Cosmopolitan University Network Cosmopolitan University Network
Department of Computer Information Science
Courses
Course - Computer Forensic Training
Outline / Content
The Course includes:
A+ instruction and Hardware & Operating Systems
Network+ training & certification
Security+ training & certification (National Certification Agencys certify in all
levels of achieved certification)
Computer Forensics (Certification by Association of Computer Forensic Examiners, meeting and/or exceeding FBI standards.)
Forensic Training Course Includes the Following:
Duration of the class is a maximum of 18 months, but may be completed with intense
study in 6 months. Classes are set by the student - they work at their speed...in the comfort of their home or office.
Software for the course includes all CBT (computer based training.)
CDs, books and manuals will include Network +, Security + instructional books, and are available to SommerSet Computers at an educational discount. The Association of Computer Forensic Examiners will supply forensic manuals. Training software will be supplied by a national forensic firm (SommerSet has a discount rate). International forensic tools will be supplied students when they reach the Intermediate level of Security+.
Required skills for entry are a working knowledge of computers and a desire to advance in the Security and Forensic computer fieldsThe course of study includes online and offline hands-on training. Each student will receive, at the intermediate point in their training, a hard drive for forensic review...they will be instructed through email/online, and if necessary by phone, how to gather the evidence as to gaurantee the soundness of the evidence...suitble for court presentation by F.B.I. standards; and, how to search for, find and report on their findings.
Network+ Study Curriculum
Network+ Objectives
Domain 1.0: Media and Topologies
1.1 Recognize the following logical or physical network topologies given a schematic 1
diagram or description:
Star/hierarchical, bus, mesh, ring, wireless
1.2 Specify the main features of 802.2 (LLC), 802.3 (Ethernet), 802.5 (Token Ring), 2
802.llb (wireless), and FDDI networking technologies, including:Speed, access, method, topology, media
1.3 Specify the characteristics (e.g., speed, length, topology, cable type, etc.) of
the 1 following:
802.3 (Ethernet) standards, 1 OBaseT, 1 OOBaseTX, 1 OBase2, 1 OBase5, 1 OOBaseFX, Gigabit Ethernet
1.4 Recognize the following media connectors and/or describe their uses: RJ-11, RJ-45, AUI, BNC, ST, SC
1.5 Choose the appropriate media type and connectors to add a client to an existing 6
network.
1.6 Identify the purpose, features, and functions of the following network 1,6
components:
Hubs, switches, bridges, routers, gateways, CSU/DSU, network interface cards/ISDN adapters/system area network cards, wireless access points, modems
Domain 2.0: Protocols and Standards
2.1 Given an example, identify a MAC address.
2.2 Identify the seven layers of the OSl model and their functions.
2.3 Differentiate between the following network protocols in terms of routing, 2,
3 addressing schemes, interoperability, and naming conventions:TCP/IP, IPX/SPX,
NetBEUI, AppleTalk
2.4 Identify the OSI layers at which the following network components operate: 2
Hubs, switches, bridges, routers, network interface cards
2.5 Define the purpose, function, and/or use of the following protocols within
TCP/IP: 3 P. TCP, UDP, FTP, TFTP, SMTP, HTTP, HTTPS, POP3/IMAP4, TELNET, ICMP, ARP, NTP
2.6 Define the function of TCP/UDP ports. Identify well-known ports.
2.7 Identify the purpose of the following network services (e.g., DHCP/bootp, DNS,
3 NAT/ICS, WINS, and SNMP).
2.8 Identify IP addresses (IPv4, IPv6) and their default subnet masks.
2.9 Identify the purpose of subnetting and default gateways.
2.10 Identify the differences between public vs. private networks.
2.11 Identify the basic characteristics (e.g., speed, capacity, media) of the following
7 WAN technologies:
Packet switching vs. circuit switching, ISDN, FDDI, ATM, frame relay, SONET/SDH, Ti/El, T3/E3, Oc-x
2.12 Define the function of the following remote access protocols and services: RAS,
PPP, PPTP, CA
2.13 Identify the following security protocols and describe their purpose and
function: 7 IPSec, L2TP, SSL, Domain 3.0: Network Implementation
3.1 Identify the basic capabilities (i.e., client support, interoperability,
authentication, 5 file and print services, application support, and security) of the
following server operating systems: Unix/Linux, NetWare, Windows, Macintosh
3.2 Identify the basic capabilities of client workstations (i.e., client
connectivity, local 5 security mechanisms, and authentication).
3.3 Identify the main characteristics of VLANs.
3.4 Identify the main characteristics of network attached storage.
3.5 Identify the purpose and characteristics of fault tolerance.
3.6 Identify the purpose and characteristics of disaster recovery.
3.7 Given a remote connectivity scenario (e.g., IP, IPX, dial-up, PPPoE,
authentication, physical connectivity, etc.), configure the connection.
