RSA NetWitness Forensics
This course is not currently offered by Global Knowledge. Information here is provided for reference only.
In this course, you will cover the threats facing computer networks today, malicious code, and investigative forensic techniques for Host and Network. You will also learn to develop detection indicators using a variety of freeware tools.
What You'll Learn
- Threat landscape
- Response and remediation best practices
- Malware and other threats
- Methodologies for forensic analysis
Who Needs to Attend
Experienced security analysts familiar with the RSA NetWitness system
Knowledge of security best practices and network packet structure and analysis.
There are no follow-ons for this course.
1. Network and Host-Based Forensics Foundation
- Threat Landscape and Trends
- Network Forensics
- Incident Response Lifecycle, Remediation, and SOC Workflow Best Practices
- Investigator Primer
- File Extraction
- Extraction and Reassembly
- Web, SMTP, FTP, and Files
- Beacon Trojan
- Exploit Kits
- SSN/Credit Card Exfiltration
- Developing Basic
2. Host-Based Forensics
- Basic Detection Patterns for Malicious Binaries
- Source Code Exfiltration
- Malware Analysis/Leveraging and Available Tools
- Building Indicators/Using Threat Feeds
- Threat Feed
- Flex Parsing
In addition to lecture and demonstrations, this course includes hands-on exercises which are designed to give you practical experience.