Forensic Practitioner

Level: Intermediate

Instructor led learning that covers a range key skill such as network forensic, on-host analysis, and malware reverse engineering and prepares candidates for a career in forensics. Candidates will learn common tools and techniques required to conduct analysis of hands on labs.

What Will You Learn?

  • Forensic Practitioner provides candidates the opportunity to learn how to conduct a forensic analysis of hosts and networks.
  • Candidates are taught different infection vectors used by attackers, what suspicious files may look like and potential methods of internal spread and lateral movement.

    Who Should Attend?

    Cyber Security Analysts who conduct investigations into potential incidents and monitor systems and networks.

    Typical candidates consist of:

    • Security Analysts
    • SOC Analysts
    • System Administrators
    • Forensic Investigators

    Recommended Prerequisites

    This course teaches reverse engineering and forensic analysis of hosts and networks however it is recommended that candidates have a high level understanding of the anatomy of an attack.

    It is required that all students have their own system able to install and execute forensic tools.

    Syllabus

    Host Analysis

    • Assessing patch levels
    • Identifying running processes
    • Windows File System
    • Windows File Structures
    • Memory Analysis

    Network Log Sources

    • Proxy logs
    • Windows Event Logs
    • Internet History
    • Firewall Logs

    Network Analysis

    • Exfiltration of Data
    • Beaconing

    Malware Analysis

    • C2 Communication
    • Identifying Suspect Files
    • Extracting information from exe files

    Lateral Movement

    • Internal Movement through networks
    • Privilege Escalation