(ECSS) brochure - EC-Council

Page 1EC-Council CertifiedSecurity Specialisthttp://www.eccouncil.orghttp://www.eccouncil.orgEC-CouncilEC-Council

Page 2http://www.eccouncil.orgEC-Council

Course DescriptionEC-Council Certified Security Specialist (ECSS) allows students to enhance their skills in three differentareas namely information security, network security, and computer forensics.Information security plays a vital role in most of the organizations. Information security is a state ofaffairs where information, information processing, and communication are protected against the confidentiality,integrity, and availability of information and information processing. In communications,information security also covers trustworthy authentication of messages that cover identification of theparties, verifying, and recording the approval and authorization of the information, non-alteration ofthe data, and the non-repudiation of the communication or stored data.Page 3Network security plays a vital role in most of the organizations. It is the process of preventing anddetecting the unauthorized use of your computer. It protects the networks and their services from theunauthorized modification, destruction, or disclosure. Network security provides assurance that a networkperforms its critical functions correctly and there are no harmful side effects.Computer forensics is the process of detecting hacking attacks and properly extracting evidence toreport the crime and conduct audits to prevent future attacks. Computer forensics is the application ofcomputer investigation and analysis techniques in the interests of determining potential legal evidence.Evidence might be sought in a wide range of computer crime or misuse, including but not limited totheft of trade secrets, theft of or destruction of intellectual property, and fraud. Computer forensicsenables the systematic and careful identification of evidence in computer related crime and abuse cases.This course will benefit the students who are interested in learning fundamentals of information security,network security, and computer forensics.The EC-Council Certified Security Specialist (ECSS) program is designed primarily for students ofacademic institutions. It covers the fundamental basics of information security, computer forensics, andnetwork security.The program will give a holistic overview of the key components of information security. Students,who complete the ECSS program, will be equipped with the adequate foundation knowledge andshould be able to progress onto the next level.http://www.eccouncil.orgEC-Council

Who Should AttendThis course will significantly benefit individuals who are entering into the world of computer security.ECSS is an entry level security program.Duration2 days (9:00 – 5:00)Page 4CertificationThe ECSS exam will be conducted on the last day of training. Students need to pass the online Prometricexam to receive the ECSS certification.http://www.eccouncil.orgEC-Council

Page 5TME C S SEC-Council Certified Security SpecialistMaster the Security Technologies.http://www.eccouncil.orgEC-Council

Course Outline v3Page 6Module 01: Information Security Fundamentals• 2009 Data Breach Investigations Report• Security Threat Report 2009: SOPHOS• Data Breach Investigations Report• Internet Crime Report: IC3• Top Internet Security Threats of 2008• Emerging Cyber Threats Report for 2009• The Most Prevalent Web Vulnerabilities• Information Security• Need for Security• Cost of Computer Crime• The Security, Functionality, and Ease of Use Triangle• Common Terminologies• Elements of Information Security: CIA• Trends in Security• 20-Year Trend: Stronger Attack Tools• Information Security – More Than An IT Challenge For SME• Statistics Related to Security• Attack on Social Network Sites for Identity Theft• The Top Ten List Of Malware-hosting Countries in 2009• 2010 Threat Predictions• Information Security Laws and Regulations• Computer Misuse Act• Data Protection Act 1998• Gramm-Leach Bliley Acthttp://www.eccouncil.orgEC-Council

Module 02: Addressing Threats• What is a Threat• Current Scenario• Knowing Terms: Vulnerability, Exploit• Internal Threat• Sniffing• External Threat• Types of External Threats• External Threatso Social Engineering• Social Engineering Example 1• Social Engineering Example 2o Denial of Service Attacks• What are Denial of Service Attacks• Impact and the Modes of Attacko DoS Attack Tools• Jolt2• Bubonic.c• Land and LaTierra• Targao Distributed Denial of Service Attack (DDoS)• Characteristics of DDoS Attackso DDoS Attack Tool• DDoS Tool: Tribal Flood Network• DDoS Tool: Shaft• DDoS Tool: Trinity• stacheldrahto Virus and Wormo Trojan and RootkitPage 7http://www.eccouncil.orgEC-Council

