This course is already delivered, please contact us for the next available session tel:+357 22 44 14 92
Overview:
On this technical, highly practical course, delegates will be guided through a real¬world style scenario featuring extensive “hands¬on” learning throughout. Delegates will forensically investigate a compromised server from both an attacker’s and an investigator’s perspective.
Who Should Attend:
Those with an interest in or responsibility for forensic malware investigation, including:
•Forensic & Network Investigators
•Information Security Professionals
•IT Security Officers
•Law Enforcement Officials
•Computer Auditors
•Crime Prevention Officers
At Course Completion:
•The fundamentals of security incidents, and their • impact on business continuity
•Prevention techniques to protect a company from • serious computer security incidents
•Principles and general guidelines surrounding • incident response investigation
•How to approach forensic investigation from an • incident response perspective, including live analysis of servers
•The most up¬to¬date incident investigation techniques
•Information Gathering, Remote Acquisition, External Scanning, Internal Scanning, Analysis and Containment techniques
Outline:
ForensicAcquisition
•Deal with systems that cannot be shut down for a •variety of reasons, including encryption, business criticality and lack of physical access
•Acquire images of live Windows and Linux servers across networks utilising a variety of tools
•Harvest data from firewalls and routers, where traditional imaging often fails
Vulnerability Scanning
•Communication protocols, hacking methodologies & techniques
•Advanced hacking techniques, including hacking •web applications & client side attacks
•Commonly used vulnerability scanning & penetration • testing tools
ADVANCED DATA ANALYSIS
•Conduct analysis of Acquired Data, Live Data, Log Files, Database Structures and Source Code
•Utilize a variety of tools to extract relevant data quickly and effectively from complex technical sources
CONTAININGTHEINCIDENT
•Applying newly acquired techniques to contain and risk manage the incident
•Balance the containment of an incident with the forensic recovery of the associated data