This course is not currently offered by Global Knowledge. Information here is provided for reference only.

In this course, you will cover the threats facing computer networks today, malicious code, and investigative forensic techniques for Host and Network. You will also learn to develop detection indicators using a variety of freeware tools.

What You'll Learn

• Threat landscape
• Response and remediation best practices
• Malware and other threats
• Methodologies for forensic analysis

Who Needs to Attend

Experienced security analysts familiar with the RSA NetWitness system

Prerequisites

Knowledge of security best practices and network packet structure and analysis.

Follow-On Courses

There are no follow-ons for this course.

Course Outline

1. Network and Host-Based Forensics Foundation

• Threat Landscape and Trends
• Network Forensics
• Incident Response Lifecycle, Remediation, and SOC Workflow Best Practices
• Investigator Primer
• File Extraction
• Extraction and Reassembly
  • Web, SMTP, FTP, and Files
• Beacon Trojan
• Malware
• Extortionware
• Exploit Kits
• SSN/Credit Card Exfiltration
• Developing Basic Detection Patterns
  • Investigator

2. Host-Based Forensics

• Binaries
• Basic Detection Patterns for Malicious Binaries
• Source Code Exfiltration
• Malware Analysis/Leveraging and Available Tools
• Building Indicators/Using Threat Feeds
• Threat Feed
  • Waldec
• Flex Parsing

Labs

In addition to lecture and demonstrations, this course includes hands-on exercises which are designed to give you practical experience.