ABOUT US |
|
Search and
Retrieve "HANDS ON" |
COURSE
OVERVIEW
We are becoming more and more
detached from the data that lies in our systems. For the most part this is a
good thing, allowing us to concentrate on organisation and process. However,
when we need to probe more deeply because we suspect abuse, error or fraud,
we instantly see the inadequacy of simple search commands and application
packaged report generators for digging out evidence. This course provides a
stimulating hands-on introduction to the search and retrieval of data from
systems using low or zero cost software tools.
COURSE
BENEFITS
Skills:
After completion of this
course, you will be able to:
-
Assemble a toolkit of
valuable search and retrieve utilities at low or zero cost
-
Fingerprint and perform a
high level review of hosts under review
-
Deploy effective strategies
for cataloguing structures and finding data at directory, file and sector
levels whether in numeric, text or hex form
-
Explore the possibilities of
recovering lost damaged or corrupted files, passwords and other important
data
-
Use tools for: locating
images within systems; tracking down numerical inconsistencies within data
and spreadsheets; extracting data from databases; and resolving IP
addresses and exploring email headers
-
Discriminate between
reliable and unreliable information, consolidate findings and report on
observations
Support Materials:
This course will be
accompanied by a training manual containing briefing materials, examples and
practical advice. A CD ROM of software for personal use will also be
provided.
WHO SHOULD
ATTEND
Those from the domains of IT
Audit and IT Security will find this course of greatest practical benefit.
The course uses a combination of briefings and interactive case study work
to maximise knowledge transfer. Class size is limited.
COURSE Programme
The fundamental processes
Assembling a toolkit
-
Low or zero cost tools the
incentive
-
Example tools: data and file
searching; host fingerprinting; image searching, high and low level
scanning; password, crypto tools and more
Practical 1: a high level pass
-
Reviewing systems and media
and assessing their attributes
-
Cataloguing the system
eliminating possibilities
-
Examination of cache files
and system information: browser histories, cookie libraries, licences,
auto-start programs, installed programs, services
Practical 2: search and
retrieve simple
-
Basic searching by types
and categories of data
-
Data attributes non
invasive viewing, what they reveal
-
Sectors, filing systems and
how files are stored
-
File attributes low level
viewing of files as hex and as text; why look at hex?
-
Search hex search text
-
Occurrence and frequency
analysis
-
Keeping results
documenting as you go
Practical 3: search and
retrieve complex
-
Locating text hidden in
files complex searches
-
Locating text using fast
sector scanning
-
Different numbering systems
integer, floating point, ASCII, EBCDIC
-
Boot sectors and indexing
tables
-
Closing in on the subject of
searching
-
Comparing files and text
-
Hashes and calculating
hashes
-
Elimination and
identification of files using hashing
-
Disk and file cloning
exact copies
Practical 4: recovery of
deleted files
Practical 5: image processing
-
Simple and multi-format
image viewers
-
Searching for images
-
Hidden images email
inclusions
-
Hidden images file
inclusions
-
Steganography and data
recovery
Practical 6: network and email
Practical 7: numerical tools
and other techniques
-
Style analysis concordance
and correlation
-
Benfords Law and dodgy
digit handling
-
Digging about in
spreadsheets
-
Panning for gold in
databases
Presenting data
Bringing it all together
PRESENTED BY:
This course is designed, developed and presented by MindGrove Ltd. |