Page 8• Worms and their Role in DoS Attack• Worms and their Role in DoS Attack: Troj/Pointu-Ao Corporate Espionage• Introduction To Corporate Espionage• Information that the Corporate Spies Seek• How the Information is Attacked• Insider Threat• Different Categories of Insider Threat• Process of Hacking• Corporate Espionage: Case Studyo Employee Monitoring Tools• Activity Monitor• Imonitor Employee Activity Monitor• Chily Employee Activity Monitor• Net Spy Pro• Guardian Monitor Professional• Accidental Security Breach• Automated Computer Attack• Countermeasures• Vulnerabilities in WindowsModule 03: Backdoors, Virus, and Worms• Introduction to Virus• Characteristics of a Virus• Working of Virus• Worms• Backdoors• What is a Trojano Basic Working of Trojanshttp://www.eccouncil.orgEC-Council

• Overt and Covert Channels• How is a Worm Different from a Virus• Virus History• Stages of Virus Life• Modes of Virus Infection• Indications of Virus Attack• Underground Writers• Prevention is Better than Cure• Anti-Virus Systems• Anti-Virus Software• AVG Antivirus• Norton Antivirus• McAfee Spam Killer• McAfee VirusScan• F-Secure Anti-Virus• Kaspersky Anti-Virus• How to Detect Trojans• Tool:Netstat• Tool: TCPView• Delete Suspicious Device Drivers• Check for Running Processes: What’s on My Computer• Super System Helper Tool• Tool: What’s Running• Top 10 Latest VirusesPage 9Module 04: Introduction to the Linux Operating System• Linux• Linux Distributions• Linux – Basics• Why Do Hackers Use Linuxhttp://www.eccouncil.orgEC-Council

Page 10• Why is Linux Hacked• How to Apply Patches to Vulnerable Programs• Linux Rootkitso Hacking Tool: Linux Rootkitso Knark & Torno Tuxit, Adore, Rameno Linux Rootkit: phalanx2o Beastkito Rootkit Countermeasureso ‘chkrootkit’ Detects the Following Rootkits• Linux Hacking Toolso Scanning Networkso Nmap in Linuxo Scanning Tool: Nessuso Port Scan Detection Toolso Password Cracking in Linux: John the Rippero Firewall in Linux: IPTableso IPTables Commando Basic Linux Operating System Defenseo SARA (Security Auditor’s Research Assistant)o Linux Tool: Netcato Linux Tool: tcpdumpo Linux Tool: Snorto Linux Tool: SAINTo Linux Tool: Wiresharko Linux Under Attack: Compromised SSH Keys Lead to RootkitModule 05: Password Cracking• Authentication – Definitionhttp://www.eccouncil.orgEC-Council

• Authentication Mechanisms• HTTP Authenticationo Basic Authenticationo Digest Authentication• Microsoft Passport Authentication• What is a Password Cracker• Modus Operandi of an Attacker Using Password Cracker• How does a Password Cracker Work• Attacks – Classification• Password Guessing• Dictionary Maker• Password Cracking Toolso L0phtcrack (LC4)o John the Rippero Brutuso Hydrao Cain & Abelo Other Password Cracking Tools• Security Toolso WebPasswordo Password Administratoro Password Safeo Passwords: Dos and Don’tso Password GeneratorsPage 11Module 06: Cryptography• Basics of Cryptography• Public-key Cryptographyhttp://www.eccouncil.orgEC-Council

Page 12• Working of Encryption• Digital Signature• What is SSH• SSH (Secure Shell)• RSA (Rivest Shamir Adleman)• Example of RSA algorithm• RSA Attacks• RSA Challenge• MD5• SHA (Secure Hash Algorithm)• Code Breaking: Methodologies• Disk Encryption• Cryptography Attacks• Role of Cryptography in Data Security• Magic Lantern• Cleversafe Grid Builder• Microsoft Cryptography ToolsModule 07: Web Servers and Web Applications• Symantec Government Internet Security Threat Report, Published April 2009• Symantec Government Internet Security Threat Report, Published April 2009• Symantec Government Internet Security Threat Report, Published April 2009• Report: Active Servers Across All Domains• Top Web Server Developers• Web Serverso How Web Servers Worko Why Web Servers are Compromisedo Web Application Vulnerabilities Categorieshttp://www.eccouncil.orgEC-Council

o Popular Web Serverso IIS 7 Componentso IIS Vulnerabilitieso IIS Vulnerabilities Detection: Toolso Apache Vulnerabilityo Increasing Web Server’s Security• Web Applicationso Web Application Architecture Componentso Web Application Software Componentso Web Application Setupo Web Application Threatso Cross-Site Scripting/XSS Flawso An Example of XSSo Countermeasureso SQL Injectiono Command Injection Flawso Countermeasureso Cookie/Session Poisoningo Countermeasureso Instant Sourceo Wgeto GUI for Wgeto WebSleutho BlackWidowo WindowBombo WindowBomb: Reporto Burpsuiteo cURLPage 13http://www.eccouncil.orgEC-Council

