Entry Point

What to expect

This course will focus on introducing topics with brief lectures, followed by hands-on exercises to further explore those topics. During the exercises, instructors and teaching assistants will be available to answer questions and provide guidance. The class will culminate in the student using the skills they developed to investigate a mock incident from start to finish.
Technical Content beginner

Audience

  • Entry Level Network Operation Center Analysts
  • Entry Level Security Operations Center Analysts
  • Managers wanting to gain a basic understanding of security concepts
  • Windows Users interested in security

Applicability

If you looked at the other Cyber Fire course descriptions and are concerned that they are too advanced, you are in the right spot.

If you have basic skills in network protocols, network packet capture, viewing files in hex editors and/or calculating file hashes, you may want to consider one of the more advanced courses.

Objectives

  • Learn to use various analysis tools
  • Perform forensic disk imaging
  • Perform basic file carving
  • Understand network layers
  • Know how to identify common network protocols
  • Understand basics of malware analysis
  • Understand basics of incident reporting

Typical Agenda

Day 0
90m
  • Workstation Introduction
90m
  • File Analysis
90m
  • Host Forensics
  • Forensic Disk Imaging
90m
  • File Carving
Day 1
90m
  • Network Layers
90m
  • Networking Routing
  • Network Packet Capture
90m
  • Network Protocols
  • Network Scanning
90m
  • Malware Analysis
Day 2
2h
  • Incident Reporting
  • Recent Events
4h
  • Mock Incident Practice

Setup

The class requires laptops with virtualization software. We recommend VMWare products such as Workstation Pro or Workstation Player for Windows and Linux or VMWare Fusion for OSX. VirtualBox will work, but you may be limited on advanced virtual machine functionality.

Setup instructions and a link to download the class Virtual Machine will be provided to registrants via the participant portal website prior to the event.