3.8 Identify the purpose, benefits, and characteristics of using a firewall.
3.9 Identify the purpose, benefits, and characteristics of using a proxy.
3.10 Given a scenario, predict the impact of a particular security implementation
on network functionality (e.g., blocking port numbers, encryption, etc.).
3.11 Given a network configuration, select the appropriate NIC and network
configuration settings (DHCP, DNS, WINS, protocols, NetBIOS/host name, etc.).
Domain 4.0: Network Support
4.1 Given a troubleshooting scenario, select the appropriate TCP/IP utility from
among the following:
Tracert, ping, ARP, netstat, nbstat, ipconfig, ifconfig, winipcfg, nslookup
4.2 Given a troubleshooting scenario involving a small office/home office network
failure (e.g., xDSL, cable, home satellite, wireless, POTS), identify the cause of the
failure.
4.3 Given a troubleshooting scenario involving a remote connectivity problem
(e.g., authentication failure, protocol configuration, physical connectivity),
identify the cause of the problem.
4.4 Given specific parameters, configure a client to connect to the following
servers:
Unix/Linux, NetWare, Windows, Macintosh
4.5 Given a wiring task, select the appropriate tool (e.g., wire crimper, media
tester/ certifier, punchdown tool, tone generator, optical tester, etc.).
4.6 Given a network scenario, interpret visual indicators (e.g., link lights,
collision lights, etc.) to determine the nature of the problem.
4.7 Given output from a diagnostic utility (e.g., tracert, ping, ipconfig, etc.),
identify the utility and interpret the output.
4.8 Given a scenario, predict the impact of modifying, adding, or removing network
services (e.g., DHCP, DNS, WINS, etc.) on network resources and users.
4.9 Given a network problem scenario, select an appropriate course of action based on a general troubleshooting strategy. This strategy includes the following steps:
Establish the symptoms; identify the affected area; establish what has changed; select
the most probable cause; implement a solution; test the result; recognize the
potential effects of the solution; document the solution.
4.10 Given a troubleshooting scenario involving a network with a particular physical
topology (i.e., bus, star/hierarchical, mesh, ring, and wireless) and including a
network diagram, identify the network area affected and the cause of the problem.
4.11 Given a network troubleshooting scenario involving a client connectivity problem
(e.g., incorrect protocol/client software/authentication configuration, or
insufficient rights/permission), identify the cause of the problem.
4.12 Given a network troubleshooting scenario involving a wiring/infrastructure
problem, identify the cause of the problem (e.g., bad media, interference, network
hardware).
Security+ Curriculum
Security+ Objectives
OBJECTIVE
1. General Security Concepts
1.1. Access Control
1.1.1. MAC/DAC/RBAC
1.2. Authentication
1.2.1. Kerberos; 1.2.2. CHAP; 1.2.3.; Certificates; 1.2.4. Username/Password;
1.2.5. Tokens;
1.2.6. Multi-Factor; 1.2.7. Mutual Authentication; 1.2.8. Biometrics
1.3. Non-essential Services and Protocols — Disabling unnecessary
systems/process/programs.
1.4. Attacks
1.4.1. DOS/DDOS; 1.4.2. Back Door; 1.4.3.; Spoofing; 1.4.4. Man in the Middle;
1.4.5. Replay;
1.4.6. TCP/IP Hijacking; 1.4.7. Weak Keys; 1.4.8. Mathematical; 1.4.9. Social
Engineering;
1.4.10. Birthday; 1.4.11. Password Guessing; 1.4.11.1. Brute Force; 1.4.11.2.
Dictionary;
1.4.12. Software Exploitation
1.5. Malicious Code
1.5.1. Viruses; 1.5.2. Trojan Horses; 1.5.3. Logic Bombs; 1.5.4. Worms
1.6. Social Engineering
1.7. Auditing — Logging. system scanning
2. Communication Security
2.1. Remote Access
2.1.1. 802.lx; 2.1.2. VPN; 2.1.3. RADIUS; 2.1.4. TACACS/+; 2.1.5. L2TP/PPTP;
2.1.6. SSH; 2.1.7. IPSEC;
2.1.8. Vulnerabilities
2.2. Email
2.2.1. S/MIME; 2.2.2. PGP like technologies; 2.2.3. Vulnerabilities; 2.2.3.1.
Spain; 2.2.3.2. Hoaxes
2.3. Web
2.3.1. SSL/TLS; 2.3.2. HTTP/S; 2.3.3. Instant Messaging; 2.3.3.1
Vulnerabilities; 2.3.3.2 8.3 Naming
Conventions; 2.3.3.3 Packet Sniffing; 2.3.3.4 Privacy; 2.3.4.
