Advanced Host Analysis

Provided by

About the course

Level: Advanced

Instructor led learning that covers the skills required to conduct a forensic assessment of a host. Candidates will gain an understanding of the methods attackers use to hide a compromise and how to identify such an issue.

What Will You Learn?

  • The importance of proper processes required when conducting a forensic investigation
  • How different OS files are structured
  • How to identify the root of an attack
  • File and Memory Analysis to determine what malicious actions may have occured

Who Should Attend?

Security consultants and investigators looking to expand their capability to conduct in-depth host assessments
Typical candidates consist of:

  • Forensic Analysts
  • Incident Responders
  • Security Analysts
  • Threat Hunters

Recommended Perquisites

This course assumes candidates are familiar with the concepts of a breach and anatomy of an attack.  It is recommended that candidates have experience conducting digital forensic assessments.
It is required that all students are comfortable with whatever OS they choose to use for analysis and are comfortable with command line interfaces.

  • Windows File Structures
  • Application File Structures
  • Windows Registry Essentials
  • Identifying Suspect Files
  • Memory Analysis
  • Infection Vectors
  • Malware Behaviours and Anti-Forensics


Conducting an Investigation

  • Record Keeping
  • Incident Response Plans

Understanding Operating Systems

  • Windows File structure
  • Windows Registry
  • Linux File System

Suspect Files

  • Hidden data
  • File types
  • Metadata


  • Persistence techniques
  • File Analysis
  • Anti-Forensics

Infection Vectors

  • How email works
  • Email Recovery
  • Identifying the source of an attack
  • Web based attacks


Related article

As the computing industry continues to evolve, graduates in this field can expect to benefit from rewarding salaries and opportunities to work