ECSS v3 Brochure

Page 1
EC-Council Certified
Security Specialist
http://www.eccouncil.org
EC-Council
EC-Council
Page 2
EC-Council
Course Description
Information security plays a vital role in most of the organizations. Information security is a state of
affairs where information, information processing, and communication are protected against the confidentiality, integrity, and availability of information and information processing. In communications,
information security also covers trustworthy authentication of messages that cover identification of the
parties, verifying, and recording the approval and authorization of the information, non-alteration of
the data, and the non-repudiation of the communication or stored data.
Network security plays a vital role in most of the organizations. It is the process of preventing and
detecting the unauthorized use of your computer. It protects the networks and their services from the
unauthorized modification, destruction, or disclosure. Network security provides assurance that a network performs its critical functions correctly and there are no harmful side effects.
Computer forensics is the process of detecting hacking attacks and properly extracting evidence to
report the crime and conduct audits to prevent future attacks. Computer forensics is the application of
computer investigation and analysis techniques in the interests of determining potential legal evidence.
Evidence might be sought in a wide range of computer crime or misuse, including but not limited to
theft of trade secrets, theft of or destruction of intellectual property, and fraud. Computer forensics
enables the systematic and careful identification of evidence in computer related crime and abuse cases.
This course will benefit the students who are interested in learning fundamentals of information security, network security, and computer forensics.
The EC-Council Certified Security Specialist (ECSS) program is designed primarily for students of
academic institutions. It covers the fundamental basics of information security, computer forensics, and
network security.
The program will give a holistic overview of the key components of information security. Students,
who complete the ECSS program, will be equipped with the adequate foundation knowledge and
should be able to progress onto the next level.
EC-Council
Page 3
EC-Council Certified Security Specialist (ECSS) allows students to enhance their skills in three different areas namely information security, network security, and computer forensics.
Who Should Attend

This course will significantly benefit individuals who are entering into the world of computer security.
ECSS is an entry level security program.
Duration
Page 4
2 days (9:00 5:00)
Certification
The ECSS exam will be conducted on the last day of training. Students need to pass the online Prometric exam to receive the ECSS certification.
EC-Council
Page 5
E CS S
EC-Council
TM
Certified Security Specialist
Master the Security Technologies.
EC-Council
Course Outline v3
Module 01: Information Security Fundamentals
2009 Data Breach Investigations Report
Security Threat Report 2009: SOPHOS
Page 6
Data Breach Investigations Report

Internet Crime Report: IC3
Top Internet Security Threats of 2008
Emerging Cyber Threats Report for 2009
The Most Prevalent Web Vulnerabilities
Information Security
Need for Security
Cost of Computer Crime
The Security, Functionality, and Ease of Use Triangle
Common Terminologies
Elements of Information Security: CIA
Trends in Security
20-Year Trend: Stronger Attack Tools
Information Security More Than An IT Challenge For SME
Statistics Related to Security
Attack on Social Network Sites for Identity Theft
The Top Ten List Of Malware-hosting Countries in 2009
2010 Threat Predictions
Information Security Laws and Regulations
Computer Misuse Act
Data Protection Act 1998
Gramm-Leach Bliley Act
EC-Council
Page 7
Module 02: Addressing Threats

What is a Threat
Current Scenario
Knowing Terms: Vulnerability, Exploit
Internal Threat
Sniffing
External Threat
Types of External Threats
External Threats
o Social Engineering

Social Engineering Example 1
Social Engineering Example 2
o Denial of Service Attacks

What are Denial of Service Attacks
Impact and the Modes of Attack
o DoS Attack Tools

Jolt2
Bubonic.c
Land and LaTierra
Targa
o Distributed Denial of Service Attack (DDoS)

Characteristics of DDoS Attacks
o DDoS Attack Tool

DDoS Tool: Tribal Flood Network
DDoS Tool: Shaft
DDoS Tool: Trinity
stacheldraht
o Virus and Worm
o Trojan and Rootkit
EC-Council
Worms and their Role in DoS Attack
Worms and their Role in DoS Attack: Troj/Pointu-A
Page 8
o Corporate Espionage

