Finding malware activity, malicious actors, and insiders through computer evidence can be a challenge. Start with understanding data volatility, how to capture the most volatile data, and less volatile data, then move into understanding that data. Looking at processes, open ports, network communication, registry artifacts, file system artifacts, data exfiltration, persistence mechanisms, loaded drivers, and more.
What to expect
The class contains demos that will be walked through and explained using one piece of evidence followed by mini labs where you will use the same concepts learned in the demo on mock incident data looking for items of interest. Classes follow the general Cyber Fire Foundry schedule, starting in the morning, ending in the afternoon with a break in the morning, a lunch break, and an afternoon break.
Who should attend?
- Security operation center staff
- Incident responders
- Reverse engineers
- Software engineers
- System Administrators
- Site Reliability Engineers
Is this the right class for me?
This class is geared toward anybody wishing to learn more about forensic
artifacts from Windows systems, how Windows operates internally, and common
file systems. This includes incident responders, security operations center
staff, red teamers, penetration testers, computer technicians looking to
start in forensics, and more.