Page 14Module 08: Wireless Networks• Wireless Networking• Effects of Wireless Attacks on Business• Wireless Standardso Wireless Standard: 802.11ao Wireless Standard: 802.11b – “WiFi”o Wireless Standard: 802.11go Wireless Standard: 802.11io Wireless Standard: 802.11no Wireless Standard:802.15 (Bluetooth)o Wireless Standard:802.16 (WiMax)• Components of Wireless Network• Types of Wireless Network• Setting up WLAN• Detecting a Wireless Network• How to Access a WLAN• Advantages and Disadvantages of a Wireless Network• Antennas• SSID• Access Point Positioning• Rogue Access Points• Techniques to Detect Open Wireless Networks• Wireless Security Guidelines• Netstumbler Tool• MiniStumbler Tool• Kismet Toolhttp://www.eccouncil.orgEC-Council

Module 09: Intrusion Detection System• Intrusion Detection Systems• IDS Placement• Cybersecurity Plan to Boost IT Firms, But Doubts Persist• Types of Intrusion Detection Systems• Ways to Detect an Intrusion• System Integrity Verifiers (SIV)• General Indications of System Intrusions• General Indications of File System Intrusions• General Indications of Network Intrusions• Intrusion Detection Toolso Snort• IDS Testing Tool: Traffic IQ Professional• IDS Software VendorsPage 15Module 10: Firewalls and Honeypots• Introduction• Terminology• Firewwallo What is a Firewallo What does a Firewall doo What can’t a Firewall doo How does a Firewall Worko Firewall Operationso Hardware Firewallo Software Firewallo Types of Firewallso Firewall Identificationhttp://www.eccouncil.orgEC-Council

Page 16o Firewalkingo Banner Grabbingo Placing Backdoors through Firewalls• Honeypoto What is a Honeypoto The Honeynet Projecto Types of Honeypotso Advantages and Disadvantages of a Honeypoto Where to Place a Honeypoto Honeypotso How to Set Up a Honey Poto Honeypot - KFSensoro Honeypot-SPECTERo Honeypot - honeydo What to do When HackedModule 11: Hacking Cycle• Hacking History• Who is a Hacker?• Types of Hackers• What Does a Hacker Doo Phase 1 - Reconnaissanceo Reconnaissance Typeso Phase 2 - Scanningo Phase 3 - Gaining Accesso Phase 4 - Maintaining Accesso Phase 5 - Covering Tracks• Types of Attacks on a Systemhttp://www.eccouncil.orgEC-Council

o Operating System Attackso Application Level Attacks• Computer Crimes and Implications• Legal Perspective (US Federal Law)Page 17Module 12: Introduction to Ethical Hacking• Attacks Carried out Using Hacked PC• Hacker Classes• Hacktivism• Why Ethical Hacking is Necessary• Scope and Limitations of Ethical Hacking• What Do Ethical Hackers Do• How to Become an Ethical Hacker• Skills of an Ethical Hacker• Classification of Ethical Hacker• Jobs for Ethical Hackers: Job Skills in Order of Popularity• Jobs for Ethical Hacker• Jobs for Ethical Hacker• How Do They Go About It• Penetration Testing vis-à-vis Ethical Hacking• How to Simulate an Attack on the Network• Testing Approaches• General Prevention• Vulnerability Research Websites• Computer Crimes and Security Survey• Computer Crimes and Security Surveyhttp://www.eccouncil.orgEC-Council