Introduction To Corporate Espionage
Information that the Corporate Spies Seek
How the Information is Attacked
Insider Threat
Different Categories of Insider Threat
Process of Hacking
Corporate Espionage: Case Study
o Employee Monitoring Tools

Activity Monitor
Imonitor Employee Activity Monitor
Chily Employee Activity Monitor
Net Spy Pro
Guardian Monitor Professional
Accidental Security Breach
Automated Computer Attack
Countermeasures
Vulnerabilities in Windows
Module 03: Backdoors, Virus, and Worms

Introduction to Virus
Characteristics of a Virus
Working of Virus
Worms
Backdoors
What is a Trojan
o Basic Working of Trojans
EC-Council
Overt and Covert Channels
Page 9
How is a Worm Different from a Virus

Virus History
Stages of Virus Life
Modes of Virus Infection
Indications of Virus Attack
Underground Writers
Prevention is Better than Cure
Anti-Virus Systems
Anti-Virus Software
AVG Antivirus
Norton Antivirus
McAfee Spam Killer
McAfee VirusScan
F-Secure Anti-Virus
Kaspersky Anti-Virus
How to Detect Trojans
Tool:Netstat
Tool: TCPView
Delete Suspicious Device Drivers
Check for Running Processes: Whats on My Computer
Super System Helper Tool
Tool: Whats Running
Top 10 Latest Viruses
Module 04: Introduction to the Linux Operating System
Linux
Linux Distributions
Linux Basics
Why Do Hackers Use Linux
EC-Council
Why is Linux Hacked

How to Apply Patches to Vulnerable Programs
Linux Rootkits
o Hacking Tool: Linux Rootkits
o Knark & Torn
o Tuxit, Adore, Ramen
Page 10
o Linux Rootkit: phalanx2

o Beastkit
o Rootkit Countermeasures
o chkrootkit Detects the Following Rootkits

Linux Hacking Tools
o Scanning Networks
o Nmap in Linux
o Scanning Tool: Nessus
o Port Scan Detection Tools
o Password Cracking in Linux: John the Ripper

o Firewall in Linux: IPTables
o IPTables Command
o Basic Linux Operating System Defense
o SARA (Security Auditors Research Assistant)

o Linux Tool: Netcat
o Linux Tool: tcpdump

o Linux Tool: Snort
o Linux Tool: SAINT
o Linux Tool: Wireshark
o Linux Under Attack: Compromised SSH Keys Lead to Rootkit

Module 05: Password Cracking
Authentication Definition
EC-Council
Authentication Mechanisms
Page 11
HTTP Authentication
o Basic Authentication
o Digest Authentication
Microsoft Passport Authentication
What is a Password Cracker
Modus Operandi of an Attacker Using Password Cracker
How does a Password Cracker Work
Attacks Classification
Password Guessing
Dictionary Maker
Password Cracking Tools
o L0phtcrack (LC4)
o John the Ripper
o Brutus
o Hydra
o Cain & Abel
o Other Password Cracking Tools
Security Tools
o WebPassword
o Password Administrator
o Password Safe
o Passwords: Dos and Donts
o Password Generators
Module 06: Cryptography
Basics of Cryptography
Public-key Cryptography
EC-Council
Working of Encryption
Digital Signature
What is SSH
SSH (Secure Shell)
RSA (Rivest Shamir Adleman)
Example of RSA algorithm
Page 12
RSA Attacks
RSA Challenge
MD5
SHA (Secure Hash Algorithm)
Code Breaking: Methodologies
Disk Encryption
Cryptography Attacks
Role of Cryptography in Data Security
Magic Lantern
Cleversafe Grid Builder
Microsoft Cryptography Tools
Module 07: Web Servers and Web Applications
Symantec Government Internet Security Threat Report, Published April 2009
Report: Active Servers Across All Domains
Top Web Server Developers
Web Servers
o How Web Servers Work
o Why Web Servers are Compromised
o Web Application Vulnerabilities Categories
EC-Council
o Popular Web Servers
Page 13
o IIS 7 Components
o IIS Vulnerabilities
o IIS Vulnerabilities Detection: Tools
o Apache Vulnerability
o Increasing Web Servers Security
Web Applications
o Web Application Architecture Components
o Web Application Software Components
o Web Application Setup
o Web Application Threats
o Cross-Site Scripting/XSS Flaws
o An Example of XSS
o Countermeasures
o SQL Injection
o Command Injection Flaws
o Countermeasures
o Cookie/Session Poisoning
o Countermeasures
o Instant Source
o Wget
o GUI for Wget
o WebSleuth
o BlackWidow
o WindowBomb
o WindowBomb: Report
o Burpsuite
o cURL
EC-Council
Module 08: Wireless Networks

