Course Overview:

The Computer Hacking Forensic Investigator (CHFI) course delivers the security discipline of digital forensics from a vendor-neutral perspective. CHFI is a comprehensive course covering major forensic investigation scenarios and enabling students to acquire necessary hands-on experience with various forensic investigation techniques and standard forensic tools necessary to successfully carry out a computer forensic investigation leading to the prosecution of perpetrators.

The CHFI certification gives participants the necessary skills to perform an effective digital forensics investigation. CHRI presents a methodological approach to computer forensics including searching and seizing, chain-of-custody, acquisition, preservation, analysis and reporting of digital evidence

What’s Included:

  • 5 days of instructor-led in classroom training
  • Detailed Labs for hands-on learning experience; approximately 50% of training is dedicated to labs
  • Hundreds of investigation tools including EnCase, Access Data FTL, & ProDiscover
  • Huge cache of evidence files for analysis including RAW, .dd images, video & audio files, MS Office files, systems files, etc.
  • CHFI Courseware
  • Exam Voucher
  • CHFI onsite exam scheduling

Course Objectives:

  • Establish threat intelligence and key learning points to support pro-active profiling and scenario modeling
  • Perform anti-forensic methods detection
  • Perform post-intrusion analysis of electronic and digital media to determine the who, where, what, when, and how the intrusion occurred
  • Extract and analyze of logs from various devices like proxy, firewall, IPS, IDS, Desktop, laptop, servers, SIM tool, router firewall, switches AD server, DHCP logs, Access Control Logs & conclude as part of investigation process
  • Identify & check the possible source/ incident origin
  • Recover deleted files and partitions in Windows, MAC OS X, and Linux
  • Conduct reverse engineering for known and suspected malware files
  • Collect data using forensic technology methods in accordance with evidence handling procedures, including collection of hard copy and electronic documents

Dates/Locations:

No Events

Duration: 5 Days

Course Content:

    • Module 01. Computer Forensics in Today’s World
    • Module 02. Computer Forensics Investigation Process
    • Module 03. Understanding Hard Disks and File Systems
    • Module 04. Data Acquisition and Duplication
    • Module 05. Defeating Anti-forensics Techniques
    • Module 06. Operating System Forensics (Windows, Mac, Linux)
    • Module 07. Network Forensics
    • Module 08. Investigating Web Attacks
    • Module 09. Database Forensics
    • Module 10. Cloud Forensics
    • Module 10. Malware Forensics
    • Module 11. Investigating Email Crimes
    • Module 12. Investigating Email Crimes
    • Module 13. Mobile Forensics
    • Module 14. Forensics Report Writing and Presentation

 

Prerequisites:

      • 2+ years of proven information security work experience
      • Educational background with digital security specialization

    Target Audience:

      • Law Enforcement
      • Defense & Military
      • E-Business Security
      • Systems Administrators
      • Legal Professionals
      • Banking & Insurance professionals
      • Government Agencies
      • IT Managers

  • Comments

    Latest comments from students


    Liked the class?  Then let everyone know!

DoD 8570 Training in San Antonio, TX.

TechNow has developed a proven training program that brings the skillset to the certification process.  TechNow is a mobile testing center that can deliver D0D 8570 training and the certification in one week. Our intergrated DoD 8570 training in San Antonio, TX  incorporates hands on skills with testing objectives that produces an incredibly high pass rate.  To learn more about our DoD 8570 training program click here

DoD-8570 in San Antonio, TX

TechNow’s GSA Contract

Learn how TechNow can help you achieve your career and education goals with the information below or contact a Training Advisor today at 1-800-324-2294.  To request more information via the web click here.

Information

SPECIAL NOTICE TO AGENCIES: Small Business Participation – SBA strongly supports the participation of small business concerns in the Federal Supply Schedules Program. To enhance Small Business Participation SBA policy allows agencies to include in their procurement base and goals, the dollar value of orders expected to be placed against the Federal Supply Schedules, and to report accomplishments against these goals.