Page 18Module 13: Networking Revisited• Network Layers• Application Layer• Transport Layer• Internet Layer• Network Interface Layer• Physical Layer• Differentiating Protocols and Services• Mapping Internet Protocol to OSI• OSI Layers and Device Mapping• Network Securityo Essentials of Network Security• Ingress and Egress Traffic• Data Security Threats over a Network• Network Security Policies• What Defines a Good Security Policy• Types of Network Security Policieso Sample Security Policyo Computer Acceptable Use PolicyModule 14: Secure Network Protocols• Secure Network Protocolso E-mail Security Protocol - S/MIMEo E-mail Security Protocol - PGPo Web Security Protocol - SSLo Web Security Protocol - SSHo Web Security Protocol -HTTPo Web Security Protocol -HTTPShttp://www.eccouncil.orgEC-Council

o VPN Security Protocol - IPSeco VPN Security Protocol - PPTPo VPN Security Protocol -L2TPo Wireless Security Protocol - WEPo VoIP Security Protocol -H.323o VoIP Security Protocol- SIP• Public Key Infrastructure (PKI)• Access Control Lists (ACL)• Authentication, Authorization, Accounting (AAA)• RADIUS• TACACS+• Kerberos• Internet Key Exchange protocol (IKE)Page 19Module 15: Authentication• Authentication – Definition• Authentication≠Authorization• Authentication Mechanisms• HTTP Authenticationo Basic Authenticationo Digest Authenticationo Certificate-based Authenticationo Forms-based Authentication• RSA SecurID Token• Biometrics Authentication• Types of Biometrics Authenticationo Face Recognitiono Retina Scanninghttp://www.eccouncil.orgEC-Council

o Fingerprint-based Identificationo Hand Geometry-based Identification• Digital Certificates• Attacks on Password AuthenticationPage 20Module 16: Network Attacks• Network Attackso Denial of Service (DoS)• DoS Countermeasureso Scanning• Scanning Countermeasureso Packet Sniffing• Packet Sniffing Countermeasureso IP Spoofing• IP Spoofing Countermeasureso ARP Spoofing• ARP Spoofing Countermeasureso Session Hijacking• Session Hijacking Countermeasureso Spam Statistics-2009o Spamming• Spamming Countermeasureso Eavesdropping• Eavesdropping CountermeasuresModule 17: Bastion Hosts and DMZ• Bastion Host - Introduction• Types of Bastion Hostshttp://www.eccouncil.orgEC-Council

• Need for a Bastion Host• Basic Principles for Building a Bastion Host• General Requirements to Setup a Bastion Host• Hardware Requirements• Selecting the Operating System for the Bastion Host• Positioning the Bastion Hosto Physical Locationo Network Locationo Select a Secure Location• Auditing the Bastion Host• Connecting the Bastion Host• Tool: IPSentry• What is DMZ• Different Ways to Create a DMZ• Where to Place Bastion Host in the DMZ• Benefits of DMZPage 21Module 18: Proxy Servers• What are Proxy Servers• Benefits of a Proxy Server• Other Benefits of a Proxy Server• Working of a Proxy Server• Functions of a Proxy Server• Communication Via a Proxy Server• Proxy Server-to-Proxy Server Linking• Proxy Servers vs. Packet Filters• Networking Protocols for Proxy Serverso S-HTTPhttp://www.eccouncil.orgEC-Council

Page 22• Types of Proxy Serverso Transparent Proxieso Non-transparent Proxyo SOCKS• Proxy Server-based Firewallso Wingateo Symantec Enterprise Firewall• Microsoft Internet Security & Acceleration Server (ISA)• ISA Server 2006 components• Steps to Configure Proxy Server on IE• Limitations of a Proxy server• List of Proxy SitesModule 19: Virtual Private Network• What is a VPN• VPN Deployment• Tunneling Described• Types of Tunneling• Popular VPN Tunneling Protocols• VPN Security• VPN via SSH and PPP• VPN via SSL and PPP• VPN via Concentrator• Other Methods• VPN Registration and Passwords• Intro to IPSec• IPSec Services• Combining VPN and Firewallshttp://www.eccouncil.orgEC-Council

• VPN VulnerabilitiesModule 20: Introduction to Wireless Network Security• Introduction to Wireless Networking• Basics• Types of Wireless Networkso WLANSo WPANso WMANso WWANs• Antennas• SSIDs• Rogue Access Points• Tools to Detect Rogue Access Points: NetStumbler• Netstumbler• What is Wired Equivalent Privacy (WEP)• WEP Tool: AirSnort• 802.11 Wireless LAN Security• Limitations of WEP Security• Wireless Transportation Layer Security (WTLS)• Extensible Authentication Protocol (EAP) Methods• 802.11i• Wi-Fi Protected Access (WPA)• TKIP and AES• Denial of Service Attacks• Man-in-the-Middle Attack (MITM)• WIDZ, Wireless Intrusion Detection System• Securing Wireless NetworksPage 23http://www.eccouncil.orgEC-Council

