Programa

LasOposiciones.net ha seleccionado de entre 358 Masters Seguridad Informática ,este Master para ti. El Máster en Investigación Forense y Gestión de Incidencias se imparte en modalidad PRESENCIAL en MADRID y ONLINE. ¡RESERVA TU PLAZA AHORA!

Consigue la habilidad necesaria para la identificación de las huellas del intruso y reunir las pruebas para su procesamiento

El Máster en Investigación Forense y Gestión de Incidencias proporciona la metodología del análisis digital forense y de la evidencia o prueba informática. Este programa concede al alumno la habilidad necesaria para la identificación de las huellas del intruso y reunir las pruebas para su procesamiento.

La trasformación digital está cambiando los modelos de negocios y revolucionando la forma de interactuar entre las empresas existentes y el entorno. Las organizaciones que están adoptando dicho cambio y utilizando tecnologías digitales como cloud, mobile, big data e IOT, están viendo como el contexto de la investigación digital forense y la gestión de incidencias digitales es más relevante que antes y cada vez cobra un papel más fundamental en el organigrama organizativo.

Al finalizar el curso, los alumnos podrán presentarse a los exámenes de certificación oficial de EC-Council:
-Hacking Forensic Investigator
-Incident Handler

SALIDAS PROFESIONALES
Tras la formación de CICE el alumno podrá desempeñar su actividad profesional como:
-Forense informático
-Consultor en seguridad informática
-Auditor de seguridad informática
-Investigador forense
-Analista de riesgos de seguridad
-Probador (Tester) de la seguridad de sistemas
-Gestor de Incidencias

POR QUÉ ESTUDIARLO EN CICE
-CICE es un centro de formación oficial de EC-Council.
-CICE es un centro de formación oficial de CompTIA especializado en seguridad informática.
-Hacemos la entrega de la documentación oficial.
-En CICE te damos de alta en la plataforma de EC-Council en la que tendrás acceso al material oficial online para preparar la certificación.
-Ofrecemos a nuestros alumnos la preparación específica para los exámenes de certificación de EC-Council.
-CICE es un centro oficial certificador de VUE y de EC-Council.
-Nuestros alumnos pueden realizar prácticas ilimitadas y gratuitas en las instalaciones de CICE fuera de los horarios lectivos.
-Nuestros alumnos podrán realizar los exámenes de certificación en las instalaciones de CICE y obtendrán un certificado de validez internacional, único y reconocido.
-Acceso libre y gratuito a la Bolsa de Empleo y Carreras Profesionales.
-Contamos con Becas, promociones y descuentos exclusivos para nuevos y antiguos alumnos.
-Repositorio de todas las clases grabadas a disposición del alumno.

CERTIFICACIONES QUE PUEDES OBTENER
-Certificación propia CICE
-Diploma Acreditativo de CICE
-Certificación de EC- COUNCIL (Incident Handler) Examen ECIH 212-89
-Certificación de EC- COUNCIL (Hacking Forensic Investigator) Examen CHFI v9

Requisitos

El plan de estudios asume que los estudiantes tengan:  
-Conocimientos previos de informática a nivel de usuario medio
-Buena capacidad de lectura y expresión escrita en inglés
-Deseo de aprender el programa de estudios
-Disponer de horas adicionales (entre 5 y 10) a la semana para realizar ejercicios
-Disponer de un manejo fluido de internet
-Es necesario, disponer de conocimientos de Redes
-Es necesario, disponer de conocimientos de Programación
-Es necesario, disponer de conocimientos en Ciberseguridad

Temario

A. EC-Council Certified Incident Handler Program (Módulos 1-11) B. EC-Council Computer Hacking Forensic Investigator (Módulos 12-25)

Módulo 01: Introduction to Incident Response and Handling
-Cyber Incident Statistics
-Computer Security Inciden
-Information as Business Asset
-Data Classification
-Common Terminologies
-Information Warfare
-Key Concepts of Information Security
-Vulnerability, Threat, and Attack
-Types of Computer Security Incidents
-Examples of Computer Security Incidents
-Verizon Data Breach Investigations Report – 2008
-Incidents That Required the Execution of Disaster Recovery Plans
-Signs of an Incident
-Incident Categories
-Incident Prioritization
-Incident Response
-Incident Handling
-Use of Disaster Recovery Technologies
-Impact of Virtualization on Incident Response and Handling
-Estimating Cost of an Incident
-Key Findings of Symantec Global Disaster Recovery Survey – 2009
-Incident Reporting
-Incident Reporting Organizations
-Vulnerability Resources

