Whether you are a consultant responding to a client's site, a law enforcement professional assisting cybercrime victims and seeking prosecution of those responsible, an on-staff forensic practitioner, or a member of the growing ranks of threat hunters, this course offers hands-on experience with real-world scenarios that will help take your work to the next level. We cover how to leverage existing infrastructure devices that may contain months or years of valuable evidence as well as how to place new collection platforms while an incident is underway. We will cover the full spectrum of network evidence, including high level NetFlow analysis, low-level pcap-based dissection, ancillary network log examination, and more. You will leave this week with a well-stocked toolbox and the knowledge to use it on your first day back on the job. This course covers the tools, technology, and processes required to integrate network evidence sources into your investigations, with a focus on efficiency and effectiveness. Put another way: Bad guys are talking - we'll teach you to listen. Without command-and-control and data extraction channels, the value of a compromised computer system drops to almost zero. Even if the most skilled remote attacker compromised a system with an undetectable exploit, the system still has to communicate over the network. In FOR572, we focus on the knowledge necessary to examine and characterize communications that have occurred in the past or continue to occur. In these situations and more, the artifacts left behind from attackers' communications can provide an invaluable view into their intent, capabilities, successes, and failures. Still others engage with an adversary in real time, seeking to contain and eradicate the attacker from the victim's environment. Others focus on post-incident investigations and reporting. Many investigative teams are incorporating proactive threat hunting to their skills, in which existing evidence is used with newly-acquired threat intelligence to uncover evidence of previously-unidentified incidents. Its evidence can provide the proof necessary to show intent, uncover attackers that have been active for months or longer, or may even prove useful in definitively proving a crime actually occurred.įOR572: ADVANCED NETWORK FORENSICS: THREAT HUNTING, ANALYSIS AND INCIDENT RESPONSE was designed to cover the most critical skills needed for the increased focus on network communications and artifacts in today's investigative work, including numerous use cases. Whether you handle an intrusion incident, data theft case, employee misuse scenario, or are engaged in proactive adversary discovery, the network often provides an unparalleled view of the incident. Endpoint forensics will always be a critical and foundational skill for this career but overlooking their network communications is akin to ignoring security camera footage of a crime as it was committed. It is exceedingly rare to work any forensic investigation that doesn't have a network component. Incorporate network evidence into your investigations, provide better findings, and get the job done faster. Take your system-based forensic knowledge onto the wire.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |