Live Chat
Monday - Friday 8am - 6pm EST Chat Now
Contact Us
Monday - Friday 8am - 8pm EST 1-800-268-7737 Other Contact Options
Checkout

Cart () Loading...

    • Quantity:
    • Delivery:
    • Dates:
    • Location:

    $

Focal Point- Windows System Analysis

New – Learn the most useful commands, tools, and techniques that can be employed during an investigation to reveal significant indicators of infiltration and how to create a system baseline for future analysis.

GK# 100220

Course Overview

TOP

Many organizations rely on technology to perform anomaly detection and investigation. But when it comes to identifying and investigating abnormal behavior on a system, there is no substitute for a well-trained analyst. Focal Point - Windows System Analysis teaches students how to identify abnormal activity and investigate a running system that may have been compromised. In this course, students will learn the most useful commands, tools, and techniques that can be employed during an investigation to reveal significant indicators of infiltration and how to create a system baseline for future analysis. This course is primarily focused on the Windows 10 operating system, but includes many tools and techniques that also apply to Windows 7 and more recent versions of the Windows Server.

Practical Scenario:
The practical assessment for this course is an investigation scenario that will require students to use all of the knowledge, skills and abilities acquired during class to remotely analyze a network of systems, identify compromised machines, and remediate as appropriate.

 

Learn more about this topic. View the recorded webinar From Analyst to Threat Hunter.

Schedule

TOP
  • Delivery Format:
  • Date:
  • Location:
  • Access Period:

$

Class is Full
This session is full. Please select a different session.

What You'll Learn

TOP

In this class you will learn:

  • Identify the core components of the Windows operating system and ascertain their current state using built-in or other trusted tools
  • Analyze a running system and detect abnormal behavior relating to processes, DLLs, network connections, the registry and Windows services
  • Use event log analysis to verify and correlate the artifacts of anomalous behavior, and determine the scope of an intrusion
  • Use PowerShell to interact with the operating system and build scripts to automate repetitive analytic tasks
  • Create and use a system baseline to identify unexpected items such as rogue accounts or configuration changes
  • Conduct remote investigations of potentially compromised Windows workstations and servers

Course Outline:

  1. OS Overview
  2. Processes
  3. Dynamic Linked Libraries (DLLs)
  4. Network Connections
  5. The Registry
  6. Services
  7. Logs and Timelines
  8. PowerShell Basics
  9. Querying the Operating System
  10. Scripting with PowerShell
  11. Baselining with PowerShell
  12. Remote Administration

Labs:

  1. OS Familiarization
  2. Process Explorer Familiarization
  3. Process Scenario
  4. Inspecting DLLs
  5. Memory Mapping
  6. Process Injection
  7. TCPView and Netstat
  8. Registry Familiarization
  9. Registry Analysis
  10. Analyzing Services

Prerequisites

TOP
  • This is an introductory course ideal for those seeking a career in malware analysis, incident response, or digital forensics.
  • Students should be familiar with the general use of Windows systems, including the command line interface, and have at least a basic understanding of TCP/IP networking

Who Should Attend

TOP
  • Novice Malware Analysis 
  • Incident Response Team Members
  • Network Security Professionals
  • Forensic Analysis

Follow-On Courses

TOP
Course Delivery

This course is available in the following formats:

Virtual Classroom Live

Experience expert-led online training from the convenience of your home, office or anywhere with an internet connection.

Duration: 5 day

Classroom Live

Receive face-to-face instruction at one of our training center locations.

Duration: 5 day

Request this course in a different delivery format.
Enroll