Page 1
http://www.eccouncil.org EC-Councilhttp://www.eccouncil.org EC-Council
EC-Council Certified Security Specialist
Page
2
http://www.eccouncil.org EC-Council
Page 3
http://www.eccouncil.org EC-Council
Course Description
EC-Council Certified Security Specialist (ECSS) allows students to enhance their skills in three differ-ent areas namely information security, network security, and computer forensics.
Information security plays a vital role in most of the organizations. Information security is a state of affairs where information, information processing, and communication are protected against the con-fidentiality, integrity, and availability of information and information processing. In communications, information security also covers trustworthy authentication of messages that cover identification of the parties, verifying, and recording the approval and authorization of the information, non-alteration of the data, and the non-repudiation of the communication or stored data.
Network security plays a vital role in most of the organizations. It is the process of preventing and detecting the unauthorized use of your computer. It protects the networks and their services from the unauthorized modification, destruction, or disclosure. Network security provides assurance that a net-work performs its critical functions correctly and there are no harmful side effects.
Computer forensics is the process of detecting hacking attacks and properly extracting evidence to report the crime and conduct audits to prevent future attacks. Computer forensics is the application of computer investigation and analysis techniques in the interests of determining potential legal evidence. Evidence might be sought in a wide range of computer crime or misuse, including but not limited to theft of trade secrets, theft of or destruction of intellectual property, and fraud. Computer forensics enables the systematic and careful identification of evidence in computer related crime and abuse cases.
This course will benefit the students who are interested in learning fundamentals of information secu-rity, network security, and computer forensics.
The EC-Council Certified Security Specialist (ECSS) program is designed primarily for students of academic institutions. It covers the fundamental basics of information security, computer forensics, and network security.
The program will give a holistic overview of the key components of information security. Students, who complete the ECSS program, will be equipped with the adequate foundation knowledge and should be able to progress onto the next level.
Page
4
http://www.eccouncil.org EC-Council
Who Should Attend
This course will significantly benefit individuals who are entering into the world of computer security. ECSS is an entry level security program.
Duration
2 days (9:00 5:00)
Certification
The ECSS exam will be conducted on the last day of training. Students need to pass the online Pro-metric exam to receive the ECSS certification.
Page 5
http://www.eccouncil.org EC-Council
Master the Security Technologies.
E C S SEC-Council Certified Security Specialist
TM
Page
6
http://www.eccouncil.org EC-Council
Course Outline v3
Module 01: Information Security Fundamentals
2009 Data Breach Investigations Report Security Threat Report 2009: SOPHOS Data Breach Investigations Report Internet Crime Report: IC3 Top Internet Security Threats of 2008 Emerging Cyber Threats Report for 2009 The Most Prevalent Web Vulnerabilities Information Security Need for Security Cost of Computer Crime The Security, Functionality, and Ease of Use Triangle Common Terminologies Elements of Information Security: CIA Trends in Security 20-Year Trend: Stronger Attack Tools Information Security More Than An IT Challenge For SME Statistics Related to Security Attack on Social Network Sites for Identity Theft The Top Ten List Of Malware-hosting Countries in 2009 2010 Threat Predictions Information Security Laws and Regulations Computer Misuse Act Data Protection Act 1998 Gramm-Leach Bliley Act
