Må vi gemme en cookie?

Vi bruger cookies for at forbedre din oplevelse af vores hjemmeside, målrette indhold samt statistik. Læs mere om cookies

Kurser

Kursusadministration

Brug for hjælp?

  • Gregersensvej 8
  • 2630 Taastrup
Google MapsApple MapsRejseplanen
  • Forskerparken Fyn, Forskerparken 10F
  • 5230 Odense M
Google MapsApple MapsRejseplanen
  • Teknologiparken Kongsvang Allé 29
  • 8000 Aarhus C
Google MapsApple MapsRejseplanen
  • NordsøcentretPostboks 104
  • 9850Hirtshals
Google MapsApple MapsRejseplanen
  • Gammel Ålbovej 1
  • 6092Sønder Stenderup
Google MapsApple MapsRejseplanen

Masterclass: Forensics and Incident Handling

Forensics og Incident Handling er i konstant udvikling og vigtige emner inden for cybersikkerhed. Kurset giver de færdigheder, der er nødvendige for at finde, indsamle og opbevare data på en korrekt måde, analysere dem og lære så meget om hændelsen som muligt. I dag er det vigtigt at være konstant forbedret og opdateret, så du ikke bliver overhalet af hackerne.

This is an intense hands-on course covering the general approach to forensics and incident handling, network forensics, important aspects of Windows internals, memory and storage analysis, detecting indicators of compromise and a proper way of reporting.

Deltagerprofil

IT professionals, Forensics and Incident Handling Specialists, Security Consultants, Enterprise Administrators, Infrastructure Architects, Security Professionals, Systems Engineers, Network Administrators and other people responsible for implementing network and perimeter security.

Indhold

Module 1: Introduction to Incident Handling
  • Types and Examples of Cybersecurity Incidents
  • Signs of an Incident
  • Incident Prioritization
  • Incident Response and Handling Steps
  • Procedures and Preparation
Module 2: Securing Monitoring Operations
  • Industry Best Practices
  • Detecting Malware via DNS logs
  • Configuration Change Management
  • Leveraging Proxy and Firewall Data
  • Monitoring Critical Windows Events
  • Detecting Malware via Windows Event Logs
Module 3: Network Forensics and Monitoring
  • Types and approaches to network monitoring
  • Network evidence acquisition
  • Network protocols and Logs
  • LAB: Detecting Data Thievery
  • LAB: Detecting WebShells
  • Gathering data from network security appliances
  • Detecting intrusion patterns and attack indicators
  • Data correlation
  • Hunting malware in network traffic
  • Encoding and Encryption
Module 4: Windows Internals
  • Introduction to Windows Internals
  • Fooling Windows Task Manager
  • Processes and threads
  • PID and TID
  • Information gathering from the running operating system
  • Obtaining Volatile Data
  • A deep dive to Autoruns
  • Effective permissions auditing
  • PowerShell get NTFS permissions
  • Obtaining permissions information with AccessChck
  • Unnecessary and malicious services
  • Detecting unnecessary services with PowerShell
Module 5: Memory Dumping and Analysis
  • Introduction to memory dumping and analysis
  • Creating memory dump - Belkasoft RAM Capturer and DumpIt
  • Utilizing Volatility to analyze Windows memory image
  • Analyzing Stuxnet memory dump with Volatility
  • Automatic memory analysis with Volatile
Module 6: Indicators of compromise
  • Yara rules language
  • Malware detonation
  • Introduction to reverse engineering
Module 7: Storage Acquisition and Analysis
  • Introduction to storage acquisition and analysis
  • Drive Acquisition
  • Mounting Forensic Disk Images
  • Introduction to NTFS File System
  • Windows File System Analysis
  • Autopsy with other filesystems
  • Building timelines
Module 8: Reporting – Digital Evidence
  • This module covers the restrictions and important details about digital evidence gathering. Moreover, a proper structure of digital evidence report will be introduced.
Examples of tools, software and examples used during the course
  • Belkasoft RAM Capturer
  • Wireshark
  • Volatility
  • The Sleuth Kit® (TSK)
  • Autopsy
  • DumpIt
  • DC3DD
  • Arsenal Image Mounter
  • Reclaim Me
  • ReFS Images
  • SysInternals Toolkit -
  • ShadowCopyView
  • RegRipper
  • Rifiuti2
  • Registry Explorer/RECmd
  • FullEventLogView
  • EVTXtract
  • Loki IOC Scanner
  • Yara
  • LECmd
  • LinkParser
  • PECmd
  • SkypeLogViewer
  • SQLiteBrowser
  • NetWork Miner
  • StuxNet Memory Dump

Materiale

Author’s unique tools, virtual lab environment, hands-on exercises, presentation slides with notes.

CPE Point (Continuing professional education)

It will be possible to earn CPE points after completion this course.

Underviser

Underviser Krystian Zieja
Krystian Zieja is a professional Infrastructure and Database Consultant with over 15 years of extensive experience in designing IT solutions. His practice spans from teaching Oracle Courses in OAI at University, to providing services for big public and consulting companies serving clients from four continents. Being a holder of numerous IT certificates such as OCP, MCSE, MCDBA and CISP, he is highly skilled in management as well as in programming SQL and NOSQL databases.

Har du faglige spørgsmål, så kontakt:
Andre kigger også på