Módulo 02: Risk Assessment
-Risk
-Risk Policy
-Risk Assessment
-Steps to Assess Risks at Work Place
-Risk Analysis
-Risk Mitigation
-Risk Mitigation Strategies
-Cost/Benefit Analysis
-NIST Approach for Control Implementation
-Residual Risk
-Risk Management Tools

Módulo 03: Incident Response and Handling Steps
-How to Identify an Incident
-Handling Incidents
-Need for Incident Response
-Goals of Incident Response
-Incident Response Plan
-Incident Response and Handling Steps
-Training and Awareness
-Security Awareness and Training Checklist
-Incident Management
-Incident Response Team
-Defining the Relationship between Incident Response, Incident Handling, and Incident Management
-Incident Response Best Practices
-Incident Response Policy
-Incident Response Plan Checklist
-Incident Handling System: RTIR
-RPIER 1st Responder Framework

Módulo 04: CSIRT
-What is CSIRT?
-What is the Need of an Incident Response Team (IRT)
-CSIRT Goals and Strategy
-CSIRT Vision
-Common Names of CSIRT
-CSIRT Mission Statement
-CSIRT Constituency
-CSIRT Place in the Organization
-CSIRT Relationship with Peers
-Types of CSIRT Environments
-Best Practices for creating a CSIRT
-Role of CSIRTs
-Roles in an Incident Response Team
-CSIRT Services
-CSIRT Policies and Procedures
-How CSIRT Handles a Case
-CSIRT Incident Report Form
-Incident Tracking and Reporting Systems
-CERT
-CERT-CC
-CERT(R) Coordination Center: Incident Reporting Form
-CERT:OCTAVE
-World CERTs
-http://www.first.org/about/organization/teams/
-http://www.apcert.org/about/structure/members.html
-IRTs Around the World

Módulo 05: Handling Network Security Incidents
-Denial-of-Service Incidents
-Distributed Denial-of-Service Attack
-Detecting DoS Attack
-Incident Handling Preparation for DoS
-Unauthorized Access Incident
-Inappropriate Usage Incidents
-Multiple Component Incidents
-Network Traffic Monitoring Tools
-Network Auditing Tools
-Network Protection Tools

Módulo 06: Handling Malicious Code Incidents
-Count of Malware Samples
-Virus
-Worms
-Trojans and Spywares
-Incident Handling Preparation
-Incident Prevention
-Detection of Malicious Code
-Containment Strategy
-Evidence Gathering and Handling
-Eradication and Recovery
-Recommendations
-Antivirus Systems

Módulo 07: Handling Insider Threats
-Insider Threats
-Anatomy of an Insider Attack
-Insider Risk Matrix
-Insider Threats Detection
-Insider Threats Response
-Insider’s Incident Response Plan
-Guidelines for Detecting and Preventing Insider Threats
-Employee Monitoring Tools

Módulo 08: Forensic Analysis and Incident Response
-Computer Forensics
-Objectives of Forensics Analysis
-Role of Forensics Analysis in Incident Response
-Forensic Readiness
-Forensic Readiness And Business Continuity
-Types of Computer Forensics
-Computer Forensic Investigator
-People Involved in Computer Forensics
-Computer Forensics Process
-Digital Evidence
-Characteristics of Digital Evidence
-Collecting Electronic Evidence
-Challenging Aspects of Digital Evidence
-Forensic Policy
-Forensics in the Information System Life Cycle
-Forensic Analysis Guidelines
-Forensics Analysis Tools o Helix

Módulo 09: Incident Reporting
-Incident Reporting
-Why to Report an Incident
-Why Organizations do not Report Computer Crimes
-Whom to Report an Incident
-How to Report an Incident
-Details to be Reported
-Preliminary Information Security Incident Reporting Form
-CERT Incident Reference Numbers
-Contact Information
-Summary of Hosts Involved
-Description of the Activity
-Log Extracts Showing the Activity
-Time Zone
-Federal Agency Incident Categories
-Organizations to Report Computer
-Sample Incident Reporting Form
-Sample Post Incident Report Form

Módulo 10: Incident Recovery
-Incident Recovery
-Principles of Incident Recovery
-Incident Recovery Steps
-Contingency/Continuity of Operations Planning
-Business Continuity Planning
-Incident Recovery Plan
-Incident Recovery Planning Process