Page 7
http://www.eccouncil.org EC-Council
Module 02: Addressing Threats
What is a Threat Current Scenario Knowing Terms: Vulnerability, Exploit Internal Threat Sniffing External Threat Types of External Threats External Threats
o Social Engineering Social Engineering Example 1
Social Engineering Example 2
o Denial of Service Attacks What are Denial of Service Attacks
Impact and the Modes of Attack
o DoS Attack Tools Jolt2
Bubonic.c
Land and LaTierra
Targa
o Distributed Denial of Service Attack (DDoS) Characteristics of DDoS Attacks
o DDoS Attack Tool DDoS Tool: Tribal Flood Network
DDoS Tool: Shaft
DDoS Tool: Trinity
stacheldraht
o Virus and Wormo Trojan and Rootkit
Page
8
http://www.eccouncil.org EC-Council
Worms and their Role in DoS Attack
Worms and their Role in DoS Attack: Troj/Pointu-A
o Corporate Espionage Introduction To Corporate Espionage
Information that the Corporate Spies Seek
How the Information is Attacked
Insider Threat
Different Categories of Insider Threat
Process of Hacking
Corporate Espionage: Case Study
o Employee Monitoring Tools Activity Monitor
Imonitor Employee Activity Monitor
Chily Employee Activity Monitor
Net Spy Pro
Guardian Monitor Professional
Accidental Security Breach
Automated Computer Attack
Countermeasures
Vulnerabilities in Windows
Module 03: Backdoors, Virus, and Worms
Introduction to Virus Characteristics of a Virus Working of Virus Worms Backdoors What is a Trojan
o Basic Working of Trojans
Page 9
http://www.eccouncil.org EC-Council
Overt and Covert Channels How is a Worm Different from a Virus Virus History Stages of Virus Life Modes of Virus Infection Indications of Virus Attack Underground Writers Prevention is Better than Cure Anti-Virus Systems Anti-Virus Software AVG Antivirus Norton Antivirus McAfee Spam Killer McAfee VirusScan F-Secure Anti-Virus Kaspersky Anti-Virus How to Detect Trojans Tool:Netstat Tool: TCPView Delete Suspicious Device Drivers Check for Running Processes: Whats on My Computer Super System Helper Tool Tool: Whats Running Top 10 Latest Viruses
Module 04: Introduction to the Linux Operating System
Linux Linux Distributions Linux Basics Why Do Hackers Use Linux
Page
10
http://www.eccouncil.org EC-Council
Why is Linux Hacked How to Apply Patches to Vulnerable Programs Linux Rootkits
o Hacking Tool: Linux Rootkitso Knark & Torn o Tuxit, Adore, Ramen o Linux Rootkit: phalanx2o Beastkit o Rootkit Countermeasureso chkrootkit Detects the Following Rootkits
Linux Hacking Tools o Scanning Networkso Nmap in Linux o Scanning Tool: Nessuso Port Scan Detection Toolso Password Cracking in Linux: John the Ripper o Firewall in Linux: IPTableso IPTables Commando Basic Linux Operating System Defense o SARA (Security Auditors Research Assistant)o Linux Tool: Netcat o Linux Tool: tcpdump o Linux Tool: Snort o Linux Tool: SAINT o Linux Tool: Wireshark o Linux Under Attack: Compromised SSH Keys Lead to Rootkit
Module 05: Password Cracking
Authentication Definition
Page 11
http://www.eccouncil.org EC-Council
Authentication Mechanisms HTTP Authentication
o Basic Authenticationo Digest Authentication
Microsoft Passport Authentication What is a Password Cracker Modus Operandi of an Attacker Using Password Cracker How does a Password Cracker Work Attacks Classification Password Guessing Dictionary Maker Password Cracking Tools
o L0phtcrack (LC4) o John the Ripper o Brutus o Hydra o Cain & Abel o Other Password Cracking Tools
Security Tools o WebPassword o Password Administratoro Password Safe o Passwords: Dos and Dontso Password Generators
Module 06: Cryptography
Basics of Cryptography Public-key Cryptography
Page
12
http://www.eccouncil.org EC-Council
Working of Encryption Digital Signature What is SSH SSH (Secure Shell) RSA (Rivest Shamir Adleman) Example of RSA algorithm RSA Attacks RSA Challenge MD5 SHA (Secure Hash Algorithm) Code Breaking: Methodologies Disk Encryption Cryptography Attacks Role of Cryptography in Data Security Magic Lantern Cleversafe Grid Builder Microsoft Cryptography Tools
