Network Forensics and Investigation II

PT26895
Summary
Building on the skills developed in the previous course, students will learn how to use advanced features in tools such as Elastic, Wireshark, Zeek and Suricata, how to apply threat intelligence to enrich analysis and direct response actions, and how to identify and investigate more complex or hard-to-detect intrusions. This course covers malicious actions from across the attacker lifecycle, from initial reconnaissance and access through to activities such as data exfiltration and command-and-control traffic attributed to botnets or APTs.
Prerequisites
Before taking this course, students should have:
  • Thorough knowledge of TCP/IP networking
  • Successful completion of Network Forensics and Investigation I course
Duration
5 Days/Lecture & Lab
Audience
  • Network analysts seeking to develop security-related skills
  • Incident responders needing to quickly address system security breaches
  • Penetration testers looking to reduce their detectability
  • Threat operations analysts seeking a better understanding of network intrusions
  • All network administrators needing a better understanding of network security
Topics
  • Identify and analyze events at all stages of the attack lifecycle
  • Apply threat intelligence feeds to focus monitoring, investigation, and hunt activities
  • Detect and investigate tunneling, botnet command and control traffic, and other forms of covert communications being employed in a network
  • Use fingerprinting techniques to detect the use of encrypted traffic flows by malware or an active intruder
  • Accurately correlate and reconstruct multiple stages of malicious activity in order to build a complete picture of the scope and impact of complex network intrusions

Related Scheduled Courses