombMT Writing Scripts Event Gathering Tools Dumpel LogDog Forensic Tool: fwanalog Syslog-ng Logging System WinSyslog Syslog Server

Page 35

Log Management

Centralized Logging and Syslogs

Log Capturing and Analysis Tools

http://www.eccouncil.org

EC-Council

Kiwi Syslog Server

Module 30: E-mail Crime and Computer Forensics Email System Internet Protocols Email Client Email Server

Page 36

Exploring the Roles of the Client and Server in E-mail Phishing Attack Reasons for Successful Phishing Identifying E-mail Crimes and Violations Investigating Email Crime and Violation Obtain a Search Warrant and Seize the Computer and Email Account Obtain a Bit-by-Bit Image of Email Information Sending E-mail Using Telnet Viewing E-mail Headers Viewing Headers in Microsoft Outlook Viewing Headers in AOL Viewing Headers in Hotmail Viewing Headers in Gmail Gmail Header Examining an E-mail Header Tracing an E-mail Message Using Network Logs Related to E-mail Tracing Back Tracing Back Web Based E-mail Searching E-mail Addresses E-mail Search Site

http://www.eccouncil.org

EC-Council

 Using Specialized E-mail Forensic Tools o o o o o o o EnCase Forensic FTK Imager FINALeMAIL Netcraft eMailTrackerPro E-mail Examiner LoPe

Page 37

U.S. Laws Against Email Crime: CAN-SPAM Act Email Crime Law in Washington: RCW 19.190.020 Module 31: Introduction to Writing Investigative Report Computer Forensic Report Significance of Investigative Reports Computer Forensics Report Template Report Specifications Report Classification What to Include in an Investigative Report Layout of an Investigative Report Writing a Report Guidelines for Writing a Report Salient Features of a Good Report Important Aspects of a Good Report Investigative Report Format Attachments and Appendices Report and Expert Opinion Use of Supporting Material Sample Forensic Report

http://www.eccouncil.org

EC-Council

 Sample Report Writing Report Using FTK Module 32: Computer Forensics as a Profession Introduction Developing Computer Forensics Resources Computer Forensics Experts

Page 38

Preparing for Computing Investigations Enforcement Agency Investigations Corporate Investigations Maintaining Professional Conduct Legal Issues Approach to Forensic Investigation: A Case Study Email Infidelity in a Computer Forensics Investigation Case Study

http://www.eccouncil.org

EC-Council

For Training Requirements, Please Contact EC-Council ATC. EC-Council

Page 39

http://www.eccouncil.org info@eccouncil.org

2010 EC-Council. All rights reserved. This document is for informational purposes only. EC-Council MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY. EC-Council and ECSS logos are registered trademarks or trademarks of EC-Council in the United States and/or other countries.

http://www.eccouncil.org

EC-Council