Module 07: Web Servers and Web Applications
Symantec Government Internet Security Threat Report, Published April 2009 Symantec Government Internet Security Threat Report, Published April 2009 Symantec Government Internet Security Threat Report, Published April 2009 Report: Active Servers Across All Domains Top Web Server Developers Web Servers
o How Web Servers Worko Why Web Servers are Compromisedo Web Application Vulnerabilities Categories
Page 13
http://www.eccouncil.org EC-Council
o Popular Web Serverso IIS 7 Componentso IIS Vulnerabilitieso IIS Vulnerabilities Detection: Toolso Apache Vulnerabilityo Increasing Web Servers Security
Web Applicationso Web Application Architecture Componentso Web Application Software Componentso Web Application Setupo Web Application Threats o Cross-Site Scripting/XSS Flawso An Example of XSSo Countermeasureso SQL Injectiono Command Injection Flawso Countermeasureso Cookie/Session Poisoningo Countermeasureso Instant Source o Wget o GUI for Wgeto WebSleuth o BlackWidow o WindowBomb o WindowBomb: Reporto Burpsuite o cURL
Page
14
http://www.eccouncil.org EC-Council
Module 08: Wireless Networks
Wireless Networking Effects of Wireless Attacks on Business Wireless Standards
o Wireless Standard: 802.11ao Wireless Standard: 802.11b WiFio Wireless Standard: 802.11go Wireless Standard: 802.11io Wireless Standard: 802.11no Wireless Standard:802.15 (Bluetooth)o Wireless Standard:802.16 (WiMax)
Components of Wireless Network Types of Wireless Network Setting up WLAN Detecting a Wireless Network How to Access a WLAN Advantages and Disadvantages of a Wireless Network Antennas SSID Access Point Positioning Rogue Access Points Techniques to Detect Open Wireless Networks Wireless Security Guidelines Netstumbler Tool MiniStumbler Tool Kismet Tool
Page 15
http://www.eccouncil.org EC-Council
Module 09: Intrusion Detection System
Intrusion Detection Systems IDS Placement Cybersecurity Plan to Boost IT Firms, But Doubts Persist Types of Intrusion Detection Systems Ways to Detect an Intrusion System Integrity Verifiers (SIV) General Indications of System Intrusions General Indications of File System Intrusions General Indications of Network Intrusions Intrusion Detection Tools
o Snort IDS Testing Tool: Traffic IQ Professional IDS Software Vendors
Module 10: Firewalls and Honeypots
Introduction Terminology Firewwall
o What is a Firewallo What does a Firewall doo What cant a Firewall doo How does a Firewall Worko Firewall Operationso Hardware Firewallo Software Firewallo Types of Firewallso Firewall Identification
Page
16
http://www.eccouncil.org EC-Council
o Firewalkingo Banner Grabbingo Placing Backdoors through Firewalls
Honeypoto What is a Honeypoto The Honeynet Projecto Types of Honeypots o Advantages and Disadvantages of a Honeypot o Where to Place a Honeypot o Honeypots o How to Set Up a Honey Poto Honeypot - KFSensoro Honeypot-SPECTER o Honeypot - honeydo What to do When Hacked
Module 11: Hacking Cycle
Hacking History Who is a Hacker? Types of Hackers What Does a Hacker Do
o Phase 1 - Reconnaissanceo Reconnaissance Typeso Phase 2 - Scanningo Phase 3 - Gaining Accesso Phase 4 - Maintaining Accesso Phase 5 - Covering Tracks
Types of Attacks on a System
Page 17
http://www.eccouncil.org EC-Council
o Operating System Attackso Application Level Attacks
Computer Crimes and Implications Legal Perspective (US Federal Law)
Module 12: Introduction to Ethical Hacking
Attacks Carried out Using Hacked PC Hacker Classes Hacktivism Why Ethical Hacking is Necessary Scope and Limitations of Ethical Hacking What Do Ethical Hackers Do How to Become an Ethical Hacker Skills of an Ethical Hacker Classification of Ethical Hacker Jobs for Ethical Hackers: Job Skills in Order of Popularity Jobs for Ethical Hacker Jobs for Ethical Hacker How Do They Go About It Penetration Testing vis--vis Ethical Hacking How to Simulate an Attack on the Network Testing Approaches General Prevention Vulnerability Research Websites Computer Crimes and Security Survey Computer Crimes and Security Survey
