About NTI

Data Risk Reduction
Information LeakageData held in Silicon or Media

Recent legislation mandates that most companies have to provide assurance that key information is secure. The purpose of this course is to provide IT with the understanding to implement the policies and knowledge necessary to address risk from information leakage.

NTI is a world leader in computer forensics and computer security risk management training. We have been providing training to U. S. intelligence and U. S. military agencies since 1997 and this unique Data Hiding Training Course was created with the needs of those agencies in mind. With today's emphasis on security audit and policy management this course covers how to manage security leakage. The information security risk perspectives presented in course are ideal to cover issues that must be addressed as part of GLB, HIPAA, Sarbanes-Oxley and FISMA.

Addressing Policy

The purpose of this course is to provide the student with an understanding of how the Gramm-Leach-Bliley Act, HIPAA and Sarbanes Oxley drive IT solutions and how IT professionals can comply with them. Continuing on the subject of Sarbanes Oxley, we'll discuss it's section 404 on internal controls and the PCAOB audit standards that impact IT, plus the essential controls IT needs for compliance. I'll also list "best practices" we recommend for implementing IT controls, security and policies. We address the COSO control framework and discuss techniques to prepare the IT professional for Sarbanes Oxley audits. An overview of how to implement COBIT and ISO-17799 will also be presented.

Addressing Information Leakage

There are no definitive solutions to some of the security risks outlined in class. All students will leave this two day course of instruction with a new awareness of information security risks associated with computers and related devices outside the realm of the common IT networking issues. Participants will also gain an awareness of the potentials of hiding sensitive data on portable notebook computers and removable computer storage media.

In addition to the policy information provided above, this course covers known data hiding methods, e.g., steganography, it also focuses on several non-traditional data hiding methods that are effective and easy to implement. Some data hiding methods cannot be detected through computer forensic examination and analysis. Many of the security methods and security-breeching methods we cover are not discussed publically by agencies dealing in classified material and data.

The creation of this course followed the second international Information Hiding Workshop hosted by Intel Corporation in the Spring of 1998 in Portland, Oregon. Our instructors participated in that conference and have participated in most of the subsequent information hiding workshops that have been held in various locations throughout the world. Our Data Hiding Course has been updated and kept current over time to deal with changes in technology and levels of threat. The topics covered in this course are relevant to the war on terror and to U. S. national security. Data Hiding 2003

We will also discuss the interception of sensitive data from radio and microwave communications, pagers, analog cellular telephones, digital cellular telephones and PDAs. Demonstrations are given concerning the covert capture of RF emissions from computer monitors, but although this is easily done, this is no longer performed as a "live" intercept. We will explain the method and equipment necessary but will no longer do a live demonstration the classroom.

This course was designed to provide the participants with an awareness of data hiding methodologies and threat potentials. The course also covers computer security flaws that exist in most U. S. corporations and U. S. classified government agencies. Because of the sensitive nature of the course contents, printed manuals are not distributed and recording devices are not allowed in the class room.


The course spans two full days of instruction at our training facility in Jacksonville, Florida or Gresham, Oregon. The course can also be conducted at other facilities under contract. For what is covered, please to to the Syllabus.


This course is open to all. Since this is in part a 'hands-on' course, the participants should have an in depth knowledge of computer operations, DOS, Microsoft Windows and computer security review methodologies.

Food & Lodging:

Lodging costs are paid by participants and are encouraged to stay at one of the several hotels less that 2 miles from the airport and from the training facility. Lunch is provided for in the price of tuition.

Click here for information about hotels and restaurants in the Jacksonville, Florida area.
Click here for information about hotels and restaurants in the Portland, Oregon area.

Software Provided:

Each participant will receive instruction in the use of various security review and data analysis software programs. They will also be provided with licensed copies of the following:

  • CopyQM - Floppy diskette duplication software for making copies of software diskettes used in security reviews.

  • DiskScrub - A hard disk drive scrub utility which eliminates data with multiple overwrites. It meets U. S. DoD security standards.

  • FileList Pro - A disk cataloging tool which is also used to evaluate computer access time lines in computer security reviews.

  • FileConvert Pro - A database conversion tool for use with NTI's FileList output files.

  • GetFree - An ambient data collection tool which is used as a validation tool after data has been securely deleted from targeted computer storage media.

  • GetSlack - An ambient data collection tool which is used as a validation tool after data has been securely deleted from targeted computer storage media.

  • Graphics File Extractor - An ambient data collection tool which quickly and automatically reconstructs BMP, GIF and JPG graphics files in unallocated file space (erased files) and the Windows swap and Windows page files. This is an ideal tool for after-the-fact reviews of computer usage.Data Hiding 1997

  • M-Sweep XP - A data security scrub utility which eliminates data from file slack, unallocated space (erased files) and the Windows swap/page files. It meets U. S. DoD security standards.

  • HexSearch - A binary data search tool that is used to identify targeted graphics file content and foreign language words and communications stored in the form of computer data.

  • Text Search Plus - A Text Search utility which is used in security reviews to locate targeted key words, strings of text and graphic files. It was specifically created for use in U. S. government computer security reviews.

Contact for more information!

updated 9/3/2005