Courses & Workshops
Have questions about training? Contact us
DFIR370 - Host Intrusion Methodology and Investigation
Duration: 4 Days
This hands-on course is designed for investigators who want to learn more about the methodology of host intrusions and the forensic artifacts left behind. This course goes into not only the technical aspects of host intrusions, but also discusses the methodology commonly used by attackers.
The course begins with an introduction and explanation of the classroom’s virtual workspace. Instruction addresses topics, such as methods of reconnaissance, in-depth exploration of browser exploits triaging a live host, intrusion analysis methodology, data hiding and phishing techniques, and malware infection. Other areas of study include performing collections with EnCase® Portable, various investigation techniques, and escalating privileges.
The course combines forensic examinations with live incident response in a network environment. Students learn how to examine a compromised server or workstation in the field to obtain and analyze host, network, volatile data, and log artifacts.
Students will take part in real-world scenarios by performing several different types of attacks on a mock victim machine and then examine the victim computer using EnCase® Forensic to identify the artifacts left behind by the attacker. Many different types of tools and programs will be discussed and used during the course.
In addition to the various hacker tools, students will also utilize and discuss a variety of forensic tools, including EnCase Forensic, the direct network preview, and network intrusion EnScript® programs for live incident response and collection/analysis of volatile data.
Delivery method: Group-Live. NASBA defined level: advanced
CPE Credits - 32
This course is intended for corporate and government/law enforcement investigators, legal professionals, and network security personnel. Incident response supervisors and team members are encouraged to attend, as are individuals working in a penetration testing or network intrusion investigation role. An understanding of the concepts of computer forensics and familiarity with the EnCase® Forensic software is required. Knowledge of computer networking hardware, protocols, and concepts is helpful, but not required. Class curriculum is designed to provide a good overview of network security and intrusion investigation issues, both from a forensic and intruder perspective.
DF320-Advanced Analysis of Windows Artifacts with EnCase® or EnCase® Advanced Computer Forensics course or Incident Investigation or EnCE Certification. Students should have a good understanding of network topology and TCP/IP. Advance preparation for this course is not required.
The course will cover the following topics:
- Conducting reconnaissance activities and using honey networks
- The life cycle of a cyber attack and the anatomy of a browser exploit
- Conducting a triage of a live host
- Understanding and establishing a viable methodology for intrusion analysis
- Data hiding and phishing activities
- Identifying and combatting malware infections
- Analysis of compromised systems of remote access software and drive by web browser exploits
- Analysis of memory, event logs, packet captures, and malware
- Use of tools to escalate privileges and to enhance user capabilities
|Per Student at Open Text Site||€||2,713.50|
|Per Student at Open Text Site||GBP||2,378.50|
|Per Student at Open Text Site||USD||3,350.00|
Taxes: All prices exclude VAT or other taxes where applicable (all currencies).
Extra expenses: Customer site course prices do not include instructor travel expenses, which are billed separately.
Reservations: Please provide a minimum of 3 weeks advance notice when arranging courses at customer sites.
Course & Workshop Calendar
Below is a listing of all the currently available dates and locations for this course and/or workshop from Open Text.
Selection & Registration Process
Before you can register for a course or workshop, you need to select which one you want to attend. To do this, simply click on the "Add to cart" link and it will be added to your shopping cart.
Note: After clicking on the "Add to cart" link, you will be taken to the main course and workshop selection page where all of the courses and workshops you have added to your shopping cart will appear at the top of the page.
Once you have selected all the courses and workshops you want to attend, simply select the "Check-out link and complete the registration form.
|Date||Course Type||Course Name||Language||Location||Price||Add|
|Nov 27, 2018||On-site||DFIR370 - Host Intrusion||English||GSI-Reading||2,378.50||Add to Cart|
|Dec 11, 2018||On-site||DFIR370 - Host Intrusion||English||GSI-Washington, DC||3,350.00||Add to Cart|
|Dec 18, 2018||On-site||DFIR370 - Host Intrusion||English||GSI-Pasadena||3,350.00||Add to Cart|
|Dec 18, 2018||On-site||DFIR370 - Host Intrusion||English||Virtual Classroom - North America GSI Pacific Time||3,350.00||Add to Cart|
|Feb 19, 2019||On-site||DFIR370 - Host Intrusion||English||GSI-Reading||2,378.50||Add to Cart|
|Feb 26, 2019||On-site||DFIR370 - Host Intrusion||English||GSI-Washington, DC||3,350.00||Add to Cart|
|Feb 26, 2019||On-site||DFIR370 - Host Intrusion||English||Virtual Classroom - North America GSI Eastern Time||3,350.00||Add to Cart|
|Mar 26, 2019||On-site||DFIR370 - Host Intrusion||English||GSI-Pasadena||3,350.00||Add to Cart|
|Apr 02, 2019||On-site||DFIR370 - Host Intrusion||English||Virtual Classroom - North America GSI Pacific Time||3,350.00||Add to Cart|
|Jun 04, 2019||On-site||DFIR370 - Host Intrusion||English||GSI-Washington, DC||3,350.00||Add to Cart|
|Jun 04, 2019||On-site||DFIR370 - Host Intrusion||English||Virtual Classroom - North America GSI Eastern Time||3,350.00||Add to Cart|
|Jun 11, 2019||On-site||DFIR370 - Host Intrusion||English||GSI-Reading||2,378.50||Add to Cart|