Page
18
http://www.eccouncil.org EC-Council
Module 13: Networking Revisited
Network Layers Application Layer Transport Layer Internet Layer Network Interface Layer Physical Layer Differentiating Protocols and Services Mapping Internet Protocol to OSI OSI Layers and Device Mapping Network Security
o Essentials of Network Security Ingress and Egress Traffic Data Security Threats over a Network Network Security Policies What Defines a Good Security Policy Types of Network Security Policies
o Sample Security Policyo Computer Acceptable Use Policy
Module 14: Secure Network Protocols
Secure Network Protocolso E-mail Security Protocol - S/MIMEo E-mail Security Protocol - PGP o Web Security Protocol - SSLo Web Security Protocol - SSHo Web Security Protocol -HTTPo Web Security Protocol -HTTPS
Page 19
http://www.eccouncil.org EC-Council
o VPN Security Protocol - IPSeco VPN Security Protocol - PPTPo VPN Security Protocol -L2TPo Wireless Security Protocol - WEPo VoIP Security Protocol -H.323o VoIP Security Protocol- SIP
Public Key Infrastructure (PKI) Access Control Lists (ACL) Authentication, Authorization, Accounting (AAA) RADIUS TACACS+ Kerberos Internet Key Exchange protocol (IKE)
Module 15: Authentication
Authentication Definition AuthenticationAuthorization Authentication Mechanisms HTTP Authentication
o Basic Authenticationo Digest Authenticationo Certificate-based Authenticationo Forms-based Authentication
RSA SecurID Token Biometrics Authentication Types of Biometrics Authentication
o Face Recognitiono Retina Scanning
Page
20
http://www.eccouncil.org EC-Council
o Fingerprint-based Identification o Hand Geometry-based Identification
Digital Certificates Attacks on Password Authentication
Module 16: Network Attacks
Network Attackso Denial of Service (DoS)
DoS Countermeasures
o Scanning Scanning Countermeasures
o Packet Sniffing Packet Sniffing Countermeasures
o IP Spoofing IP Spoofing Countermeasures
o ARP Spoofing ARP Spoofing Countermeasures
o Session Hijacking Session Hijacking Countermeasures
o Spam Statistics-2009o Spamming
Spamming Countermeasures
o Eavesdropping Eavesdropping Countermeasures
Module 17: Bastion Hosts and DMZ
Bastion Host - Introduction Types of Bastion Hosts
Page 21
http://www.eccouncil.org EC-Council
Need for a Bastion Host Basic Principles for Building a Bastion Host General Requirements to Setup a Bastion Host Hardware Requirements Selecting the Operating System for the Bastion Host Positioning the Bastion Host
o Physical Locationo Network Locationo Select a Secure Location
Auditing the Bastion Host Connecting the Bastion Host Tool: IPSentry What is DMZ Different Ways to Create a DMZ Where to Place Bastion Host in the DMZ Benefits of DMZ
Module 18: Proxy Servers
What are Proxy Servers Benefits of a Proxy Server Other Benefits of a Proxy Server Working of a Proxy Server Functions of a Proxy Server Communication Via a Proxy Server Proxy Server-to-Proxy Server Linking Proxy Servers vs. Packet Filters Networking Protocols for Proxy Servers
o S-HTTP
Page
22
http://www.eccouncil.org EC-Council
Types of Proxy Serverso Transparent Proxieso Non-transparent Proxyo SOCKS
Proxy Server-based Firewallso Wingate o Symantec Enterprise Firewall
Microsoft Internet Security & Acceleration Server (ISA) ISA Server 2006 components Steps to Configure Proxy Server on IE Limitations of a Proxy server List of Proxy Sites
Module 19: Virtual Private Network
What is a VPN VPN Deployment Tunneling Described Types of Tunneling Popular VPN Tunneling Protocols VPN Security VPN via SSH and PPP VPN via SSL and PPP VPN via Concentrator Other Methods VPN Registration and Passwords Intro to IPSec IPSec Services Combining VPN and Firewalls
Page 23
http://www.eccouncil.org EC-Council
VPN Vulnerabilities
Module 20: Introduction to Wireless Network Security
Introduction to Wireless Networking Basics Types of Wireless Networks
o WLANSo WPANso WMANso WWANs