Wireless Networking
Effects of Wireless Attacks on Business
Wireless Standards
o Wireless Standard: 802.11a
o Wireless Standard: 802.11b WiFi
Page 14
o Wireless Standard: 802.11g

o Wireless Standard: 802.11i
o Wireless Standard: 802.11n
o Wireless Standard:802.15 (Bluetooth)
o Wireless Standard:802.16 (WiMax)
Components of Wireless Network
Types of Wireless Network
Setting up WLAN
Detecting a Wireless Network
How to Access a WLAN
Advantages and Disadvantages of a Wireless Network
Antennas
SSID
Access Point Positioning
Rogue Access Points
Techniques to Detect Open Wireless Networks
Wireless Security Guidelines
Netstumbler Tool
MiniStumbler Tool
Kismet Tool
EC-Council
Module 09: Intrusion Detection System
Page 15
Intrusion Detection Systems

IDS Placement
Cybersecurity Plan to Boost IT Firms, But Doubts Persist
Types of Intrusion Detection Systems
Ways to Detect an Intrusion
System Integrity Verifiers (SIV)
General Indications of System Intrusions
General Indications of File System Intrusions
General Indications of Network Intrusions
Intrusion Detection Tools
o Snort
IDS Testing Tool: Traffic IQ Professional
IDS Software Vendors
Module 10: Firewalls and Honeypots
Introduction
Terminology
Firewwall
o What is a Firewall
o What does a Firewall do
o What cant a Firewall do
o How does a Firewall Work
o Firewall Operations
o Hardware Firewall
o Software Firewall
o Types of Firewalls
o Firewall Identification
EC-Council
o Firewalking
o Banner Grabbing
o Placing Backdoors through Firewalls
Honeypot
o What is a Honeypot
o The Honeynet Project
Page 16
o Types of Honeypots
o Advantages and Disadvantages of a Honeypot
o Where to Place a Honeypot
o Honeypots
o How to Set Up a Honey Pot
o Honeypot - KFSensor
o Honeypot-SPECTER
o Honeypot - honeyd
o What to do When Hacked
Module 11: Hacking Cycle
Hacking History
Who is a Hacker?
Types of Hackers
What Does a Hacker Do
o Phase 1 - Reconnaissance
o Reconnaissance Types
o Phase 2 - Scanning
o Phase 3 - Gaining Access
o Phase 4 - Maintaining Access
o Phase 5 - Covering Tracks
Types of Attacks on a System
EC-Council
o Operating System Attacks
Page 17
o Application Level Attacks

Computer Crimes and Implications
Legal Perspective (US Federal Law)
Module 12: Introduction to Ethical Hacking
Attacks Carried out Using Hacked PC
Hacker Classes
Hacktivism
Why Ethical Hacking is Necessary
Scope and Limitations of Ethical Hacking
What Do Ethical Hackers Do
How to Become an Ethical Hacker
Skills of an Ethical Hacker
Classification of Ethical Hacker
Jobs for Ethical Hackers: Job Skills in Order of Popularity
Jobs for Ethical Hacker
Jobs for Ethical Hacker
How Do They Go About It
Penetration Testing vis--vis Ethical Hacking
How to Simulate an Attack on the Network
Testing Approaches
General Prevention
Vulnerability Research Websites
Computer Crimes and Security Survey
Computer Crimes and Security Survey
EC-Council
Module 13: Networking Revisited

