DFIR Training

DESCRIPTION

Memory Forensics is a required skill for digital analysts these days; it is also a needed in order to keep up with advanced attackers.  In addition to attackers avoiding disk, thousands of nodes and BYOD are increasing the complexity of investigations.  Gone are the days when an analyst could examine one machine at a time- results must be quick and precise.  Oftentimes if you are not proactive, you’ve already lost the war before you even knew it was raging.

 

This online course includes roughly 4 days of instructional videos, hands-on labs and assessments, and will level the playing board for those who want to quickly triage and investigate infected machines in their enterprise.  We will also examine several hunting methodologies for finding unknown threats in the enterprise.

​

For more information, contact us.

​

Coming soon!

​

 

TOPICS

​

A sampling of topics include:

​

• Sampling machines across the enterprise.

• Finding attack patterns, hunting and profiling machines.

• Building IOCs and using them across the enterprise.

• Writing plugins, scripts, and using Volatility as a library to build custom tools and for automation.

​​

Contact us for a full course outline!

​

PREREQUISITES

​

None of these are mandatory, but will make the class a little bit smoother for the student:

​

• Some experience with the Volatility Framework or other memory forensics tools would be useful, but not completely necessary.

• Familiarity with command line tools, but not completely necessary.