ASPE-IT offers a full line of hands-on SharePoint training for complete implementation, management and usability for all key functions in your enterprise.

 

ASPE-IT offers real-world, independent training on Windows technologies giving you unbiased hands-on knowledge of the products.

 

Implemented correctly, virtualization technologies have the potential to create vast improvements in the utilization of IT resources.

 

ASPE-IT offers networking courses that focus on skills and knowledge of application development. The course you take will dissect the technology, and teaching you the protocols.

 

ASPE-IT provides premier hands-on Linux skills and certification training through its partnership with Red Hat.

 

Organizing & managing a company's vital information is one of the most extreme challenges in the IT sector today. We'll give you the knowledge and skills to find actionable data.

 

Protecting a company's vital information is one of the most important responsibility of today's IT Department. Get skills to fight todays most common attacks.

 

ITIL's best practices in IT Service Management enhance the cost-effectiveness of IT organizations, improve reliability and alignment with the needs of each business.

 
 

Fees starting at


Regular Individual Fee: $1495

Group (3+): $1295

GSA Individual: $976.50


Terms & Conditions


Latest Blog Posts from ASPE-IT

FREE Web Seminars from our Archives

Connect with ASPE-IT

  • ASPE RSS Feeds
  • ASPE Blog
  • ASPE on Twitter
  • ASPE on LinkedIn





COURSE 9605 | 2-DAY SESSION | 14 PDUs
Planning & Executing E-Discovery & Data Recovery Strategies
Course Outline



A. Introduction & Course Overview

   1. Foundations of E-Discovery
   2. Digital Evidence
   3. Computer Forensics 101

B. Understanding Computer Forensics

C. Forensic Definitions: What’s Included

   1. What’s admissible in court?

      a. Evidence
      b. Chain of Custody

   2. Practitioners

      a. Training
      b. Experience
      c. Expert Testimony

D. Evolution of Forensic Techniques

   1. IT Auditing

      a. Source Code Audits
      b. System Audits

   2. Disk Based Forensics

      a. Undelete Programs
      b. Hex Editors
      c. Automated Tools

   3. Network Forensics

      a. Host Based Forensics
      b. Application Based Forensics

   4. Cell Phone Forensics

      a. Types of Analysis
      b. Handset vs. SIM card
      c. Smartphones

   5. Other Devices

      a. Printers
      b. GPS Devices
      c. Automobile Navigation Systems

E. Today’s Software & Hardware Technologies

   1. Forensic Software

      a. Guidance Software
      b. AccessData
      c. Paraben
      d. Other Software

   2. Forensic Devices

      a. Logicube/Quest
      b. Voom/HardCopy
      c. Cellebrite/UFed

   3. Forensic Operating Systems

      a. Boot Disks

         • Forward Discover
         • Raptor
         • E-fense
         • HelixPro
         • Helix (Older Versions)
         • Helix Live CD

   4. Intro to Forensic Examination

      a. Bits and Bytes

         • Defining your terms
         • How they are used

      b. Hard Disk Construction

         • Parts and Terms
         • Data areas

      c. File Systems

         • Defined
         • Types of File Systems
         • Specific File Systems

      d. File System Mechanics

         • FAT: an overview
         • FAT: Boot Sector
         • FAT: File Allocation Tables
         • Data Area
         • NTFS
         • What is NTFS?
         • Components

      e. File System Forensic Data

         • Structures
         • Directory Layout
         • File locations
         • Meta Data
         • Meta Data Dates
         • Meta Data Users
         • Operating System Specific Data
         • System Files
          • User Data
         • Restore Points

F. E-Discovery

G. Inner Workings of the Courts and the U.S. Legal System

   1. Civil vs. Criminal Courts

      a. Criminal

         • State vs. Accused
         • Prosecutor vs. Defense
         • Constitutional Protections

      b. Civil

         • Party vs. Party
         • Evidence gathered through motions
         • Expert Witnesses
         • Preponderance of the Evidence wins


   2. Federal vs. State Systems

      a. State

         • Courts Governed by State rules and procedures
         • Governed by State precedents and case law
         • Rules differ from state to state
         • Laws Differ from state to state

      b. Federal

         • Courts governed by Federal System

   3. Federal Rules of Civil Procedure (FRCP)

      a. Governs the ways civil trials are conducted

         • Motions
         • Timelines
         • Evidence
         • Discovery

      b. Modified in 2006

         • Specifically addressed electronic information (ESI)

H. What Defines Electronically Stored Information

   1. What is it?

      a. Documents

         • Spreadsheets, PDF scans, Pictures, Word Processor files, etc.

      b. Email

         • Individual Email
         • Mail boxes
         • Post offices

      c. Other Files

         • Internet History
         • Databases
         • Log Files
         • System Files

      d. Whatever could be relevant to the case


   2. Where is it stored?

      a. Computers

         • Servers
         • Workstations
         • Laptops

      b. Network Devices

         • Routers
         • Switches
          • Monitors
         • Remote Access Devices

      c. Cell Phones

         • Handsets
         • Enterprise Servers
         • Backup files

      d. Archive and Storage

         • Tapes
         • Optical Media
         • Decommissioned Hardware
         • Off-site archives

   3. What needs to be produced?

      a. “…documents as they are kept in the usual course of business”

         • Ideal method of production
         • Maintains metadata
         • Forensically Sound

      b. “…or must organize & label them to correspond to the categories in the request”

         • Also acceptable to the Court
         • Metadata probably not preserved
         • Use as a backup method of production

   4. Who will be involved?

      a. Corporate Counsel

         • Defense or Plaintiff
         • Experts
         • Internal Staff

I. Developing A Discovery Plan For Your Own Organization

   1. Identify the need

      a. The organization will be sued
      b. Discovery will happen
      c. Plan ahead

   2. Obtain Top Level Support

      a. Policy cannot be enacted from the trenches
      b. E-Discovery policy must be Top- Down
      c. Work with Senior Management and General Counsel

   3. Identify key individuals to act as point people

      a. Manage like any other wide- ranging project

   4. Perform a preliminary assessment

      a. Inventory systems
      b. Identify ESI repositories
      c. Review data retention policies and procedures

   5. Assemble reports and estimates

      a. What is the potential exposure
      b. Staff Required
      c. Proactive steps required

         • How should data ideally be retained
         • Identify Sensitive Data
         • Modify policies and procedures

   6. Implement Plan


J. Question and Answer Session