IMPORTANT REGISTRATION NOTE: We must have 125 registrants before February 28 or the course will be cancelled. Purchase orders will not be invoiced until after the course and registration may be completed without your official purchase order number. The official PO number will be required prior to attending the event. If payment is made by credit card, the account will be charged as soon as your registration is processed with a debit to your account in the event of a cancelled event.

MOREnet (Missouri Research and Education Network) http://www.more.net and the University of Missouri System have partnered with SANS and are very pleased to bring the SECURITY 508: System Forensics, Investigation and Response class to Columbia, MO at a significant savings for members of the education, law enforcement and library communities. The details of the course are below.

Class: SECURITY 508: System Forensics, Investigation and Response Dates: Monday, June 12 - Saturday, June 17, 2006 Location: Stoney Creek Inn, Columbia, Mo. http://www.stoneycreekinn.com/locations/index.cfm?LocationID=8

Who Should Attend

* System administrators and incident handling personnel who are looking for an integration of forensics and investigative methodologies and legal issues * Anyone who wants to understand the technical side of incident response * Anyone who wants to learn how to image and analyze Windows and Linux systems involved in an investigation * Anyone who wants to learn how to forensically recover and analyze data without relying on a tool to automatically accomplish the task * Anyone who wants to learn how filesystems are structured and store their data so that they can understand where evidence exists on any type of hard drive

Instructor: Rob Lee Rob Lee is a member of ManTech's Computer Forensics and Intrusion Analysis Division that provides advanced computer forensics and intrusion operations support to the national security and intelligence communities. He enjoys working on a variety of technical projects for commercial and government clients including incident response, forensics, intrusion detection, vulnerability analysis and specialized R&D. Rob is a graduate of the U.S. Air Force Academy. He served in the U.S. Air Force performing intrusion detection while at the 609th Information Warfare Squadron. As a member of the Air Force Office of Special Investigations he performed network wiretaps, computer forensics and conducted computer crime intrusion investigations. Rob is certified as a SSCP and GCIH. Rob regularly assists the Honeynet Project and coauthored the bestselling book, Know Your Enemy, 2nd Edition.

Education (Higher Ed and K-12), library and State and local law enforcement officials are eligible to register for a special price of $1,000.

Non-education/law enforcement participants may also register for a cost of $2,895 (Secure Infragard members are eligible for a 10% discount).

Registration includes the lunch meal and morning/afternoon break refreshments.

Seating is limited to 150 so reserve your spot now!

Register for the course at: http://sans.more.net

Additional information is available at: http://sans.more.net

Official SANS information on the course http://www.sans.org/sans2006/description.php?tid=205

This is a hands-on course and a laptop is required. Laptop requirements found here: http://www.sans.org/sans2006/laptop.php?tid=205

If you register for the full course, you may register to seek your GCFA Certification for an additional fee of $300.00 US. Registration will be available during the week of class.

Beth Young says: We just found out that city, state and county government employees can attend this training for a $1000. That is a heck of a deal since this usually cost about $3000 and you usually have to travel to one of the coasts to get it.

So, spread the word. If you are education (faculty, staff or student), government or law enforcement, the cost is $1000. Sorry, it is still $3000 if you don't fit one of those categories. BUT still a deal because you don't have to travel out of state!

If you have questions, let me or Randy know. Also, spread the word to any person you think might be interested. We can't reach everybody so the more people that spread the word, the better chance we have of getting 125 people (now I sound like I am on a telethon, Help us reach our goal of 125!) :-D

Beth Beth Young, CISSP youngba@more.net

If you have further questions, please feel free to e-mail rawr@more.net.

Randy Raw, CISSP MOREnet Manager, Network Security 3212 LeMone Industrial Blvd Columbia, MO 65201 573.882.0749 573.884.7699 fax http://www.more.net/security