Network Layers
Application Layer
Transport Layer
Internet Layer
Network Interface Layer
Page 18
Physical Layer
Differentiating Protocols and Services
Mapping Internet Protocol to OSI
OSI Layers and Device Mapping
Network Security
o Essentials of Network Security
Ingress and Egress Traffic
Data Security Threats over a Network
Network Security Policies
What Defines a Good Security Policy
Types of Network Security Policies
o Sample Security Policy
o Computer Acceptable Use Policy
Module 14: Secure Network Protocols
Secure Network Protocols
o E-mail Security Protocol - S/MIME
o E-mail Security Protocol - PGP
o Web Security Protocol - SSL
o Web Security Protocol - SSH
o Web Security Protocol -HTTP
o Web Security Protocol -HTTPS
EC-Council
o VPN Security Protocol - IPSec
Page 19
o VPN Security Protocol - PPTP

o VPN Security Protocol -L2TP
o Wireless Security Protocol - WEP
o VoIP Security Protocol -H.323
o VoIP Security Protocol- SIP
Public Key Infrastructure (PKI)
Access Control Lists (ACL)
Authentication, Authorization, Accounting (AAA)
RADIUS
TACACS+
Kerberos
Internet Key Exchange protocol (IKE)
Module 15: Authentication
Authentication Definition
AuthenticationAuthorization
Authentication Mechanisms
HTTP Authentication
o Basic Authentication
o Digest Authentication
o Certificate-based Authentication
o Forms-based Authentication
RSA SecurID Token
Biometrics Authentication
Types of Biometrics Authentication
o Face Recognition
o Retina Scanning
EC-Council
o Fingerprint-based Identification
o Hand Geometry-based Identification
Digital Certificates
Attacks on Password Authentication
Module 16: Network Attacks
Page 20
Network Attacks
o Denial of Service (DoS)

DoS Countermeasures
o Scanning

Scanning Countermeasures
o Packet Sniffing

Packet Sniffing Countermeasures
o IP Spoofing

IP Spoofing Countermeasures
o ARP Spoofing

ARP Spoofing Countermeasures
o Session Hijacking

Session Hijacking Countermeasures
o Spam Statistics-2009
o Spamming

Spamming Countermeasures
o Eavesdropping

Eavesdropping Countermeasures
Module 17: Bastion Hosts and DMZ

Bastion Host - Introduction
Types of Bastion Hosts
EC-Council
Need for a Bastion Host
Page 21
Basic Principles for Building a Bastion Host

General Requirements to Setup a Bastion Host
Hardware Requirements
Selecting the Operating System for the Bastion Host
Positioning the Bastion Host
o Physical Location
o Network Location
o Select a Secure Location
Auditing the Bastion Host
Connecting the Bastion Host
Tool: IPSentry
What is DMZ
Different Ways to Create a DMZ
Where to Place Bastion Host in the DMZ
Benefits of DMZ
Module 18: Proxy Servers
What are Proxy Servers
Benefits of a Proxy Server
Other Benefits of a Proxy Server
Working of a Proxy Server
Functions of a Proxy Server
Communication Via a Proxy Server
Proxy Server-to-Proxy Server Linking
Proxy Servers vs. Packet Filters
Networking Protocols for Proxy Servers
o S-HTTP
EC-Council
Types of Proxy Servers

o Transparent Proxies
o Non-transparent Proxy
o SOCKS
Proxy Server-based Firewalls
o Wingate
Page 22
o Symantec Enterprise Firewall

