ＨｉｄｅＺｅｒｏＯｎｅ

Incident responders are continually faced with the challenge of collecting and analyzing relevant event data—network communications is no exception. This course uses an assortment of network data acquisition tools and techniques with a focus on open-source, vendor-neutral solutions. Students who take this course will learn how to perform network traffic and protocol analysis that ultimately supports cybersecurity incident response efforts. From reconnaissance to data exfiltration, network traffic scales to provide a bird’s-eye view of attacker activity. Leveraging the vantage point of key network traffic chokepoints, this course explores nearly every phase of an attacker’s methodology. Students will learn network traffic analysis concepts and work through hands-on lab exercises that reinforce the course material using real-world attack scenarios.

Antisyphon: Network Forensics and Incident Response w/ Troy Wojewoda

FOR608: Enterprise-Class Incident Response & Threat Hunting focuses on identifying and responding to incidents too large to focus on individual machines. By using example tools built to operate at enterprise-class scale, students learn the techniques to collect focused data for incident response and threat hunting, and dig into analysis methodologies to learn multiple approaches to understand attacker movement and activity across hosts of varying functions and operating systems by using an array of analysis techniques.

FOR608.1: Proactive Detection and Response
FOR608.2: Scaling Response and Analysis
FOR608.3: Modern Attacks against Windows and Linux DFIR
FOR608.4: Analyzing macOS and Docker Containers
FOR608.5: Cloud Attacks and Response
FOR608.6: Capstone: Enterprise-Class IR Challenge

FOR608: Enterprise-Class Incident Response & Threat Hunting

For most security teams, high operational tempo (measured in dumpster fire lumens) incentivizes analysts to stick to well-tailored playbooks that prioritize remediation at the expense of proper incident scoping and root cause analysis. Though modern endpoint security products have significantly improved host visibility, most critical incidents will require the acquisition and analysis of additional endpoint data. This course focuses on four core investigative competencies: endpoint data collection, investigative triage, incident response pivots, and root cause analysis.

Antisyphon: Advanced Endpoint Investigations

FOR585 is continuously updated to keep up with the latest malware, smartphone operating systems, third-party applications, acquisition shortfalls, extraction techniques (jailbreaks and roots) and encryption. It offers the most unique and current instruction to arm you with mobile device forensic knowledge you can immediately apply to cases you’re working on the day you get back to work.

FOR585.1: Smartphone Overview, Fundamentals of Analysis, SQLite Introduction, Android Forensics Overview, and Android Backups
FOR585.2: Android Forensics
FOR585.3: iOS Device Forensics
FOR585.4: iOS Backups, Malware and Spyware Forensics, and Detecting Evidence Destruction
FOR585.5: Third-Party Application Analysis
FOR585.6: Smartphone Forensic Capstone Exercise

FOR585: Smartphone Forensic Analysis In-Depth

Memory Forensics In-Depth provides the critical skills necessary for digital forensics examiners and incident responders to successfully perform live system memory triage and analyze captured memory images. The course uses the most effective freeware and opensource tools in the industry today and provides an in-depth understanding of how these tools work. FOR526 is a critical course for any serious DFIR investigator who wants to tackle advanced forensics, trusted insider, and incident response cases.

Syllabus 

FOR526.1: Foundations in Memory Analysis and Acquisition

FOR526.2: Unstructured Analysis and Process Exploration

FOR526.3: Investigating the User via Memory Artifacts

FOR526.4: Internal Memory Structures

FOR526.5: Memory Analysis on Platforms Other than Windows

FOR526.6: Memory Analysis Challenge

FOR526: Advanced Memory Forensics & Threat Detection