Antennas SSIDs Rogue Access Points Tools to Detect Rogue Access Points: NetStumbler Netstumbler What is Wired Equivalent Privacy (WEP) WEP Tool: AirSnort 802.11 Wireless LAN Security Limitations of WEP Security Wireless Transportation Layer Security (WTLS) Extensible Authentication Protocol (EAP) Methods 802.11i Wi-Fi Protected Access (WPA) TKIP and AES Denial of Service Attacks Man-in-the-Middle Attack (MITM) WIDZ, Wireless Intrusion Detection System Securing Wireless Networks
Page
24
http://www.eccouncil.org EC-Council
Maximum Security: Add VPN to Wireless LAN
Module 21: Voice over Internet Protocol
VoIP Introduction Benefits of VoIP Basic VoIP Architecture VoIP Layers VoIP Standards Wireless VoIP VoIP Threats VoIP Vulnerabilities VoIP Security Skypes International Long Distance Share Grows, Fast. VoIP Services in Europe VoIP Sniffing Tools
o AuthToolo VoIPongo Vomito PSIPDumpo Web Interface for SIP Trace (WIST)
VoIP Scanning and Enumeration Toolso SNScano Netcato SiVus
VoIP Packet Creation and Flooding Toolso SipBombero Spittero Scapy
Page 25
http://www.eccouncil.org EC-Council
VoIP Fuzzing Toolso Ohrwurmo SIP Forum Test Frameworko Asteroid
VoIP Signaling Manipulation Toolso RTP Tools
Other VoIP Toolso Tcpdumpo Wiresharko Softperfect Network Sniffero HTTP Sniffero SmartSniff
VoIP Troubleshooting Toolso P.862o RTCP XR RFC3611
Module 22: Computer Forensics Fundamentals
Forensic Science Computer Forensics Evolution of Computer Forensics Objectives of Computer Forensics Need for Computer Forensics Cyber Crime Modes of Attacks Examples of Cyber Crime Types of Computer Crimes How Serious Are Different Types of Incidents Disruptive Incidents to the Business
Page
26
http://www.eccouncil.org EC-Council
Time Spent Responding to the Security Incident Cost Expenditure Responding to the Security Incident Cyber Crime Investigation Process Challenges in Cyber Crime Investigation Rules of Forensic Investigation Role of Forensics Investigator Investigative Agencies: FBI Investigative Agencies: National Infrastructure Protection Center Role of Law Enforcement Agencies in Forensics Investigation Reporting Security Breaches to Law Enforcement Agencies in the U.S.A Cyber Laws Approaches to Formulation of Cyber Laws Some Areas Addressed by Cyber Law Important Federal Statutes
Module 23: Trademark, Copyright, and Patents
Trademark Infringement o Trademarks o Trademark Eligibility and Benefits of Registering Ito Service Marks and Trade Dresso Trademark Infringement o Trademark Searcho Monitoring Trademark Infringementso Key Considerations Before Investigating Trademark Infringementso Steps for Investigating Trademark Infringements
Copyright Infringement o Copyright and Copyright Noticeo Investigating Copyright Status of a Particular Work
Page 27
http://www.eccouncil.org EC-Council
o How Long Does a Copyright Lasto U.S. Copyright Officeo Doctrine of Fair Useo How are Copyrights Enforced
Plagiarism o Types of Plagiarismo Steps for Plagiarism Preventiono Plagiarism Detection Factors
Plagiarism Detection Tools o iParadigms: Plagiarism Detection Tool o iThenticate: Uploading Documento iThenticate: Generating Reporto iThenticate: Reporto Turnitin o Essay Verification Engine 2 (EVE2) o Jplag o Sherlock: Plagiarism Detector o Dupli Checker o SafeAssignment o PlagiarismDetect.com
Patent Infringement o Patento Patent Infringemento Types of Patent Infringement o Patent Search USPTO Recommended Seven-step Strategy for Patent Search
Trademarks and Copyright Laws o U.S. Laws for Trademarks and Copyrighto Indian Laws for Trademarks and Copyright
Page
28
http://www.eccouncil.org EC-Council
o UK Laws for Trademarks and Copyrighto Hong Kong Laws for Intellectual Property
Module 24: Network and Router Forensics Fundamentals
Network Forensicso Challenges in Network Forensicso Internal Threato External Threato Network Attackso Automated Computer Attacko Sources of Evidence on a Network
Traffic Capturing and Analysis Tools o Wireshark o Tcpdump o NetIntercept o CommView o EtherSnoop o eTrust Network Forensics o ProDiscover Investigator o Documenting the Evidence Gathered on a Networko Evidence Reconstruction for Investigation