Microsoft Internet Security & Acceleration Server (ISA)
ISA Server2006 components
Steps to Configure Proxy Server on IE
Limitations of a Proxy server
List of Proxy Sites
Module 19: Virtual Private Network
What is a VPN
VPN Deployment
Tunneling Described
Types of Tunneling
Popular VPN Tunneling Protocols
VPN Security
VPN via SSH and PPP
VPN via SSL and PPP
VPN via Concentrator
Other Methods
VPN Registration and Passwords
Intro to IPSec
IPSec Services
Combining VPN and Firewalls
EC-Council
VPN Vulnerabilities
Page 23
Module 20: Introduction to Wireless Network Security

Introduction to Wireless Networking
Basics
Types of Wireless Networks
o WLANS
o WPANs
o WMANs
o WWANs
Antennas
SSIDs
Rogue Access Points
Tools to Detect Rogue Access Points: NetStumbler
Netstumbler
What is Wired Equivalent Privacy (WEP)
WEP Tool: AirSnort
802.11 Wireless LAN Security
Limitations of WEP Security
Wireless Transportation Layer Security (WTLS)
Extensible Authentication Protocol (EAP) Methods
802.11i
Wi-Fi Protected Access (WPA)
TKIP and AES
Denial of Service Attacks
Man-in-the-Middle Attack (MITM)
WIDZ, Wireless Intrusion Detection System
Securing Wireless Networks
EC-Council
Maximum Security: Add VPN to Wireless LAN

Module 21: Voice over Internet Protocol
VoIP Introduction
Benefits of VoIP
Basic VoIP Architecture
Page 24
VoIP Layers
VoIP Standards
Wireless VoIP
VoIP Threats
VoIP Vulnerabilities
VoIP Security
Skypes International Long Distance Share Grows, Fast.
VoIP Services in Europe
VoIP Sniffing Tools
o AuthTool
o VoIPong
o Vomit
o PSIPDump
o Web Interface for SIP Trace (WIST)
VoIP Scanning and Enumeration Tools
o SNScan
o Netcat
o SiVus
VoIP Packet Creation and Flooding Tools
o SipBomber
o Spitter
o Scapy
EC-Council
VoIP Fuzzing Tools
Page 25
o Ohrwurm
o SIP Forum Test Framework
o Asteroid
VoIP Signaling Manipulation Tools
o RTP Tools
Other VoIP Tools
o Tcpdump
o Wireshark
o Softperfect Network Sniffer
o HTTP Sniffer
o SmartSniff
VoIP Troubleshooting Tools
o P.862
o RTCP XR RFC3611
Module 22: Computer Forensics Fundamentals
Forensic Science
Computer Forensics
Evolution of Computer Forensics
Objectives of Computer Forensics
Need for Computer Forensics
Cyber Crime
Modes of Attacks
Examples of Cyber Crime
Types of Computer Crimes
How Serious Are Different Types of Incidents
Disruptive Incidents to the Business
EC-Council
Time Spent Responding to the Security Incident

Cost Expenditure Responding to the Security Incident
Cyber Crime Investigation Process
Challenges in Cyber Crime Investigation
Rules of Forensic Investigation
Role of Forensics Investigator
Page 26
Investigative Agencies: FBI

Investigative Agencies: National Infrastructure Protection Center
Role of Law Enforcement Agencies in Forensics Investigation
Reporting Security Breaches to Law Enforcement Agencies in the U.S.A
Cyber Laws
Approaches to Formulation of Cyber Laws
Some Areas Addressed by Cyber Law
Important Federal Statutes
Module 23: Trademark, Copyright, and Patents
Trademark Infringement
o Trademarks
o Trademark Eligibility and Benefits of Registering It
o Service Marks and Trade Dress
o Trademark Infringement
o Trademark Search
o Monitoring Trademark Infringements
o Key Considerations Before Investigating Trademark Infringements
o Steps for Investigating Trademark Infringements
Copyright Infringement
o Copyright and Copyright Notice
o Investigating Copyright Status of a Particular Work
EC-Council
o How Long Does a Copyright Last
Page 27
o U.S. Copyright Office