For orders exceeding the micro-purchase threshold, FAR 8.404 requires agencies to consider the catalogs/price lists of at least three schedule contractors or consider reasonably available information by using the GSA Advantage!( on-line shopping service www.fss.gsa.gov. The catalog/price lists, GSA Advantage!( and the Federal Supply Service Home Page www.fss.gsa.gov contain information on a broad array of products and services offered by small business concerns.   This information should be used as a tool to assist ordering activities in meeting or exceeding established small business goals. It should also be used as a tool to assist in including small, small disadvantaged, and women-owned small businesses among those considered when selecting price lists for a best value determination. For orders exceeding the micro-purchase threshold, customers are to give preference to small business concerns when two or more items at the same delivered price will satisfy their requirement.

1. Geographic Scope of Contract:?The 48 contiguous states of the United States of America, the District of Columbia, Puerto Rico, Alaska, and Hawaii, the United Kingdom and Europe.

2. Contractor’s Ordering Address and Payment Information:

Ordering and Payment Assistance
Maria Askey,
Sales Development
14117 Jones Maltsberger Rd.
San Antonio, TX  78247
800-324-2294  Toll Free
210-733-1093  ext. 224
210-733-6032  Fax
askey.maria@technow.com

Contractors are required to accept the Government purchase card for payments equal to or less than the micro-purchase threshold for oral or written delivery orders. Government purchase cards will be acceptable for payment above the micro-purchase threshold. In addition, bank account information for wire transfer payments will be shown on the invoice.

The following telephone numbers can be used by ordering agencies to obtain technical and/or ordering assistance:

a. Ordering Assistance
Maria Askey, Sales Development
14117 Jones Maltsberger Rd.
San Antonio, TX  78247
800-324-2294 Toll Free
210-733-1093 ext. 224
210-733-6032  Fax
askey.maria@technow.com  

b. Technical Assistance
David Askey
14117 Jones Maltsberger
San Antonio, TX  78247
800-324-2294 Toll Free
210-733-1093 Local
210-733-6032  Fax
askey.davidr@technow.com

3. LIABILITY FOR INJURY OR DAMAGE: The Contractor shall not be liable for any injury to Government personnel or damage to Government property arising from the use of equipment maintained by the Contractor, unless such injury or damage is due to the fault or negligence of the Contractor.

4. Statistical Data for Government Ordering Office Completion of Standard   Form 279:

Block 9:G.Order/Modification
Under Federal Schedule
Block 16: Data Universal Numbering System
(DUNS) Number:   624661591
Block 30: Type of Contractor –  A. Small Disadvantaged Business
Block 31: Woman-Owned Small Business – Yes
Block 36: Contractor’s Taxpayer ID -(TIN):  74-2573500
a. CAGE Code: 0R9N0
b. Contractor has registered with the Central
Contractor Registration  Database.

5. FOB Destination

6. DELIVERY SCHEDULE

a. TIME OF DELIVERY: The Contractor shall deliver   to destination within the number of calendar days after receipt of order (ARO), as set forth below:
SPECIAL ITEM NUMBER  – 132-50

DELIVERY TIME (Days ARO)

For courses at client site, as mutually agreed, for courses at contractor site, per training schedule.

b. URGENT REQUIREMENTS: When the Federal Supply Schedule contract delivery period does not meet the bona fide urgent delivery requirements of an ordering agency, agencies are encouraged, if time permits, to contact the Contractor for the purpose of obtaining accelerated delivery. The Contractor shall reply to the inquiry within 3 workdays after receipt. (Telephonic replies shall be confirmed by the Contractor in writing.) If the Contractor offers an accelerated delivery time acceptable to the ordering agency, any order(s) placed pursuant to the agreed upon accelerated delivery time frame shall be delivered within this shorter delivery time and in accordance with all other terms and conditions of the contract.

7. Discounts: Prices shown are NET Prices; Basic Discounts have been deducted.

a. Prompt Payment: _1_% – _29_ days from receipt of invoice or   date of acceptance, whichever is later.
b. Quantity-None.
c. Dollar Volume-None.
d. Government Educational Institutions- Government – Educational Institutions are offered the same discounts as all other Government customers.
e. Other-20% discount from commercial prices.

