Prochaine session

10 jours

Inscription

Cyberforensic rapid response

None

Duration

.

Audience

None

Prerequisite

None

Objectives

None

Information

Cette formation peut être dispensée en présentiel ou en distanciel.

Detailled program

Description

This training allows people to quickly grasp all the possibilities available for a SysAdmin to investigate after an incident.

Certification

NONE

Objectifs

The Cyber Forensics Rapid Response (CFRR) training program is a 2-week course that provides detailed study of evidence on intrusions and malware incidents in computers and networks. At the conclusion of this course, students will have a clear understanding of responding to, and managing, intrusions and malware incidents, which artifacts are left during these incidents, and how knowledge of these artifacts plays a significant role in the forensic and investigative processes.

Through presentations, instructor-led hands-on practical exercises, and laboratory activities, students will learn how to find, identify and respond to malware on Windows and Linux operating systems and on network devices, focusing on identifying intrusion and malware artifacts. The first week focuses the network level, analyzing a variety of logs, investigating network traffic captures and conducting drive analysis across a network in diverse scenarios. The second week focuses on intrusion and malware artifacts on Windows and Linux hosts, including RAM capture and analysis, and malware analysis.

The CFRR Training Program is not an entry level class. Prospective students are expected to be proficient with basic forensic concepts and tools. Students should be competent with the use of virtualization software (VMWare, Virtualbox, etc.) and - since portions of the analysis are conducted with Linux VMs -, students should have some experience with basic Linux commands (ls, mkdir, etc. Advanced commands will be explained and practiced during the course.) Students will be provided analysis platforms but must bring their own Windows 7, 8 or 10 VM.

Programme

Week 1

DAY DAY-1 DAY-2 DAY-3 DAY-4 DAY-5
8:00 Introduction Network Services Linux for Log Analysis Remote Imaging Regulatory Frameworks/Legal
9:00 Network Theory Microsoft Networks Linux for Log Analysis Remote Imaging CSIRP
10:00 Network Theory Networks Lab Linux for Log Analysis Remote Imaging Scenario 1
11:00 Network Theory Highlighter for Logs Linux for Log Analysis EnCase for Networks Scenario 1
Lunch Lunch Lunch Lunch Lunch Lunch
13:00 Network Theory Wireshark Linux for Log Analysis NDB for Networks Electronic Crime Scene
14:00 Network Theory Wireshark Linux for Log Analysis Network assessment Scenario 2
15:00 Network Topology Wireshark Linux for Log Analysis Network Assessment Scenario 2
16:00 Network Topology Wireshark Linux for Log Analysis Network Assessment Scenario 2
Labs : Windows networks Wireshark Linux for Log Analysis Network Assessment

Week 2

DAY Monday (Windows) Tuesday (Linux) Wednesday (RAM) Thursday (Malware) Friday
8:00 ELEX (evt analysis) Linux Overview RAM Architecture Rapid Response Scenario 3
9:00 LogParser Linux Overview RAM Architecture Rapid Response Scenario 3
10:00 LogParser Linux Analysis RAM Capture Rapid Response Scenario 3
11:00 Windows Analysis Linux Analysis BulkExtractor Rapid Response Scenario 3
Lunch Lunch Lunch Lunch Lunch Lunch
13:00 Windows Analysis Linux Analysis RAM Analysis Volatility Dynamic Malware Scenario 3
14:00 Windows Analysis Linux Analysis RAM Analysis Volatility Dynamic Malware Scenario 3
15:00 Windows Analysis Linux Analysis RAM Analysis Volatility Dynamic Malware Scenario 3
16:00 Windows Analysis Linux Analysis RAM Analysis Volatility Dynamic Malware Scenario 3


Cyberforensic rapid response

Interrested by this training ? Please contact us for more details.