o Doctrine of Fair Use
o How are Copyrights Enforced
Plagiarism
o Types of Plagiarism
o Steps for Plagiarism Prevention
o Plagiarism Detection Factors
Plagiarism Detection Tools
o iParadigms: Plagiarism Detection Tool
o iThenticate: Uploading Document
o iThenticate: Generating Report
o iThenticate: Report
o Turnitin
o Essay Verification Engine 2 (EVE2)
o Jplag
o Sherlock: Plagiarism Detector
o Dupli Checker
o SafeAssignment
o PlagiarismDetect.com
Patent Infringement
o Patent
o Patent Infringement
o Types of Patent Infringement
o Patent Search USPTO Recommended Seven-step Strategy for Patent Search
Trademarks and Copyright Laws
o U.S. Laws for Trademarks and Copyright
o Indian Laws for Trademarks and Copyright
EC-Council
o UK Laws for Trademarks and Copyright

o Hong Kong Laws for Intellectual Property
Module 24: Network and Router Forensics Fundamentals
Network Forensics
o Challenges in Network Forensics
Page 28
o Internal Threat
o External Threat
o Network Attacks
o Automated Computer Attack
o Sources of Evidence on a Network
Traffic Capturing and Analysis Tools
o Wireshark
o Tcpdump
o NetIntercept
o CommView
o EtherSnoop
o eTrust Network Forensics
o ProDiscover Investigator
o Documenting the Evidence Gathered on a Network
o Evidence Reconstruction for Investigation
Router Forensics
o What is a Router
o Functions of a Router
o A Router in an OSI Model
o Routing Table and its Components
o Router Architecture
o Implications of a Router Attack
EC-Council
o Routers Vulnerabilities
Page 29
o Types of Router Attacks

o Router Attack Topology

Denial of Service (DoS) Attacks
Packet Mistreating Attacks
Routing Table Poisoning
Hit-and-Run and Persistent Attacks
o Router Forensics Vs. Traditional Forensics

o Investigating Routers
o Seize the Router and Maintain Chain of Custody
o Incident Response & Session Recording
o Accessing the Router
o Volatile Evidence Gathering
o Router Investigation Steps
o Link Logger
o Router Audit Tool (RAT)
o Generate the Report
Module 25: Incident Response and Forensics
Cyber Incident Statistics
What is an Incident
Security Incidents
Category of Incidents
o Category of Incidents: Low Level
o Category of Incidents: Mid Level
o Category of Incidents: High Level
How to Identify an Incident
How to Prevent an Incident
EC-Council
Incident Management
Reporting an Incident
Pointers to Incident Reporting Process
Report a Privacy or Security Violation
Preliminary Information Security Incident Reporting Form
Incident Response Procedure
Page 30
Incident Response Policy

Incident Response Checklist
Handling Incidents
Procedure for Handling Incidents
o Preparation
o Identification
o Containment
o Eradication
o Recovery
o Follow-up
Post-Incident Activity
CSIRT
o CSIRT Overview
o Need for CSIRT
o How CSIRT Handles Case: Steps
o Best Practices for Creating a CSIRT
CERT
World CERTs
GFIRST
FIRST
IRTs Around the World
EC-Council
Module 26: Digital Evidence
Page 31
Digital Evidence
Challenging Aspects of Digital Evidence
The Role of Digital Evidence
Characteristics of Digital Evidence
Fragility of Digital Evidence
Types of Digital Data
Rules of Evidence
Best Evidence Rule
Evidence Life Cycle
Digital Evidence Investigative Process
Where to Find Digital Evidence
Securing Digital Evidence
Documenting Evidence
Evidence Examiner Report
Handling Digital Evidence in a Forensics Lab
Obtaining a Digital Signature and Analyzing it
Processing Digital Evidence
Storing Digital Evidence
Evidence Retention and Media Storage Requirements
Forensics Tool: Dcode
Forensics Tool: WinHex
Forensics Tool: PDA Secure
Forensics Tool: Device Seizure
Module 27: Understanding Windows, DOS, Linux, and Macintosh
File Systems
Types of File Systems
EC-Council
Understanding System Boot Sequence

