This three-day instructor-led course covers the fundamentals of computer forensics investigation, including legal and ethical considerations.
Hands-on activities span the entire forensics process, beginning with a FireEye-generated Alert, leading to discovery and analysis of the host for evidence of malware and other unwanted intrusion, culminating with a report of the findings.
Analysis of computer systems will be performed using freely available tools.
Upon completion of the course the learner should be able to:
- Describe the basic ethics and laws of computer/malware forensics
- Describe methods of criminal, civil and administrative investigations
- Demonstrate the ability to plan, execute and report on a digital forensic examination
- Legal and Ethical Principles
- What is Forensics?
- Overview of the legal requirements and authority to proceed
- How to be ethical in your examination
- Methods of forensics
- How to plan an examination
- Order of volatility
- The level of the examination, hypothesis and reporting
- Forensic science
- Review of Alerts
- The OS change report
- Identifying where to look and what to look for
- Live Analysis Forensics
- Creating working copies
- Extracting memory
- Working with ‘live’ systems and malware
- 28 steps, alert to report
- Memory Forensics
- Examining the memory image
- Collating evidence
- OS Artifacts
- Architecture of the media
- How files are stored
- On-disk Forensics
- Discovery of items on the disk
- Reporting findings
Lessons are typically a blend of lecture and hands-on lab activities.
- Completion of the FireEye Alerts Analysis course
- Windows systems administration skills
- Familiarity with basic CLI commands
Network security professionals and incident responders.