• Maximum Security: Add VPN to Wireless LANPage 24Module 21: Voice over Internet Protocol• VoIP Introduction• Benefits of VoIP• Basic VoIP Architecture• VoIP Layers• VoIP Standards• Wireless VoIP• VoIP Threats• VoIP Vulnerabilities• VoIP Security• Skype’s International Long Distance Share Grows, Fast.• VoIP Services in Europe• VoIP Sniffing Toolso AuthToolo VoIPongo Vomito PSIPDumpo Web Interface for SIP Trace (WIST)• VoIP Scanning and Enumeration Toolso SNScano Netcato SiVus• VoIP Packet Creation and Flooding Toolso SipBombero Spittero Scapyhttp://www.eccouncil.orgEC-Council

• VoIP Fuzzing Toolso Ohrwurmo SIP Forum Test Frameworko Asteroid• VoIP Signaling Manipulation Toolso RTP Tools• Other VoIP Toolso Tcpdumpo Wiresharko Softperfect Network Sniffero HTTP Sniffero SmartSniff• VoIP Troubleshooting Toolso P.862o RTCP XR – RFC3611Page 25Module 22: Computer Forensics Fundamentals• Forensic Science• Computer Forensics• Evolution of Computer Forensics• Objectives of Computer Forensics• Need for Computer Forensics• Cyber Crime• Modes of Attacks• Examples of Cyber Crime• Types of Computer Crimes• How Serious Are Different Types of Incidents• Disruptive Incidents to the Businesshttp://www.eccouncil.orgEC-Council

Page 26• Time Spent Responding to the Security Incident• Cost Expenditure Responding to the Security Incident• Cyber Crime Investigation Process• Challenges in Cyber Crime Investigation• Rules of Forensic Investigation• Role of Forensics Investigator• Investigative Agencies: FBI• Investigative Agencies: National Infrastructure Protection Center• Role of Law Enforcement Agencies in Forensics Investigation• Reporting Security Breaches to Law Enforcement Agencies in the U.S.A• Cyber Laws• Approaches to Formulation of Cyber Laws• Some Areas Addressed by Cyber Law• Important Federal StatutesModule 23: Trademark, Copyright, and Patents• Trademark Infringemento Trademarkso Trademark Eligibility and Benefits of Registering Ito Service Marks and Trade Dresso Trademark Infringemento Trademark Searcho Monitoring Trademark Infringementso Key Considerations Before Investigating Trademark Infringementso Steps for Investigating Trademark Infringements• Copyright Infringemento Copyright and Copyright Noticeo Investigating Copyright Status of a Particular Workhttp://www.eccouncil.orgEC-Council

o How Long Does a Copyright Lasto U.S. Copyright Officeo Doctrine of “Fair Use”o How are Copyrights Enforced• Plagiarismo Types of Plagiarismo Steps for Plagiarism Preventiono Plagiarism Detection Factors• Plagiarism Detection Toolso iParadigm’s: Plagiarism Detection Toolo iThenticate: Uploading Documento iThenticate: Generating Reporto iThenticate: Reporto Turnitino Essay Verification Engine 2 (EVE2)o Jplago Sherlock: Plagiarism Detectoro Dupli Checkero SafeAssignmento PlagiarismDetect.com• Patent Infringemento Patento Patent Infringemento Types of Patent Infringemento Patent Search USPTO Recommended Seven-step Strategy for Patent Search• Trademarks and Copyright Lawso U.S. Laws for Trademarks and Copyrighto Indian Laws for Trademarks and CopyrightPage 27http://www.eccouncil.orgEC-Council

o UK Laws for Trademarks and Copyrighto Hong Kong Laws for Intellectual PropertyPage 28Module 24: Network and Router Forensics Fundamentals• Network Forensicso Challenges in Network Forensicso Internal Threato External Threato Network Attackso Automated Computer Attacko Sources of Evidence on a Network• Traffic Capturing and Analysis Toolso Wiresharko Tcpdumpo NetIntercepto CommViewo EtherSnoopo eTrust Network Forensicso ProDiscover Investigatoro Documenting the Evidence Gathered on a Networko Evidence Reconstruction for Investigation• Router Forensicso What is a Routero Functions of a Routero A Router in an OSI Modelo Routing Table and its Componentso Router Architectureo Implications of a Router Attackhttp://www.eccouncil.orgEC-Council