Router Forensics o What is a Routero Functions of a Routero A Router in an OSI Modelo Routing Table and its Componentso Router Architectureo Implications of a Router Attack
Page 29
http://www.eccouncil.org EC-Council
o Routers Vulnerabilitieso Types of Router Attackso Router Attack Topology
Denial of Service (DoS) Attacks
Packet Mistreating Attacks
Routing Table Poisoning
Hit-and-Run and Persistent Attacks
o Router Forensics Vs. Traditional Forensicso Investigating Routerso Seize the Router and Maintain Chain of Custodyo Incident Response & Session Recordingo Accessing the Routero Volatile Evidence Gatheringo Router Investigation Stepso Link Logger o Router Audit Tool (RAT) o Generate the Report
Module 25: Incident Response and Forensics
Cyber Incident Statistics What is an Incident Security Incidents Category of Incidents
o Category of Incidents: Low Level o Category of Incidents: Mid Levelo Category of Incidents: High Level
How to Identify an Incident How to Prevent an Incident
Page
30
http://www.eccouncil.org EC-Council
Incident Management Reporting an Incident Pointers to Incident Reporting Process Report a Privacy or Security Violation Preliminary Information Security Incident Reporting Form Incident Response Procedure Incident Response Policy Incident Response Checklist Handling Incidents Procedure for Handling Incidents
o Preparation o Identificationo Containmento Eradication o Recoveryo Follow-up
Post-Incident Activity CSIRT
o CSIRT Overviewo Need for CSIRTo How CSIRT Handles Case: Stepso Best Practices for Creating a CSIRT
CERT World CERTs GFIRST FIRST IRTs Around the World
Page 31
http://www.eccouncil.org EC-Council
Module 26: Digital Evidence
Digital Evidence Challenging Aspects of Digital Evidence The Role of Digital Evidence Characteristics of Digital Evidence Fragility of Digital Evidence Types of Digital Data Rules of Evidence Best Evidence Rule Evidence Life Cycle Digital Evidence Investigative Process Where to Find Digital Evidence Securing Digital Evidence Documenting Evidence Evidence Examiner Report Handling Digital Evidence in a Forensics Lab Obtaining a Digital Signature and Analyzing it Processing Digital Evidence Storing Digital Evidence Evidence Retention and Media Storage Requirements Forensics Tool: Dcode Forensics Tool: WinHex Forensics Tool: PDA Secure Forensics Tool: Device Seizure
Module 27: Understanding Windows, DOS, Linux, and Macintosh
File Systems Types of File Systems
Page
32
http://www.eccouncil.org EC-Council
Understanding System Boot Sequence Exploring Microsoft File Structures Exploring Microsoft File Structures: FAT vs. NTFS FAT
o FAT Structure NTFS
o NTFS Architectureo NTFS System Files
Encrypted File Systems (EFS)o EFS File Structure
CDFS Comparison of File Systems Exploring Microsoft File Structures: Cluster Gathering Evidence on Windows Systems Gathering Volatile Evidence on Windows Example: Checking Current Processes With Forensic Tool pslist Example: Checking Open Ports With Forensic Tool fport Checking Registry Entries Features of Forensic Tool: Resplendent Registrar How to Create a System State Backup Windows Forensics Tool: Helix Tools Present in Helix CD for Windows Forensics Integrated Windows Forensics Software: X-Ways Forensics Windows Forensics Tool: Traces Viewer UNIX Overview Linux Overview Exploring Unix/Linux Disk Data Structures Understanding Unix/Linux Boot Process
Page 33
http://www.eccouncil.org EC-Council
Understanding Linux Loader Popular Linux File Systems Use of Linux as a Forensics Tool Advantages of Linux in Forensics Popular Linux Forensics Tools Mac OS X Mac Security Architecture Overview Exploring Macintosh Boot Tasks Mac OS X File System Mac Forensic Tool: MacLockPick Mac Forensic Tool: MacAnalysis
Module 28: Steganography
Introduction Definition of Steganography Model of Stegosystem Application of Steganography Steganography Vs. Cryptography Classification of Steganography Technical Steganography Linguistic Steganography Digital Steganography Strides in Steganography Different Forms of Steganography