Exploring Microsoft File Structures
Exploring Microsoft File Structures: FAT vs. NTFS
FAT
o FAT Structure
NTFS
Page 32
o NTFS Architecture
o NTFS System Files
Encrypted File Systems (EFS)
o EFS File Structure
CDFS
Comparison of File Systems
Exploring Microsoft File Structures: Cluster
Gathering Evidence on Windows Systems
Gathering Volatile Evidence on Windows
Example: Checking Current Processes With Forensic Tool pslist
Example: Checking Open Ports With Forensic Tool fport
Checking Registry Entries
Features of Forensic Tool: Resplendent Registrar
How to Create a System State Backup
Windows Forensics Tool: Helix
Tools Present in Helix CD for Windows Forensics
Integrated Windows Forensics Software: X-Ways Forensics
Windows Forensics Tool: Traces Viewer
UNIX Overview
Linux Overview
Exploring Unix/Linux Disk Data Structures
Understanding Unix/Linux Boot Process
EC-Council
Understanding Linux Loader
Page 33
Popular Linux File Systems

Use of Linux as a Forensics Tool
Advantages of Linux in Forensics
Popular Linux Forensics Tools
Mac OS X
Mac Security Architecture Overview
Exploring Macintosh Boot Tasks
Mac OS X File System
Mac Forensic Tool: MacLockPick
Mac Forensic Tool: MacAnalysis
Module 28: Steganography
Introduction
Definition of Steganography
Model of Stegosystem
Application of Steganography
Steganography Vs. Cryptography
Classification of Steganography
Technical Steganography
Linguistic Steganography
Digital Steganography
Strides in Steganography
Different Forms of Steganography
o Text File Steganography

Hiding Information In Text Files
o Image File Steganography

o Steganography - Steps for Hiding Information
EC-Council
o Audio File Steganography

Low-bit Encoding in Audio Files
o Video File Steganography

Hiding Information in DNA
Steganographic File System
Real World Applications of Steganography
Page 34
Practical Applications of Steganography

Unethical Use of Steganography
Introduction to Stego-Forensics
Detecting Steganography
Detecting Text, Image, Audio and Video Steganography
Steganography Tools
o Stegdetect
o Stego Watch
o Snow
o Fort Knox
o S- Tools
o Steghide
o Mp3Stego
o Invisible Secrets
Module 29: Analyzing Logs
Computer Security Logs
o Operating System Logs
o Application Logs
o Security Software Logs
Importance of Logs in Forensics
Security Logging
EC-Council
Examining Intrusion and Security Events
Page 35
Logon Event in Window

Windows Log File
Logging in Windows
Remote Logging in Windows
Ntsyslog
Logs and Legal Issues
o Legality of Using Logs
o Laws and Regulations
Log Management
o Functions of Log Management
o Challenges in Log Management
Centralized Logging and Syslogs
o Central Logging Design
o Centralized Logging Setup
o Logging in Unix / Linux -Syslog
o Remote Logging with Syslog
o Significance of Synchronized Time
o Event Gathering
o EventCombMT
o Writing Scripts
o Event Gathering Tools
o Dumpel
o LogDog
o Forensic Tool: fwanalog
Log Capturing and Analysis Tools
o Syslog-ng Logging System
o WinSyslog Syslog Server
EC-Council
o Kiwi Syslog Server