8. Trade Agreements Act of 1979, as amended:?All items are U.S. made end products, designated country end products, Caribbean Basin country end products, Canadian end products, or Mexican end products as defined in the Trade Agreements Act of 1979, as amended.

9. Statement Concerning Availability of Export Packing: Export packing will be provided when required.

10. Small Requirements: The minimum dollar value of orders to be issued is  $no limit.

11. Maximum Order (All dollar amounts are exclusive of any discount for prompt payment.)

a. The Maximum Order value for the following Special Item Numbers (SINs) is $25,000:?Special Item Number 132-50 – Training Courses

12. USE OF FEDERAL SUPPLY SERVICE INFORMATION TECHNOLOGY SCHEDULE CONTRACTS. In accordance with FAR 8.404:[NOTE: Special ordering procedures have been established for Special Item Numbers (SINs) 132-51 IT Professional Services and 132-52 EC Services; refer to the terms and conditions for those SINs.]

Orders placed pursuant to a Multiple Award Schedule (MAS), using the procedures in FAR 8.404, are considered to be issued pursuant to full and open competition. Therefore, when placing orders under Federal Supply Schedules, ordering offices need not seek further competition, synopsize the requirement, make a separate determination of fair and reasonable pricing, or consider small business set-asides in accordance with subpart 19.5. GSA has already determined the prices of items under schedule contracts to be fair and reasonable. By placing an order against a schedule using the procedures outlined below, the ordering office has concluded that the order represents the best value and results in the lowest overall cost alternative (considering price, special features, administrative costs, etc.) to meet the Government’s needs.

a. Orders placed at or below the micro-purchase threshold. Ordering offices can place orders at or below the micro-purchase threshold with any Federal Supply Schedule Contractor.

b. Orders exceeding the micro-purchase threshold but not exceeding the maximum order threshold. Orders should be placed with the Schedule Contractor that can provide the supply or service that represents the best value. Before placing an order, ordering offices should consider reasonably available information about the supply or service offered under MAS contracts by using the “GSA Advantage!” on-line shopping service, or by reviewing the catalogs/price lists of at least three Schedule Contractors and selecting the delivery and other options available under the schedule that meets the agency’s needs. In selecting the supply or service representing the best value, the ordering office may consider–

(1) Special features of the supply or service that are required in effective program performance and that are not provided by a comparable supply or service;
(2) Trade-in considerations;
(3) Probable life of the item selected as compared with that of a comparable item;
(4) Warranty considerations;
(5) Maintenance availability;
(6) Past performance; and
(7) Environmental and energy efficiency considerations.

c. Orders exceeding the maximum order threshold. Each schedule contract has an established maximum order threshold. This threshold represents the point where it is advantageous for the ordering office to seek a price reduction. In addition to following the procedures in paragraph b, above, and before placing an order that exceeds the maximum order threshold, ordering offices shall– ?       Review additional Schedule Contractors’

(1) catalogs/price lists or use the “GSA Advantage!” on-line shopping service;
(2) Based upon the initial evaluation, generally seek price reductions from the Schedule Contractor(s) appearing to provide the best value (considering price and other factors); and
(3) After price reductions have been sought, place the order with the Schedule Contractor that provides the best value and results in the lowest overall cost alternative. If further price reductions are not offered, an order may still be placed, if the ordering office determines that it is appropriate.

NOTE: For orders exceeding the maximum order threshold, the Contractor may:

(1) Offer a new lower price for this requirement (the Price Reductions clause is not applicable to orders placed over the maximum order in FAR 52.216-19 Order Limitations);
(2) Offer the lowest price available under the contract; or
(3) Decline the order (orders must be returned in accordance with FAR 52.216-19).

d. Blanket purchase agreements (BPAs). The establishment of Federal Supply Schedule BPAs is permitted when following the ordering procedures in FAR 8.404. All schedule contracts contain BPA provisions. Ordering offices may use BPAs to establish accounts with Contractors to fill recurring requirements. BPAs should address the frequency of ordering and invoicing, discounts, and delivery locations and times.