o Text File Steganography Hiding Information In Text Files
o Image File Steganographyo Steganography - Steps for Hiding Information
Page
34
http://www.eccouncil.org EC-Council
o Audio File Steganography Low-bit Encoding in Audio Files
o Video File Steganography Hiding Information in DNA Steganographic File System Real World Applications of Steganography Practical Applications of Steganography Unethical Use of Steganography Introduction to Stego-Forensics Detecting Steganography Detecting Text, Image, Audio and Video Steganography Steganography Tools
o Stegdetect o Stego Watcho Snow o Fort Knox o S- Tools o Steghide o Mp3Stego o Invisible Secrets
Module 29: Analyzing Logs
Computer Security Logso Operating System Logso Application Logso Security Software Logs
Importance of Logs in Forensics Security Logging
Page 35
http://www.eccouncil.org EC-Council
Examining Intrusion and Security Events Logon Event in Window Windows Log File Logging in Windows Remote Logging in Windows Ntsyslog Logs and Legal Issues
o Legality of Using Logso Laws and Regulations
Log Managemento Functions of Log Managemento Challenges in Log Management
Centralized Logging and Syslogs o Central Logging Designo Centralized Logging Setupo Logging in Unix / Linux -Syslogo Remote Logging with Syslogo Significance of Synchronized Timeo Event Gatheringo EventCombMT o Writing Scriptso Event Gathering Toolso Dumpel o LogDog o Forensic Tool: fwanalog
Log Capturing and Analysis Tools o Syslog-ng Logging System o WinSyslog Syslog Server
Page
36
http://www.eccouncil.org EC-Council
o Kiwi Syslog Server
Module 30: E-mail Crime and Computer Forensics
Email System Internet Protocols Email Client Email Server Exploring the Roles of the Client and Server in E-mail Phishing Attack Reasons for Successful Phishing Identifying E-mail Crimes and Violations Investigating Email Crime and Violation Obtain a Search Warrant and Seize the Computer and Email Account Obtain a Bit-by-Bit Image of Email Information Sending E-mail Using Telnet Viewing E-mail Headers Viewing Headers in Microsoft Outlook Viewing Headers in AOL Viewing Headers in Hotmail Viewing Headers in Gmail Gmail Header Examining an E-mail Header Tracing an E-mail Message Using Network Logs Related to E-mail Tracing Back Tracing Back Web Based E-mail Searching E-mail Addresses E-mail Search Site
Page 37
http://www.eccouncil.org EC-Council
Using Specialized E-mail Forensic Toolso EnCase Forensic o FTK Imager o FINALeMAIL o Netcraft o eMailTrackerPro o E-mail Examiner o LoPe
U.S. Laws Against Email Crime: CAN-SPAM Act Email Crime Law in Washington: RCW 19.190.020
Module 31: Introduction to Writing Investigative Report
Computer Forensic Report Significance of Investigative Reports Computer Forensics Report Template Report Specifications Report Classification What to Include in an Investigative Report Layout of an Investigative Report Writing a Report Guidelines for Writing a Report Salient Features of a Good Report Important Aspects of a Good Report Investigative Report Format Attachments and Appendices Report and Expert Opinion Use of Supporting Material Sample Forensic Report
Page
38
http://www.eccouncil.org EC-Council
Sample Report Writing Report Using FTK
Module 32: Computer Forensics as a Profession
Introduction Developing Computer Forensics Resources Computer Forensics Experts Preparing for Computing Investigations Enforcement Agency Investigations Corporate Investigations Maintaining Professional Conduct Legal Issues Approach to Forensic Investigation: A Case Study Email Infidelity in a Computer Forensics Investigation Case Study
Page 39
http://www.eccouncil.org EC-Council
For Training Requirements, PleaseContact EC-Council ATC.
EC-Councilhttp://www.eccouncil.org
2010 EC-Council. All rights reserved.
This document is for informational purposes only. EC-Council MAKES NO WARRANTIES,
EXPRESS OR IMPLIED, IN THIS SUMMARY. EC-Council and ECSS logos are registered
trademarks or trademarks of EC-Council in the United States and/or other countries.