CH – CHFI Computer Hacking Forensic Investigator v8.0 ... - Torque IT

1. Duplicate the Data (Imaging)
2. Verify Image Integrity
1. MD5 Hash Calculators: HashCalc, MD5
Calculator and HashMyFiles
3. Recover Lost or Deleted Data
1. Data Recovery Software
6. Analyse the Data
1. Data Analysis
2. Data Analysis Tools
7. Assess Evidence and Case
1. Evidence Assessment
2. Case Assessment
3. Processing Location Assessment
4. Best Practices to Assess the Evidence
8. Prepare the Final Report
1. Documentation in Each Phase
2. Gather and Organize Information
3. Writing the Investigation Report
4. Sample Report
9. Testifying as an Expert Witness
1. Expert Witness
2. Testifying in the Court Room
3. Closing the Case
4. Maintaining Professional Conduct
5. Investigating a Company Policy Violation
6. Computer Forensics Service Providers
Module 03: Searching and Seizing Computers
1. Searching and Seizing Computers without a Warrant
1. Searching and Seizing Computers without a
Warrant
2. A: Fourth Amendment’s “Reasonable Expectation of
Privacy” in Cases Involving Computers: General
Principles
3. A.1: Reasonable Expectation of Privacy in
Computers as Storage Devices
4. A.3: Reasonable Expectation of Privacy and Third-
Party Possession
5. A.4: Private Searches
6. A.5 Use of Technology to Obtain Information
7. B: Exceptions to the Warrant Requirement in Cases
Involving Computers
8. B.1: Consent
9. B.1.a: Scope of Consent
10. B.1.b: Third-Party Consent
11. B.1.c: Implied Consent
12. B.2: Exigent Circumstances
13. B.3: Plain View
14. B.4: Search Incident to a Lawful Arrest
15. B.5: Inventory Searches
16. B.6: Border Searches
17. B.7: International Issues
18. C: Special Case: Workplace Searches
19. C.1: Private Sector Workplace Searches
20. C.2: Public-Sector Workplace Searches
2. A: Successful Search with a Warrant
3. A.1: Basic Strategies for Executing Computer
Searches
4. A.1.a: When Hardware is itself Contraband,
Evidence, or an Instrumentality or Fruit of Crime
5. A.1.b: When Hardware is Merely a Storage Device
for Evidence of Crime
6. A.2: The Privacy Protection Act
7. A.2.a: The Terms of the Privacy Protection Act
8. A.2.b: Application of the PPA to Computer Searches
and Seizures
9. A.3: Civil Liability Under the Electronic
Communications Privacy Act (ECPA)
10. A.4: Considering the Need for Multiple Warrants in
Network Searches
11. A.5: No-Knock Warrants
12. A.6: Sneak-and-Peek Warrants
13. A.7: Privileged Documents
14. B: Drafting the Warrant and Affidavit
15. B.1: Accurately and Particularly Describe the
Property to be Seized in the Warrant and/or
Attachments to the Warrant
16. B.1.a: Defending Computer Search Warrants
Against Challenges Based on the Description of the
“Things to Be Seized”
17. B.2: Establish Probable Cause in the Affidavit
18. B.3: In the Affidavit Supporting the Warrant,
include an Explanation of the Search Strategy as
Well as the Practical & Legal Considerations that
Will Govern the Execution of the Search
19. C: Post-Seizure Issues
20. C.1: Searching Computers Already in Law
Enforcement Custody
21. C.2: The Permissible Time Period for Examining
Seized Computers
22. C.3: Rule 41(e) Motions for Return of Property
3. The Electronic Communications Privacy Act
1. The Electronic Communications Privacy Act
2. A. Providers of Electronic Communication Service
vs. Remote Computing Service
3. B. Classifying Types of Information Held by Service
Providers
4. C. Compelled Disclosure Under ECPA
5. D. Voluntary Disclosure
6. E. Working with Network Providers
4. Electronic Surveillance in Communications Networks
1. Electronic Surveillance in Communications
Networks
2. A. Content vs. Addressing Information
3. B. The Pen/Trap Statute, 18 U.S.C. §§ 3121-3127
4. C. The Wiretap Statute (“Title III”), 18 U.S.C. §§
2510-2522
5. C.1: Exceptions to Title III
6. D. Remedies For Violations of Title III and the
Pen/Trap Statute
2. Searching and Seizing Computers with a Warrant
1. Searching and Seizing Computers with a Warrant
5. Evidence
1. Evidence
2. A. Authentication