OverviewFOR572: Advanced Network Forensics: Threat Hunting, Analysis and Incident Response was designed to cover the most critical skills needed for the increased focus on network communications and artefacts in today's investigative work, including numerous use cases. The course will focus on the knowledge necessary to examine and characterise communications that have occurred in the past or continue to occur. Even if the most skilled remote attacker compromised a system with an undetectable exploit, the system still has to communicate over the network. Without command-and-control and data extraction channels, the value of a compromised computer system drops to almost zero. Put another way: Bad guys are talking - we'll teach you to listen. |
Learning OutcomeThis course covers the tools, technology, and processes required to integrate network evidence sources into your investigations, with a focus on efficiency and effectiveness. You will leave this week with a well-stocked toolbox and the knowledge to use it on your first day back on the job. This course will cover the full spectrum of network evidence, including high-level NetFlow analysis, low-level pcap-based dissection, ancillary network log examination, and more. This course will also cover how to leverage existing infrastructure devices that may contain months or years of valuable evidence as well as how to place new collection platforms while an incident is underway. |
Who should Attend?
|
Eligibility CriteriaIn FOR572, we solve the same caliber of real-world problems without any convenient hard drive or memory images. Whether you are a consultant responding to a client's site, a law enforcement professional assisting victims of cybercrime and seeking prosecution of those responsible, or an on-staff forensic practitioner, this course offers hands-on experience with real-world scenarios that will help take your work to the next level.
|
This course is endorsed under Critical Infocomm Technology Resource Programme Plus (CITREP+) Programme. To find out more about CITREP+ Funding, please refer to Programme Support under CITREP+ page |
Information is accurate as of 13 June 2020