o Routers Vulnerabilitieso Types of Router Attackso Router Attack Topology• Denial of Service (DoS) Attacks• Packet Mistreating Attacks• Routing Table Poisoning• Hit-and-Run and Persistent Attackso Router Forensics Vs. Traditional Forensicso Investigating Routerso Seize the Router and Maintain Chain of Custodyo Incident Response & Session Recordingo Accessing the Routero Volatile Evidence Gatheringo Router Investigation Stepso Link Loggero Router Audit Tool (RAT)o Generate the ReportPage 29Module 25: Incident Response and Forensics• Cyber Incident Statistics• What is an Incident• Security Incidents• Category of Incidentso Category of Incidents: Low Levelo Category of Incidents: Mid Levelo Category of Incidents: High Level• How to Identify an Incident• How to Prevent an Incidenthttp://www.eccouncil.orgEC-Council

Page 30• Incident Management• Reporting an Incident• Pointers to Incident Reporting Process• Report a Privacy or Security Violation• Preliminary Information Security Incident Reporting Form• Incident Response Procedure• Incident Response Policy• Incident Response Checklist• Handling Incidents• Procedure for Handling Incidentso Preparationo Identificationo Containmento Eradicationo Recoveryo Follow-up• Post-Incident Activity• CSIRTo CSIRT Overviewo Need for CSIRTo How CSIRT Handles Case: Stepso Best Practices for Creating a CSIRT• CERT• World CERTs• GFIRST• FIRST• IRTs Around the Worldhttp://www.eccouncil.orgEC-Council

Module 26: Digital Evidence• Digital Evidence• Challenging Aspects of Digital Evidence• The Role of Digital Evidence• Characteristics of Digital Evidence• Fragility of Digital Evidence• Types of Digital Data• Rules of Evidence• Best Evidence Rule• Evidence Life Cycle• Digital Evidence Investigative Process• Where to Find Digital Evidence• Securing Digital Evidence• Documenting Evidence• Evidence Examiner Report• Handling Digital Evidence in a Forensics Lab• Obtaining a Digital Signature and Analyzing it• Processing Digital Evidence• Storing Digital Evidence• Evidence Retention and Media Storage Requirements• Forensics Tool: Dcode• Forensics Tool: WinHex• Forensics Tool: PDA Secure• Forensics Tool: Device SeizurePage 31Module 27: Understanding Windows, DOS, Linux, and Macintosh• File Systems• Types of File Systemshttp://www.eccouncil.orgEC-Council

Page 32• Understanding System Boot Sequence• Exploring Microsoft File Structures• Exploring Microsoft File Structures: FAT vs. NTFS• FATo FAT Structure• NTFSo NTFS Architectureo NTFS System Files• Encrypted File Systems (EFS)o EFS File Structure• CDFS• Comparison of File Systems• Exploring Microsoft File Structures: Cluster• Gathering Evidence on Windows Systems• Gathering Volatile Evidence on Windows• Example: Checking Current Processes With Forensic Tool pslist• Example: Checking Open Ports With Forensic Tool fport• Checking Registry Entries• Features of Forensic Tool: Resplendent Registrar• How to Create a System State Backup• Windows Forensics Tool: Helix• Tools Present in Helix CD for Windows Forensics• Integrated Windows Forensics Software: X-Ways Forensics• Windows Forensics Tool: Traces Viewer• UNIX Overview• Linux Overview• Exploring Unix/Linux Disk Data Structures• Understanding Unix/Linux Boot Processhttp://www.eccouncil.orgEC-Council

• Understanding Linux Loader• Popular Linux File Systems• Use of Linux as a Forensics Tool• Advantages of Linux in Forensics• Popular Linux Forensics Tools• Mac OS X• Mac Security Architecture Overview• Exploring Macintosh Boot Tasks• Mac OS X File System• Mac Forensic Tool: MacLockPick• Mac Forensic Tool: MacAnalysisPage 33Module 28: Steganography• Introduction• Definition of Steganography• Model of Stegosystem• Application of Steganography• Steganography Vs. Cryptography• Classification of Steganography• Technical Steganography• Linguistic Steganography• Digital Steganography• Strides in Steganography• Different Forms of Steganographyo Text File Steganography• Hiding Information In Text Fileso Image File Steganographyo Steganography - Steps for Hiding Informationhttp://www.eccouncil.orgEC-Council