Módulo 11: Security Policies and Laws
-Security Policy
-Key Elements of Security Policy
-Goals of a Security Policy
-Characteristics of a Security Policy
-Design of Security Policy
-Implementing Security Policies
-Acceptable Use Policy (AUP)
-Access Control Policy
-Asset Control Policy
-Audit Trail
-Documentation Policy
-Evidence Collection Policy
-Evidence Preservation Policy
-Information Security Policy
-National Information Assurance Certification & Accreditation Process (NIACAP) Policy
-Physical Security Policy
-Physical Security Guidelines
-Personnel Security Policies & Guidance
-Law and Incident Handling
-Laws and Acts
-Intellectual Property Laws

Módulo 12: Computer Forensics in Today’s World
-Understanding Computer Forensics
-Why and When Do You Use Computer Forensics?
-Cyber Crime (Types of Computer Crimes)
-Case Study
-Challenges Cyber Crimes Present For Investigators
-Cyber Crime Investigation
-Rules of Forensics Investigation
-Understanding Digital Evidence
-Types of Digital Evidence
-Characteristics of Digital Evidence
-Role of Digital Evidence
-Sources of Potential Evidence
-Rules of Evidence
-Forensics Readiness
-Computer Forensics as part of an Incident Response Plan
-Need for Forensic Investigator
-Roles and Responsibilities of Forensics Investigator
-What makes a Good Computer Forensics Investigator?
-Investigative Challenges
-Legal and Privacy Issues
-Code of Ethics
-Accessing Computer Forensics Resources

Módulo 13: Computer Forensics Investigation
-Importance of Computer Forensics Process
-Phases Involved in the Computer Forensics Investigation Process
-Pre-investigation Phase
-Planning and Budgeting
-Physical Location and Structural Design Considerations
-Work Area Considerations
-Physical Security Recommendations
-Fire-Suppression Systems
-Evidence Locker Recommendations
-Auditing the Security of a Forensics Lab
-Human Resource Considerations
-Build a Forensics Workstation
-Basic Workstation Requirements in a Forensics Lab
-Build a Computer Forensics Toolkit
-Forensics Hardware
-Forensics Software (Cont’d)
-Forensic Practitioner Certification and Licensing
-Forensics Laws
-Quality Assurance Practices in Digital Forensics
-General Quality Assurance in the Digital Forensic Process
-Quality Assurance Practices: Laboratory Software and Hardware
-Laboratory Accreditation Programs
-Risk Assessment Matrix
-Investigation Phase
-Post-investigation Phase

Módulo 14: Understanding Hard Disks and File Systems
-Hard Disk Drive Overview
-Disk Partitions and Boot Process
-Understanding File Systems
-Metadata Files Stored in the MFT
-Setting the Compression State of a Volume
-Components of EFS
-EFS Attribute
-RAID Storage System
-File System Analysis

Módulo 15: Data Acquisition and Duplication
-Data Acquisition and Duplication Concepts
-Static Acquisition
-Validate Data Acquisitions
-Acquisition Best Practices

Módulo 16: Defeating Anti-forensics Techniques
-What is Anti-Forensics?
-Anti-Forensics techniques
-CmosPwd
-DaveGrohl

Módulo 17: Operating System Forensics (Windows, Mac, Linux)
-Introduction to OS Forensics
-Windows Forensics
-Linux Forensics
-MAC Forensics

Módulo 18: Network Forensics
-Introduction to Network Forensics
-Fundamental Logging Concepts
-Event Correlation Concepts
-Network Forensic Readiness
-Log Everything
-Keeping Time
-Use Multiple Sensors
-Avoid Missing Logs
-Functions of Log Management Infrastructure
-Challenges in Log Management
-Meeting the Challenges in Log Management
-Centralized Logging
-Syslog
-IIS Centralized Binary Logging
-Network Forensics Steps
-Use Signatures, Encryption, and Checksums
-Network Forensics Analysis Mechanism
-Analyzing Router Logs
-Evidence Gathering from ARP Table
-Analyzing Router Logs
-Analyzing Firewall Logs
-Analyzing IDS Logs
-Analyzing Honeypot Logs
-DHCP Logging
-ODBC Logging
-Network Traffic Investigation
-Sniffing Tool: Wireshark
-Display Filters in Wireshark
-Additional Wireshark Filters
-Sniffing Tool: SteelCentral Packet Analyzer
-Sniffing Tool: Tcpdump/Windump
-Packet Sniffing Tool: Capsa Network Analyzer
-Network Packet Analyzer: OmniPeek Network Analyzer
-Network Packet Analyzer: Observer
-Network Packet Analyzer: Capsa Portable Network Analyzer
-TCP/IP Packet Crafter: Colasoft Packet Builder
-Network Packet Analyzer: RSA NetWitness Investigator
-Additional Sniffing Tools
-Documenting the Evidence
-Evidence Reconstruction