e. Price reductions. In addition to the circumstances outlined in paragraph c, above, there may be instances when ordering offices will find it advantageous to request a price reduction. For example, when the ordering office finds a schedule supply or service elsewhere at a lower price or when a BPA is being established to fill recurring requirements, requesting a price reduction could be advantageous. The potential volume of orders under these agreements, regardless of the size of the individual order, may offer the ordering office the opportunity to secure greater discounts. Schedule Contractors are not required to pass on to all schedule users a price reduction extended only to an individual agency for a specific order.

f. Small business. For orders exceeding the micro-purchase threshold, ordering offices should give preference to the items of small business concerns when two or more items at the same delivered price will satisfy the requirement.

g. Documentation. Orders should be documented, at a minimum, by identifying the Contractor the item was purchased from, the item purchased, and the amount paid. If an agency requirement in excess of the micro-purchase threshold is defined so as to require a particular brand name, product, or feature of a product peculiar to one manufacturer, thereby precluding consideration of a product manufactured by another company, the ordering office shall include an explanation in the file as to why the particular brand name, product, or feature is essential to satisfy the agency’s needs.

13. FEDERAL INFORMATION TECHNOLOGY/TELECOMMUNICATION STANDARDS REQUIREMENTS: Federal departments and agencies acquiring products from this Schedule must comply with the provisions of the Federal Standards Program, as appropriate (reference: NIST Federal Standards Index). Inquiries to determine whether or not specific products listed herein comply with Federal Information Processing Standards (FIPS) or Federal Telecommunication Standards (FED-STDS), which are cited by ordering offices, shall be responded to promptly by the Contractor.

FEDERAL INFORMATION PROCESSING STANDARDS PUBLICATIONS (FIPS PUBS): Information Technology products under this Schedule that do not conform to Federal Information Processing Standards (FIPS) should not be acquired unless a waiver has been granted in accordance with the applicable “FIPS Publication.” Federal Information Processing Standards Publications (FIPS PUBS) are issued by the U.S. Department of Commerce, National Institute of Standards and Technology (NIST), pursuant to National Security Act. Information concerning their availability and applicability should be obtained from the National Technical Information Service (NTIS), 5285 Port Royal Road, Springfield, Virginia 22161. FIPS PUBS include voluntary standards when these are adopted for Federal use. ??Individual orders for FIPS PUBS should be referred to the NTIS Sales Office, and orders for subscription service should be referred to the NTIS Subscription Officer, both at the above address, or telephone number (703) 487-4650.

13.2 FEDERAL TELECOMMUNICATION STANDARDS (FED-STDS): Telecommunication products under this Schedule that do not conform to Federal Telecommunication Standards (FED-STDS) should not be acquired unless a waiver has been granted in accordance with the applicable “FED-STD.” Federal Telecommunication Standards are issued by the U.S. Department of Commerce, National Institute of Standards and Technology (NIST), pursuant to National Security Act. Ordering information and information concerning the availability of FED-STDS should be obtained from the GSA, Federal Supply Service, Specification Section, 470 East L’Enfant Plaza, Suite 8100, SW, Washington, DC 20407, telephone number (202)619-8925. Please include a self-addressed mailing label when requesting information by mail. Information concerning their applicability can be obtained by writing or calling the U.S. Department of Commerce, National Institute of Standards and Technology, Gaithersburg, MD 20899, telephone number (301) 975-2833.

14. SECURITY REQUIREMENTS. In the event security requirements are necessary, the ordering activities may incorporate, in their delivery orders, a security clause in accordance with current laws, regulations, and individual agency policy; however, the burden of administering the security requirements shall be with the ordering agency. If any costs are incurred as a result of the inclusion of security requirements, such costs will not exceed ten percent (10%) or $100,000, of the total dollar value of the order, whichever is less.

15. CONTRACT ADMINISTRATION FOR ORDERING OFFICES: Any ordering office, with respect to any one or more delivery orders placed by it under this contract, may exercise the same rights of termination as might the GSA Contracting Officer under provisions of FAR 52.212-4, paragraphs (l) Termination for the Government’s convenience, and (m) Termination for Cause (See C.1.)