Page 34o Audio File Steganography• Low-bit Encoding in Audio Fileso Video File Steganography• Hiding Information in DNA• Steganographic File System• Real World Applications of Steganography• Practical Applications of Steganography• Unethical Use of Steganography• Introduction to Stego-Forensics• Detecting Steganography• Detecting Text, Image, Audio and Video Steganography• Steganography Toolso Stegdetecto Stego Watcho Snowo Fort Knoxo S- Toolso Steghideo Mp3Stegoo Invisible SecretsModule 29: Analyzing Logs• Computer Security Logso Operating System Logso Application Logso Security Software Logs• Importance of Logs in Forensics• Security Logginghttp://www.eccouncil.orgEC-Council

• Examining Intrusion and Security Events• Logon Event in Window• Windows Log File• Logging in Windows• Remote Logging in Windows• Ntsyslog• Logs and Legal Issueso Legality of Using Logso Laws and Regulations• Log Managemento Functions of Log Managemento Challenges in Log Management• Centralized Logging and Syslogso Central Logging Designo Centralized Logging Setupo Logging in Unix / Linux -Syslogo Remote Logging with Syslogo Significance of Synchronized Timeo Event Gatheringo EventCombMTo Writing Scriptso Event Gathering Toolso Dumpelo LogDogo Forensic Tool: fwanalog• Log Capturing and Analysis Toolso Syslog-ng Logging Systemo WinSyslog Syslog ServerPage 35http://www.eccouncil.orgEC-Council

o Kiwi Syslog ServerPage 36Module 30: E-mail Crime and Computer Forensics• Email System• Internet Protocols• Email Client• Email Server• Exploring the Roles of the Client and Server in E-mail• Phishing Attack• Reasons for Successful Phishing• Identifying E-mail Crimes and Violations• Investigating Email Crime and Violation• Obtain a Search Warrant and Seize the Computer and Email Account• Obtain a Bit-by-Bit Image of Email Information• Sending E-mail Using Telnet• Viewing E-mail Headers• Viewing Headers in Microsoft Outlook• Viewing Headers in AOL• Viewing Headers in Hotmail• Viewing Headers in Gmail• Gmail Header• Examining an E-mail Header• Tracing an E-mail Message• Using Network Logs Related to E-mail• Tracing Back• Tracing Back Web Based E-mail• Searching E-mail Addresses• E-mail Search Sitehttp://www.eccouncil.orgEC-Council

• Using Specialized E-mail Forensic Toolso EnCase Forensico FTK Imagero FINALeMAILo Netcrafto eMailTrackerProo E-mail Examinero LoPe• U.S. Laws Against Email Crime: CAN-SPAM Act• Email Crime Law in Washington: RCW 19.190.020Page 37Module 31: Introduction to Writing Investigative Report• Computer Forensic Report• Significance of Investigative Reports• Computer Forensics Report Template• Report Specifications• Report Classification• What to Include in an Investigative Report• Layout of an Investigative Report• Writing a Report• Guidelines for Writing a Report• Salient Features of a Good Report• Important Aspects of a Good Report• Investigative Report Format• Attachments and Appendices• Report and Expert Opinion• Use of Supporting Material• Sample Forensic Reporthttp://www.eccouncil.orgEC-Council

• Sample Report• Writing Report Using FTKPage 38Module 32: Computer Forensics as a Profession• Introduction• Developing Computer Forensics Resources• Computer Forensics Experts• Preparing for Computing Investigations• Enforcement Agency Investigations• Corporate Investigations• Maintaining Professional Conduct• Legal Issues• Approach to Forensic Investigation: A Case Study• Email Infidelity in a Computer Forensics Investigation Case Studyhttp://www.eccouncil.orgEC-Council

For Training Requirements, PleaseContact EC-Council ATC.Page 39EC-Councilhttp://www.eccouncil.orginfo@eccouncil.org© 2010 EC-Council. All rights reserved.This document is for informational purposes only. EC-Council MAKES NO WARRANTIES,EXPRESS OR IMPLIED, IN THIS SUMMARY. EC-Council and ECSS logos are registeredtrademarks or trademarks of EC-Council in the United States and/or other countries.http://www.eccouncil.orgEC-Council