DFIR370 - Host Intrusion Methodology and Investigation

Have questions about training?   Contact us

Duration: 4 Days

This hands-on course focuses on the forensic assessment of an infected endpoint, utilizing a wide range of analysis techniques on volatile and disk evidence. After purposely infecting virtual systems, students will learn to apply the host intrusion methodology to recover evidence indicating what actions a hacker took against the victim computer.

The course begins with an introduction and explanation of the classroom’s virtual workspace. Instruction addresses topics, such as methods of reconnaissance, in-depth exploration of browser exploits triaging a live host, intrusion analysis methodology, data hiding and phishing techniques, and malware infection. Other areas of study include performing collections with various investigation techniques, and escalating privileges.

Students will take part in real-world scenarios by performing several different types of attacks on a mock victim machine and then examine the victim computer using OpenText™ EnCase™ software to identify the artifacts left behind by the attacker. Many different types of tools and programs will be demonstrated and used during the course.

In addition to the various hacker tools, students will also utilize and discuss a variety of forensic tools, including EnCase software, the direct network preview, and network intrusion EnScript™ programs for live incident response and collection/analysis of volatile data.

Delivery method: Group-Live. NASBA defined level: advanced

CPE Credits - 32

Audience

This course is intended for corporate and government/law enforcement investigators, legal professionals, and network security personnel. Incident response supervisors and team members are encouraged to attend, as are individuals working in a penetration testing or network intrusion investigation role. An understanding of the concepts of computer forensics and familiarity with the EnCase Forensic software is required. Knowledge of computer networking hardware, protocols, and concepts is helpful, but not required. Class curriculum is designed to provide a good overview of network security and intrusion investigation issues, both from a forensic and intruder perspective.

Prerequisites

DF320-Advanced Analysis of Windows Artifacts with EnCase course or IR250-Incident Investigation course or CFSR Certification. Students should have a good understanding of network topology and TCP/IP. Advance preparation for this course is not required.

Pricing

Format Currency Price
Per Student at OpenText Site 2,800.00
Per Student at OpenText Site GBP 2,200.00
Per Student at OpenText Site USD 3,200.00

Taxes: All prices exclude VAT or other taxes where applicable (all currencies).

Extra expenses: Customer site course prices do not include instructor travel expenses, which are billed separately.

Reservations: Please provide a minimum of 3 weeks advance notice when arranging courses at customer sites.

Course and workshop calendar

Below is a listing of all the currently available dates and locations for this course or workshop from OpenText.

Start Date End Date Start Time TimeZone Session Duration Language Location Price Currency Guaranteed To Run Add
Aug 16, 2022 Aug 19, 2022 08:00 (UTC+01:00) Europe/London (BST) Full Day English Virtual Classroom - Europe GSI UK Time 2,200.00 GBP Add to cart
Aug 16, 2022 Aug 19, 2022 08:00 (UTC+01:00) Europe/London (BST) Full Day English GSI-Reading, UK 2,200.00 GBP Add to cart
Oct 11, 2022 Oct 14, 2022 08:00 (UTC-07:00) America/Los_Angeles (PDT) Full Day English GSI-Pasadena, CA 3,200.00 USD Add to cart
Oct 11, 2022 Oct 14, 2022 08:00 (UTC-07:00) America/Los_Angeles (PDT) Full Day English Virtual Classroom - North America GSI Pacific Time 3,200.00 USD Add to cart
Dec 13, 2022 Dec 16, 2022 08:00 (UTC-05:00) America/New_York (EST) Full Day English GSI-Gaithersburg, MD 3,200.00 USD Add to cart
Dec 13, 2022 Dec 16, 2022 08:00 (UTC-05:00) America/New_York (EST) Full Day English Virtual Classroom - North America GSI Eastern Time 3,200.00 USD Add to cart