Vulnerabilities; 2.3.4.1. Java Script;
2.3.4.2. ActiveX; 2.3.4.3. Buffer Overflows; 2.3.4.4. Cookies; 2.3.4.5. Signed
Applets; 2.3.4.6. CGI;
2.3.4.7. SMTP Relay
2.4. Directory — Recognition not administration
2.4.1. SSL/TLS; 2.4.2. LDAP
2.5. File Transfer
2.5.1. S/FTP; 2.5.2. Blind FTP/Anonymous; 2.5.3. File sharing; 2.5.4.
Vulnerabilities;
2.5.4.1. Packet Sniffing
2.6. Wireless
2.6.1. WTLS; 2.6.2. 802.llx; 2.6.3. WEPIWAP; 2.6.4. Vulnerabilities;
2.6.4.1. Site Surveys
3. Infrastructure Security
3.1. Devices
3.1.1. Firewalls; 3.1.2. Routers; 3.1.3. Switches; 3.1.4. Wireless; 3.1.5.
Modems; 3.1.6. RAS;
3.1.7. Telecom/PBX; 3.1.8. VPN; 3.1.9. IDS; 3.1.10. Network
Monitoring/Diagnostic;
3.1.11. Workstations; 3.1.12. Servers; 3.1.13. Mobile Devices
3.2. Media
3.2.1. Coax; 3.2.2. UTP/STP; 3.2.3. Fiber; 3.2.4. Removable media; 3.2.4.1.
Tape; 3.2.4.2. CDR;
3.2.4.3. Hard drives; 3.2.4.4. Diskettes; 3.2.4.5. Flashcards; 3.2.4.6.
Smartcards
3.3. Security Topologies
3.3.1. Security Zones; 3.3.1.1. DMZ; 3.3.1.2. lntranet; 3.3.1.3. Extranet;
3.3.2. VLAN5; 3.3.3. NAT;
3.3.4. Tunneling
3.4. Intrusion Detection
3.4.1. Network Based; 3.4.1.1. Active Detection; 3.4.1.2. Passive Detection;
3.4.2. Host Based;
3.4.2.1. Active Detection; 3.4.2.2. Passive; Detection; 3.4.3. Honey Pots;
3.4.4. Incident Response
3.5. Security Baselines
3.5.1. OS/NOS Hardening lConcepts and processes); 3.5.1.1. File System; 3.5.1.2.
Updates (Hotfixes,
Service Packs, Patches); 3.5.2. Network Hardening; 3.5.2.1. Updates lFirmwarel;
3.5.2.2. Configuration;
3.5.2.2.1. Enabling and Disabling Services and Protocols; 3.5.2.2.2. Access
control lists; 3.5.3. Application
Hardening; 3.5.3.1. Updates (Hotfixes, Service Packs, Patches); 3.5.3.2. Web Servers;
3.5.3.3. Email
Servers; 3.5.3.4. FTP Servers; 3.5.3.5. DNS Servers; 3.5.3.6. NNTP Servers; 3.5.3.7.
File/Print Servers;
3.5.3.8. DHCP Servers; 3.5.3.9. Data Repositories; 3.5.3.9.1. Directory
Services; 3.5.3.9.2. Databases
4. Basics of Cryptography
4.1. Algorithms
4.1.1. Hashing; 4.1.2. Symmetric; 4.1.3. Asymmetric
4.2. Concepts of using cryptography
4.2.1. Confidentiality; 4.2.2. Integrity; 4.2.2.1. Digital Signatures; 4.2.3.
Authentication; 4.2.4. Non-Repudiation;
4.2.4.1. Digital Signatures; 4.2.5. Access Control
4.3. PKI
4.3.1. Certificates — Make a distinction between what certificates are used for what
purpose. Basics only.;
4.3.1.1. Certificate Policies; 4.3.1.2. Certificate Practice Statements; 4.3.2.
Revocation; 4.3.3. Trust Models
4.4. Standards and Protocols
4.5. Key Management/Certificate Lifecycle
4.5.1. Centralized vs. Decentralized; 4.5.2. Storage; 4.5.2.1. Hardware vs. Software;
4.5.2.2. Private Key
Protection; 4.5.3. Escrow; 4.5.4. Expiration; 4.5.5. Revocation; 4.5.5.1. Status
Checking; 4.5.6. Suspension;