Module 30: E-mail Crime and Computer Forensics
Email System
Internet Protocols
Email Client
Page 36
Email Server
Exploring the Roles of the Client and Server in E-mail
Phishing Attack
Reasons for Successful Phishing
Identifying E-mail Crimes and Violations
Investigating Email Crime and Violation
Obtain a Search Warrant and Seize the Computer and Email Account
Obtain a Bit-by-Bit Image of Email Information
Sending E-mail Using Telnet
Viewing E-mail Headers
Viewing Headers in Microsoft Outlook
Viewing Headers in AOL
Viewing Headers in Hotmail
Viewing Headers in Gmail
Gmail Header
Examining an E-mail Header
Tracing an E-mail Message
Using Network Logs Related to E-mail
Tracing Back
Tracing Back Web Based E-mail
Searching E-mail Addresses
E-mail Search Site
EC-Council
Using Specialized E-mail Forensic Tools
Page 37
o EnCase Forensic
o FTK Imager
o FINALeMAIL
o Netcraft
o eMailTrackerPro
o E-mail Examiner
o LoPe
U.S. Laws Against Email Crime: CAN-SPAM Act
Email Crime Law in Washington: RCW 19.190.020
Module 31: Introduction to Writing Investigative Report
Computer Forensic Report
Significance of Investigative Reports
Computer Forensics Report Template
Report Specifications
Report Classification
What to Include in an Investigative Report
Layout of an Investigative Report
Writing a Report
Guidelines for Writing a Report
Salient Features of a Good Report
Important Aspects of a Good Report
Investigative Report Format
Attachments and Appendices
Report and Expert Opinion
Use of Supporting Material
Sample Forensic Report
EC-Council
Sample Report
Writing Report Using FTK
Module 32: Computer Forensics as a Profession
Introduction
Developing Computer Forensics Resources
Page 38
Computer Forensics Experts

Preparing for Computing Investigations
Enforcement Agency Investigations
Corporate Investigations
Maintaining Professional Conduct
Legal Issues
Approach to Forensic Investigation: A Case Study
Email Infidelity in a Computer Forensics Investigation Case Study
EC-Council
Page 39
For Training Requirements, Please

Contact EC-Council ATC.
EC-Council
2010 EC-Council. All rights reserved.

This document is for informational purposes only. EC-Council MAKES NO WARRANTIES,
EXPRESS OR IMPLIED, IN THIS SUMMARY. EC-Council and ECSS logos are registered
trademarks or trademarks of EC-Council in the United States and/or other countries.
EC-Council

ECSS v3 Brochure

Uploaded by

Copyright:

Available Formats

ECSS v3 Brochure

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

ECSS v3 Brochure

Uploaded by

Copyright:

Available Formats

Page 1

Who Should Attend

2 days (9:00 5:00)

Certified Security Specialist

Master the Security Technologies.

Data Breach Investigations Report

Module 02: Addressing Threats

Social Engineering Example 1

Social Engineering Example 2

o Denial of Service Attacks

What are Denial of Service Attacks

Impact and the Modes of Attack

o DoS Attack Tools

Land and LaTierra

o Distributed Denial of Service Attack (DDoS)

Characteristics of DDoS Attacks

o DDoS Attack Tool

DDoS Tool: Tribal Flood Network

DDoS Tool: Shaft

DDoS Tool: Trinity

o Virus and Worm

o Trojan and Rootkit

Worms and their Role in DoS Attack

Worms and their Role in DoS Attack: Troj/Pointu-A

Introduction To Corporate Espionage

Information that the Corporate Spies Seek

How the Information is Attacked

Different Categories of Insider Threat

Corporate Espionage: Case Study

o Employee Monitoring Tools

Imonitor Employee Activity Monitor

Chily Employee Activity Monitor

Net Spy Pro

Guardian Monitor Professional

Accidental Security Breach

Automated Computer Attack

Module 03: Backdoors, Virus, and Worms

Overt and Covert Channels

How is a Worm Different from a Virus

Why is Linux Hacked

o Tuxit, Adore, Ramen

o Linux Rootkit: phalanx2

o chkrootkit Detects the Following Rootkits

o Scanning Tool: Nessus

o Port Scan Detection Tools

o Password Cracking in Linux: John the Ripper

o Basic Linux Operating System Defense

o SARA (Security Auditors Research Assistant)

o Linux Tool: tcpdump

o Linux Tool: SAINT

o Linux Tool: Wireshark

o Linux Under Attack: Compromised SSH Keys Lead to Rootkit

o Popular Web Servers

Module 08: Wireless Networks

o Wireless Standard: 802.11g

Module 09: Intrusion Detection System

Intrusion Detection Systems

o Operating System Attacks

o Application Level Attacks

Module 13: Networking Revisited