16. GSA Advantage! GSA Advantage! is an on-line, interactive electronic information and ordering system that provides on-line access to vendors’ schedule prices with ordering information. GSA Advantage! will allow the user to perform various searches across all contracts including, but not limited to:

(1) Manufacturer;
(2) Manufacturer’s Part Number; and
(3) Product categories.

Agencies can browse GSA Advantage! by accessing the Internet World Wide Web utilizing a browser (ex.: NetScape). The Internet address is http://www.fss.gsa.gov/

17. PURCHASE OF INCIDENTAL, NON-SCHEDULE ITEMS:

For administrative convenience, open market (non-contract) items may be added to a Federal Supply Schedule Blanket Purchase Agreement (BPA) or an individual order, provided that the items are clearly labeled as such on the order, all applicable regulations have been followed, and price reasonableness has been determined by the ordering activity for the open market (non-contract) items.

18. CONTRACTOR COMMITMENTS, WARRANTIES AND REPRESENTATIONS

a. For the purpose of this contract, commitments, warranties and representations include, in addition to those agreed to for the entire schedule contract:

(1) Time of delivery/installation quotations for individual orders;
(2) Technical representations and/or warranties of products concerning performance, total system performance and/or configuration, physical, design and/or functional characteristics and capabilities of a product/equipment/ service/software package submitted in response to requirements which result in orders under this schedule contract.
(3) Any representations and/or warranties concerning the products made in any literature, description, drawings and/or specifications furnished by the Contractor.

b. The above is not intended to encompass items not currently covered by the GSA Schedule contract.

19. OVERSEAS ACTIVITIES?The terms and conditions of this contract shall apply to all orders for installation, maintenance and repair of equipment in areas listed in the price list outside the 48 contiguous states and the District of Columbia, except as indicated below: Not applicable-equipment is not offered.???Upon request of the Contractor, the Government may provide the Contractor with logistics support, as available, in accordance with all applicable Government regulations. Such Government support will be provided on a reimbursable basis, and will only be provided to the Contractor’s technical personnel whose services are exclusively required for the fulfillment of the terms and conditions of this contract.

20. YEAR 2000 WARRANTY-COMMERCIAL SUPPLY ITEMS

a. As used in this clause, “Year 2000 compliant” means, with respect to information technology, that the information technology accurately processes date/time data (including, but not limited to, calculating, comparing and sequencing) from, into, and between the twentieth and twenty-first centuries, and the years 1999 and 2000, and leap year calculations, to the extent that other information technology used in combination with the information technology being acquired, properly exchanges date/time data with it.

b. The Contractor shall warrant that each hardware, software, and firmware product delivered under this contract shall be able to accurately process date time data (including, but not limited to, calculating, comparing, and sequencing) from, into, and between the twentieth and twenty-first centuries, including leap year calculations, when used in accordance with the product documentation provided by the Contractor, provided that all products (e.g. hardware, software, firmware) used in combination with products properly exchange date time data with it. If the contract requires that specific listed products must perform as a system in accordance with the foregoing warranty, then that warranty shall apply to those products as a system. The duration of this warranty and the remedies available under this warranty shall include repair or replacement of any product whose non-compliance is discovered and made known to the Contractor in writing within ninety (90) days after acceptance (installation is considered acceptance). The Contractor may offer an extended warranty to the Government to include repair or replacement of any product whose non-compliance is discovered and made known to the Contractor in writing at any time prior to June 1, 2000, or for a period of 6 months following acceptance (installation is considered acceptance) whichever is later. Nothing in this warranty shall be construed to limit any rights or remedies the Government may otherwise have under this contract with respect to defects other than Year 2000 performance.