Módulo 19: Investigating Web Attacks
-Introduction to Web Application Forensics
-Web Attack Investigation
-Investigating Web Server Logs
-Web Attack Detection Tools
-Tools for Locating IP Address
-WHOIS Lookup Tools

Módulo 20: Database Forensics
-Database Forensics and Its Importance
-MSSQL Forensics
-Collect the Evidences
-Examine the Log Files
-Analyze the General Log
-Take a Backup of the Database
-Create an Evidence Database
-Select the Database
-View the Tables in the Database
-View the Users in the Database
-View Columns in the Table
-Collect the Database and all the Logs
-Examine the .frm Files
-Examine the Binary Logs
-Retrieve the Deleted User Account
-ibdata1 in Data Directory

Módulo 21: Cloud Forensics
-Introduction to Cloud Computing
-Cloud Forensics

Módulo 22: Malware Forensics
-Introduction to Malware
-Introduction to Malware Forensics
-Malware Analysis: Static
-Malware Analysis: Dynamic
-Analysis of Malicious Documents
-Malware Analysis Challenges

Módulo 23: Investigating Email Crimes
-Email System
-Email Crimes (Email Spamming, Mail Bombing/Mail Storm, Phishing, Email Spoofing, Crime via Chat Room, Identity Fraud/Chain Letter)
-Copy and Print the E-mail Message
-Viewing Email Headers
-Received Headers
-Analyzing Email Headers
-Examining Additional Files (.pst or .ost files)
-Checking the E-mail Validity
-Examine the Originating IP Address
-Trace the E-mail Origin
-Validating Header Information
-Tracing Back Web-based E-mail
-Email Archives
-Content of Email Archives
-Local Archive
-Server Storage Archive
-Forensic Acquisition of Email Archive
-Deleted Email Recovery
-Examining E-mail Server Logs

Módulo 24: Mobile Phone Forensics
-Mobile Device Forensics
-Architectural Layers of Mobile Device Environment
-Android Architecture Stack
-Android Boot Process
-iOS Architecture
-iOS Boot Process
-Normal and DFU Mode Booting
-Booting iPhone in DFU Mode
-Mobile Storage and Evidence Locations
-Build a Forensics Workstation
-Build the Investigation Team
-Review Policies and Laws
-Notify Decision Makers and Acquire Authorization
-Risk Assessment
-Build a Mobile forensics Toolkit
-Mobile Phone Evidence Analysis
-Collecting the Evidence
-Document the Scene
-Document the Evidence
-Evidence Preservation
-Set of Rules for Switching ON/OFF Mobile Phone
-Mobile Phone Signal Containment
-Packing, Transporting, and Storing the Evidence
-Forensics Imaging
-Phone Locking
-Enabling USB Debugging
-Platform Security Removal Techniques: Jailbreaking/Rooting
-Mobile Evidence Acquisition
-Cellular Network
-Subscriber Identity Module (SIM)
-Logical Acquisition
-Physical Acquisition
-File System Acquisition
-SQLite Database Extraction
-Android Forensics Analysis
-iPhone Data Extraction
-Examination and Analysis
-Generating Investigation Report
-Mobile Forensics Report Template

Módulo 25: Forensics Report Writing and Presentation
-Writing Investigation Reports
-Expert Witness Testimony
-Testifying in the Court
-General Order of Trial Proceedings
-General Ethics While Testifying
-Importance of Graphics in a Testimony
-Helping your Attorney
-Avoiding Testimony Issues
-Testifying during Direct Examination
-Testifying during Cross- Examination
-Testifying during Cross- Examination: Best Practices
-Guidelines to Testify at a Deposition

Objetivos

En el máster aprenderás los principales escenarios de investigación forense que te permitirá adquirir, por un lado, la experiencia práctica en varias técnicas de investigación forense y los conocimientos sobre las herramientas necesarias para llevar a cabo con éxito la investigación forense informática que conduce a la detección del atacante. De este modo el alumno conocerá todas las etapas del análisis que incluye la búsqueda y captura, la cadena de custodia, la adquisición, la conservación, el análisis y la exposición de informes de la evidencia digital.

Además te proporcionará las habilidades necesarias para manejar y responder a los incidentes de seguridad informática en un sistema de información. Abordando varias técnicas para detectar y responder a amenazas de seguridad informáticas actuales y emergentes.

Duración

Duración: 220 horas lectivas. Al menos 440 horas de dedicación HTA

Precio: 3.740 €   
Precio con descuento Máximo para el mes de Febrero: 3.029,4 €   

Precio

3030 €