Note: if the class is overfilled, then you will be wait-listed. You will be contacted should this occur.

All course materials, lunch and two coffee breaks will be provided.
You must provide your own laptop.

Students should be Windows GUI smart and have experience in using the Internet Explorer, File Manager and MS Office. To maximize the learning environment each student should bring his/her notebook computer with CD and diskette drive. The notebook should have either Windows 2000 or Windows XP installed.

No loaner computers will be provided.

This hands-on course will involve case investigation procedures and a set of advanced tools for the imaging, forensics review and reporting processes involving Windows client platforms. The course will include use of a set of tools to analyze digitally stored case evidence on exclusively Windows 2000 – Windows XP systems.

These items of evidence are becoming increasingly important in a wide variety of administrative, civil and criminal cases, and numerous law enforcement agencies, which have trained personnel, to retrieve this evidence from computers. To increase the effective investigation and prosecution of criminals who utilize computers, it is critical for systems professionals and investigators to understand the basic concepts of information technology, computer security, evidence controls and the forensic examination of digitally stored information.

In this intensive 1 day 8-hour course, attendees will receive vital information on the processes and tools used to collect and analyze digital evidence. In addition to reviewing the typical areas where digital evidence may be located or hidden within a computer the full range of forensics tool kits will be used to extract such information.

There will be case exercises and demonstrations of several information retrieval, computer forensics assessments and forensics reporting techniques. The course will also cover a variety of issues involved in drafting forensics reports about digitally stored evidence and ultimately using such evidence in administrative or legal matters.

A comprehensive end-of-course examination will be administered and students who attend classes - complete exercises and pass the examination will be awarded a Microsoft - Client Systems Forensics Certificate.

Larry Leibrock, Ph.D., is a member of the McCombs Business School – The University of Texas faculty and serves as the Associate Dean and Technology Officer for the McCombs Business School. He has held or currently holds clinical teaching and research appointments at McCombs Business School, Institute for Advanced Technology, The University of Texas Law School, Emory University, Helsinki School of Economics and Monterrey Technologica in Mexico City and Monterrey. He is a member of IEEE, ACM, Internet Society, FIRST and USENIX/SAGE. He is also a member of the Department of Defense Software Engineering Institute and a participant in the Air Force Software Technology Conference. He is the founder and CTO for eForensics LLC, a private technical services firm.

He has experience in enterprise systems support, offensive/defensive systems security measures, systems security audits, and IT deployment projects in both governmental and corporate settings.

In clinical practice, he has served as the project manager in over IT projects in several US and international sites. He holds professional certifications in IT project management, Windows“, UNIX“, systems performance, computer security and networking. He has authored papers in the topics of information systems attacks, encryption, public key infrastructures, privacy, systems survivability and systems forensics.

He has won several University teaching awards and has served as an expert in a range of legislative matters, judicial testimony, and legal disputes. Larry has served as a Special Master for a Texas Court in the areas of systems management, systems survivability, security and protection of systems mechanisms.

Larry has delivered expert digital evidence testimony at both civil and criminal trials. He has testified for the Presidential Commission for Protection of Critical Information Infrastructure and the Senate Science Committee. He recently presented forensics testimony at an invitational conference for the Executive Office of the President. He presently serves on the Texas Infrastructure Protection Advisory Committee formed by the Attorney General of Texas. He is also appointed to the Board of Directors - Texas Department of Information Resources. Larry is active in IT industry and government systems consulting projects in the areas of systems forensics, enterprise IT operations, security and incident investigations.