Training Courses
Malware Analysis and Memory Forensics
|
Duration | 1 day |
Description | It will introduce concepts, tools and techniques used for Memory Forensics. At the beginning, the trainer will introduce the basic concepts of memory forensics, such as acquisition of memory and its analysis. Next, the participants will learn how to acquire memory images from Windows and Linux operating systems. In the following parts, the students will perform basic analysis tasks while working with Windows and Linux memory dumps. After the analysis tasks, the students are confronted with advanced analysis techniques, such as identifying and isolating a malware sample from a given memory image. Using the provided virtual machine, the participants will be able to follow a hands-on tutorial. More info can be found here. |
|
Training Resources |
Mobile Threats and Incident Handling
|
Duration | 1 Day |
Description | The contents of this course on mobile threats and incident handling will introduce concepts, tools and techniques used for Mobile Incident Handling. The students will familiarise themselves with the risks found on Mobile platforms and ways of identifying and mitigating such risks. During the training, participants will learn about different tools available for artefact analysis on the Android operating system. Using the provided virtual machine, the participants will be able to follow a hands-on tutorial. |
|
Training Resources |
Introduction to Network Forensics
|
Duration | 1,5 Days |
Description |
Network forensics is more important than ever, since more and more data is being sent via networks and the internet. When there is a security incident, network forensics can help reduce the time needed to go from Detection to Containment – an essential step in any major security incident. When used proactively, network forensics provides a better picture of what your network’s ‘normal’ traffic looks like, leading to more intelligent alerting and less false positives. The training consists mainly of half a day of general theoretical introduction to network forensics (with focus on the use cases of day 2) and of exercises focused on logging and monitoring, detection, and analysis or data interpretation. For example, one exercise deals with an attack on an ICS/SCADA environment in the energy sector. It starts with the preparation phase and it is followed by the incident analysis and post-incident activity. Other scenarios within the training refer to how to detect “exfiltration” in a large finance corporation environment, or the analysis of an airport third-party VPN connection compromise.
|
|
Training Resources |
Incident Management: A Ransomware Walkthrough
|
Duration | 4 Hours |
Description | The Incident Management course was created on November 2017, and gives the students an insight on the basics of defending an infrastructure, and a throughout review of the incident lifecycle – detailing all steps and taking audience through a case study with multiple choice questions that provoke discussion. Discussions are controversial and they show that there is not always a one-size-fits-all approach in Incident Response. |
|