4.5.6.1. Status Checking; 4.5.7. Recovery; 4.5.7.1. M of N Control; 4.5.8.
Renewal; 4.5.9. Destruction;
4.5.10. Key Usage; 4.5.10.1. Multiple Key Pairs (Single, Dual)
5. Operational/Organizational Security
5.1. Physical Security
5.1.1. Access Control; 5.1.1.1. Physical Barriers; 5.1.1.2. Biometrics; 5.1.2. Social
Engineering;
5.1.3. Environment; 5.1.3.1. Wireless Cells; 5.1.3.2. Location; 5.1.3.3. Shielding;
5.1.3.4. Fire Suppression
5.2. Disaster Recovery
5.2.1. Backups; 5.2.1.1. Off Site Storage; 5.2.2. Secure Recovery; 5.2.2.1. Alternate
Sites; 5.2.3. Disaster Recovery Plan
5.3. Business Continuity
5.3.1. Utilities; 5.3.2. High Availability / Fault Tolerance; 5.3.3. Backups
5.4. Policy and Procedures
5.4.1. Security Policy; 5.4.1.1. Acceptable Use; 5.4.1.2. Due Care; 5.4.1.3. Privacy;
5.4.1.4. Separation
of duties; 5.4.1.5. Need to Know; 5.4.1.6. Password Management; 5.4.1.7. SLA; 5.4.1.8.
Disposal / Destruction; 5.4.1.9 HR Policy; 5.4.1.9.1 Termination —Adding / revoking passwords, privileges, etc.;
5.4.1.9.2 Hiring —Adding / revoking passwords, privileges, etc.; 5.4.1.9.3 Code
of Ethics; 5.4.2. Incident Response Policy
5.5. Privilege Management
5.5.1. User/Group/Role Management; 5.5.2. Single Sign-on; 5.5.3. Centralized vs.
Decentralized;
5.5.4. Auditing (Privilege, Usage, Escalation); 5.5.5. MAC/DAC/RBAC
5.6. Forensics (Awareness, conceptual knowledge and understanding — know what your role is)
5.6.1. Chain of Custody; 5.6.2. Preservation of Evidence; 5.6.3. Collection of
Evidence
5.7. Risk Identification
5.7.1. Asset Identification; 5.7.2. Risk Assessment; 5.7.3. Threat Identification;
5.7.4. Vulnerabilities
5.8. Education — Training of end users, executives and HR
5.8.1. Communication; 5.8.2. User Awareness; 5.8.3. Education; 5.8.4. Online
Resources
5.9. Documentation
5.9.1. Standards and Guidelines;5.9.2. Systems Architecture;
5.9.3. Change
Documentation;5.9.4. Logs and Inventories;
5.9.5. Classification;
5.9.5.1.
Notification;5.9.6. Retention/Storage;
5.9.7. Destruction
Computer Forensics will cover:
1.1 Forensic Examination Procedures
These procedures are established as the IACIS® Forensic Examination standards to
ensure that competent, professional forensic examinations are conducted.
1.2 Use of Forensically sterile examination media
1.3 Maintaining the integrity of the original media
1.4 Properly marking printouts, copies of data and exhibits resulting from the
examination
1.4.1 Control and transmission of data & exhibits.
2.1 Hard Disk Examination
2.1.1 Forensically sterile conditions are established
2.1.1.1 media utilized during examination process
2.2 Forensic software
2.3 Making specific description of the hardware
2.4 Unusual media/hardware found during the physical examination of the computer
recorded.
2.5 Viruses, destructive programs, or other inadvertent writes to/from the original
media recorded/prevented.
2.6 Checking contents of the CMOS, as well as the internal clock
3.1 Obtaining a bitstream copy or other image of the original media
4.1 Detailed description of the bitstream copy or image process and identification of
the hardware, software and media
4.2 Examining the boot record data, and user defined system configuration and
operation command files, such as, the CONFIG.SYS file and the AUTOEXEC.BAT file
5.1 Recovering deleted files
5.1.1 Changing the first character of restored files from a HEX E5 to “-”, or other
unique character, for identification purposes.
5.2.1 Listing of all the files contained on the examined media
6.1 Examining the unallocated space for lost or hidden data.
6.2 Examining the “slack” area of each file for lost or hidden data.
7.1 Contents of each user data file in the root directory and each sub-directory (if
present) are examined.
8.1 Unlocking password protected files are and examined
9.1 Printing or copy made of all apparent evidentiary data.
10. Floppy Disk Examination
10.1 Physically examining the media
10.2 Precautions (Hardware/software) during any copying process or access to the
original media
10.2.1 The write-protect capability of the floppy disk drive (FDD)
10.3 A duplicate image of the original write protected FD 10.3.1 Examining the copy of the FD (logically examined and a describing contents
11. Exhibits
11.1 Exhibits marked, sequentially numbered and properly secured and transmitted.
12. Limited Examinations
12.1 Examination scope limited by the search warrant or the courts.
12.1.1 Examining the equipment examined on premises.
12.2 Examining media size that it is so vast a complete examination is not possible.
12.3 Recovered evidence is so weighty or overwhelming that a further search is not
necessary
The costs / fees, to include all software, books, manuals and Computer Based Training (CBT) CDs for the Computer Forensic Course is: $3,600.00
Dr P Dennis Newsom, CIS
|
|
|  |
|
© Cosmopolitan University. All Rights Reserved.
