Skip to Content Innovating@Sun Community Voices How to Buy Log In New Zealand [Change] English

Computer Security Forensics and System Recovery (SC-410)

The Computer Security Forensics & System Recovery course provides industry professionals with the knowledge and advanced technical skills necessary to perform a forensic investigation on Solaris 9 Operating Systems (Solaris 9 OS). This course equips students with the data collection, data preservation, and analytical skills necessary to investigate potentially compromised systems, knowledge of common attacks, and preparation for working with a legal investigation.

System recovery and hardening is covered from the perspective of the role of the systems administrator in enabling the site to resume operations in a potentially hostile environment.

The primary focus of this course is technical analysis, but it peripherally includes general aspects of legal procedure not specific to any particular jurisdiction, but following industry best-practices. This includes appropriate evidence-gathering techniques, securing an incident scene, maintaining chain of custody, documentation of forensic analysis, and preparation to respond to security intrusions in adherence to local incident response policies and procedures. Recent legislation in the United States, such as the Sarbanes-Oxley Act, Health Insurance Portability and Accounting Act (HIPAA), and Gramm-Leach Bliley Act, mandates internet technology (IT) security control policies and procedures take legal issues into account for certain industries. This can affect how a forensic investigation proceeds by requiring that law enforcement be informed of certain security breaches.

This course includes real-world exercises that provide hands-on experience in computer forensic analysis.

»	Details below

Select a course

Product ID	Duration	Price
NZ-SC-410	4 days	NZ$5,225.00 (ex. GST)
Please contact a Sun Training Representative to order this product.

Who Can Benefit

Students who can benefit from this course include IT professionals who are required to perform technical analysis of Solaris OS Systems for potential legal proceedings. This includes systems administrators, law enforcement investigators, and technical support engineers. The techniques are also beneficial to those who might not be seeking legal action, but want greater understanding of tools and techniques for analyzing Solaris OS systems. This includes system administrators and systems programmers who might utilize these techniques for system and software debugging.

Prerequisites

To succeed in this course, students should be able to:

Install and configure a Solaris OS system
Perform system administration functions, such as backups, restores, user account management, and file system management.
Perform network administration functions, such as tracing networking connections, network routes, and configuring network services.

Skills Gained

Upon completion of this course, students should be able to:

Describe the roles of forensic investigators and outline the computer forensic process
Identify elements of Incident Response policies and procedures that effect the computer forensic process
Describe indicators of a system compromise and intrusion response tasks
Use forensic tools and commands to gather evidence without damaging it
Describe how evidence is collected and secured with integrity certified
Restore a compromised system to operation and identify additional security measures to protect against repeat attacks
Understand methods and motivations of attackers
Describe the features of a forensic system
Use file timestamps to assist in computer forensic analysis
Use native Solaris OS tools and third-party tools, such as The Coroner's Toolkit, for forensic analysis

Related Courses

Before:

Course Content

Module 1 - Computer Forensics Overview

Define the computer forensics process
Describe the elements of the computer forensics process

Module 2 - Security Policies and Procedures

Describe why security policies and procedures need to be developed
Define the characteristics of an incident response policy and how it relates to forensic examination
Define the characteristics of an incident response procedure and how it relates to forensic examination

Module 3 - Security Compromise Detection and Identification

Identify indicators of a possible system compromise
Describe intrusion response tasks and roles

Module 4 - Computer Crime Scene Investigation

Describe fundamental crime scene investigation procedures
List the forensic tools and commands used at a crime scene
Describe how evidence is collected and secured

Module 5 - System Recovery

Describe the steps for platform reinstallation
Describe authentication mechanisms that must be changed after an attack

Module 6 - Mitigating Risk While Resuming Operations

Describe issues involved with system and network monitoring
Describe some additional security measures to protect against repeat attacks

Module 7 - Analyzing Typical Attack Patterns

Describe the methods used in remote attacks
Describe the methods used for obscuring remote attacks

Module 8 - Building the Forensic System

Explain why a forensic system is used
Describe the features of a forensic system

Module 9 - Filesystem Forensics

Use file timestamps in computer forensics
Describe obscure filesystem tools

Module 10 - Forensic Commands and Tools

Describe native commands and tools that are used in forensic examination
Describe third-party tools that might be used in forensic examination

Browse Other Course Topic Areas

Sun Training New Zealand
» Training outside New Zealand

» Contact Sun Training

Print-friendly Page

User Name Password Registering Others?

»	Forgot Password?
»	New Student?
»	How to Order Online

Course Catalog Links
»	About Our Instructors
»	What's New
»	Legal Terms

Training Resources
»	Savings and Promotions
»	Training Calendar
»	Learning Paths
»	Free Proficiency Assessments
»	Reference Materials
»	Training Product Search
»	Training Locations
»	Become a Sun Education Partner
»	Subscribe
»	Training Products A-Z
»	Download Sun Training Guide