FIRE: Forensics and Incident Response Education
The Forensics and Incident Response Education (FIRE) course offered by Foundstone® Services is a defensive weapon to help you normalize your environment after a negative event has occurred. Hackers and disgruntled employees are using sophisticated tools and backdoor programs to steal your intellectual property and expose sensitive information - and they can cover their tracks in the process. In this course, we provide you with the forensic techniques to identify, respond to, and recover from both an insider and outsider attack.
This comprehensive, technically detailed course enables you to successfully respond to incidents and reinforces your security posture.
ACHTUNG: Die Kurssprache ist ausnahmsweise Englisch.
Zielgruppe
System- und Netzwerk Administratoren
Unternehmens-Sicherheitspersonal
Wirtschaftsprüfer
Strafverfolgungsbeamte
Berater (Consultants) mit Verantwortung der Ermittlung von Netzwerkeinbrüchen.
Voraussetzungen
Grundlegendes Verständnis von Unix, Windows OS, Computer Forensiker und TCP/IP Netzwerk ist erforderlich, damit der Kurs vollumfänglich von Nutzen ist.
Trainingsinhalte
Introduction:
Overview of Course Content and Format
Principles of Forensics and IR
Preparation:
Data Collection Techniques
Forensic Hardware
Chain of Custody
Basic Incident Response Process
Pre-Incident Preparation
Documentation Requirements
Malware Strategies:
Common Approaches
Containment and Remediation Strategies
Malware Footprints
Windows Incident Response:
Data Volatility
Installed Software and Hotfixes
Persistence Mechanisms
Windows Audit Policies
Malware Analysis
Prefetch Analysis
The Windows Registry
Windows Event Log Analysis
File Carving and Email Analysis:
File Carving
Email Header Analysis
Determining File Headers
Extraction of Attachments
Extracting Specific File Types
Deleted Files and Recovery
Hash and Timeline Module:
Use of Hash Sets
Adding Hash Sets
Advantages of Timeline
Timeline Creation
Network-Based Monitoring:
Sources of Network Data
PCAP Analysis with Wireshark
Network Footprint
Memory Forensics:
Basics of Memory Acquisition and Analysis
Highlight Power of Memory
Unix and Linux Incident Response:
Live Response Best Practices and Order of Volatility
Following the Process Tree
Unix/Linux File Permissions
Seminarzeiten
- Dauer: 4 Tage
- 1. Tag: 09:30 Uhr bis 17:00 Uhr
- Weitere Tage: 09:00 Uhr bis 17:00 Uhr
- Letzter Tag: 09:00 Uhr bis 17:00 Uhr
Preis pro Person
Preis je Teilnehmer. Inkl. Seminarunterlagen, Pausenverpflegung, Getränke, Mittagessen und Zertifikat. (Halbtages- und Abendveranstaltungen ohne Mittagessen)
TIPP: Bayerische Behörden erhalten Sonderpreise » hier informieren