21. BLANKET PURCHASE AGREEMENTS (BPAs)?Federal Acquisition Regulation (FAR) 13.303-1(a) defines Blanket Purchase Agreements (BPAs) as “…a simplified method of filling anticipated repetitive needs for supplies or services by establishing ‘charge accounts’ with qualified sources of supply.” The use of Blanket Purchase Agreements under the Federal Supply Schedule Program is authorized in accordance with FAR 13.303-2(c)(3), which reads, in part, as follows:

“BPAs may be established with Federal Supply Schedule Contractors, if not inconsistent with the terms of the applicable schedule contract.”

Federal Supply Schedule contracts contain BPA provisions to enable schedule users to maximize their administrative and purchasing savings. This feature permits schedule users to set up “accounts” with Schedule Contractors to fill recurring requirements. These accounts establish a period for the BPA and generally address issues such as the frequency of ordering and invoicing, authorized callers, discounts, delivery locations and times. Agencies may qualify for the best quantity/volume discounts available under the contract, based on the potential volume of business that may be generated through such an agreement, regardless of the size of the individual orders. In addition, agencies may be able to secure a discount higher ?than that available in the contract based on the aggregate volume of business possible under a BPA. Finally, Contractors may be open to a progressive type of discounting where the discount would increase once the sales accumulated under the BPA reach certain prescribed levels. Use of a BPA may be particularly useful with the new Maximum Order feature. See the Suggested Format, contained in this Schedule Price List, for customers to consider when using this purchasing tool.

22. CONTRACTOR TEAM ARRANGEMENTS?Contractors participating in contractor team arrangements must abide by all terms and conditions of their respective contracts. This includes compliance with Clauses 552.238-74, Contractor’s Reports of Sales and 552.238-76, Industrial Funding Fee, i.e., each contractor (team member) must report sales and remit the IFF for all products and services provided under its individual contract.

in   
 

Course Overview:

TechNow has worked worldwide enterprise infrastructures for over 30 years and has developed demos and labs to exemplify the techniques required to demonstrate technologies that effectively support CTI.  This course integrates well with our courses TN-575: Open Source Network Security Monitoring and TN-865: Wireshark Network Traffic and Security Analysis .

TechNow develops Cyber Ranges and makes them available for conferences in support of annual meetings for Cyber Threat Response Teams.  Developing scenarios and reacting to them appropriately is a big part of the value in understanding the contexts required to comprehend valuable CTI.   As with many advanced TechNow security courses, there is a large hands-on ratio.  This course helps Cyber Protection Teams (CPT), Defensive Cyber Operations (DCO), and Mission Defense Teams (MDT) to collect, analyze and apply targeted cyber intelligence to defensive operations in order to proactively act on and tune response to attacks by cyber adversaries.  CPT, DCO, and MDT can take preemptive action by utilizing CTI, understanding CTI tools, techniques and procedures (TTPs) needed to generate and consume timely and relevant intelligence to improve resilience and prevention.

This course focuses on the collection, classification, and exploitation of knowledge about adversaries and their TTPs. .  MDT puts us close the mission and helps define the internal context to be analyzed against the CTI.  TechNow pushes the student to truly understand how to think about and use CTI to make a difference.

Attendees to TN-905: Cyber Threat Intelligence Analysis will receive TechNow approved course materials and expert instruction.

Date/Locations:

No Events

Course Duration: 5 days

Course Objectives:

  • Learn to comprehend and develop complex scenarios
  • Identify and create intelligence requirements through practices such as threat modeling
  • Utilize threat modeling to drive intelligence handling and practices 
  • Breakdown tactical, operational, and strategic-level threat intelligence
  • Generate threat intelligence to detect, respond to, and defeat focused and targeted threats
  • How to collect adversary information creating better value CTI
  • How to filter and qualify external sources, mitigating low integrity intelligence
  • Create Indicators of Compromise (IOCs) in formats such as YARA, OpenIOC, and STIX
  • Move security maturity past IOCs into understanding and countering the behavioral tradecraft of threats
  • Breaking down threats mapped against their tradecraft to tweak IOCs
  • Establish structured analytical techniques to be successful in any security role
  • Learn and apply structured principles in support of CTI and how to communicate that to any security role.

Course Prerequisites:

Comments

Latest comments from students


 

Liked the class?  Then let everyone know!