logo-img

Seat reservation

Oops! No seats reserved yet.
loading..



(603) 852 79 35 akasi-commercial@akasigroup.com 1, Tara boulevard # 101, Nashua NH 03062 United States
(603) 852 79 35 akasi-commercial@akasigroup.com 1, Tara boulevard # 101, Nashua NH 03062 United States
0

Course details

Digital Media Forensics Essentials Labs

Course 00076
Beginner
2 days
PDF
Wishlist:
Share
Category: Gouvernance, Risk and Compliance

Description

Learn the security techniques used by the Internet’s most skilled professionals. This Digital Media Forensics Essentials lab bundle, which includes 19 distinct, hands-on labs, will provide you with an introduction to media collection, imaging and analysis.

What you'll learn

  • Detect, identify, and analyze malicious activityUse detection various tools and tools like Wireshark and Snort to read, capture, and analyze trafficIdentify and remove trojans, malicious files, and/or processes

Pre-requisites

  • • None

Curriculum

Students will use the open source Volatility tool to analyze a memory snapshot and determine what malicious software has infected the victim machine

Students will confirm the validity of event-data analysis to eliminate false-positive events.

Students will run Windows Forensic Toolchest against an existing system to create a baseline that will be used for future analysis.

Students will ingest and process a previously acquired forensic image using Autopsy. The focus of the lab will be on recovering data from the image, reviewing the supplied forensic report and verifying that the image is forensically sound.

In this lab, the student will simulate browsing and downloading a malicious file from a website then learn how to detect the introduction and executions of malicious activity on a Win7 machine

Students will use utilize two virtual machines, inside a protected network, to observe configuration changes on a known good / clean system and all of the unusual network traffic generated by the suspect software they will be analyzing.

Students will identify access to a PFSENSE firewall through the forwarding of SYSLOG (System logs) from a Firewall to the SYSLOG service we have configured and set up on the Network. Students will then identify malicious activity through system logs.

Students will detect malicious files and processes using various tools. Students will then remove the malicious files and/or processes.

Students will identify known IOCs for Stuxnet and save them for analysis. Students will then identify malicious drivers associated with the malware, and identify AES keys in memory

The highest risk systems are the ones with Internet facing Applications. One an attacker from the Internet is able to compromise the internal network, then it is very likely they will attempt to move to other machines on the network.

Students will create a live image using FTK Imager and verify that the image was created successfully.

Students will use FTK Imager Lite to create a forensic image of a Windows 8 workstation. After they create the image they will perform a hash check to ensure that the image that was created is the same as what is currently running on the live system.

This is one of the labs for the Advanced Digital Media Forensics class.

This lab exercise is designed to allow the trainee to become familiar with using Network Miner.

Students will use John the Ripper and Cain and Abel to crack password protected files.

Students will participate in attack analysis/incident response, including root cause determination, to identify vulnerabilities exploited, vector/source and methods used (e.g., malware, denial of service).

In this lab we will replicate the need for Analysts to be able to analyze network traffic and detect suspicious activity. Tools like Wireshark and Snort can be utilized to read, capture, and analyze traffic.

Get this Course

3000,00 €

  • • 2 days instructor-led training course
  • • After-course coaching available

  • • No schedule defined yet