Advanced Host Analysis

Level: Advanced

Instructor led learning that covers the skills required to conduct a forensic assessment of a host. Candidates will gain an understanding of the methods attackers use to hide a compromise and how to identify such an issue.

What Will You Learn?

• The importance of proper processes required when conducting a forensic investigation
• How different OS files are structured
• How to identify the root of an attack
• File and Memory Analysis to determine what malicious actions may have occured

Who Should Attend?

Security consultants and investigators looking to expand their capability to conduct in-depth host assessments
Typical candidates consist of:

• Forensic Analysts
• Incident Responders
• Security Analysts
• Threat Hunters

Recommended Perquisites

This course assumes candidates are familiar with the concepts of a breach and anatomy of an attack.  It is recommended that candidates have experience conducting digital forensic assessments.
It is required that all students are comfortable with whatever OS they choose to use for analysis and are comfortable with command line interfaces.

• Windows File Structures
• Application File Structures
• Windows Registry Essentials
• Identifying Suspect Files
• Memory Analysis
• Infection Vectors
• Malware Behaviours and Anti-Forensics

Syllabus

Conducting an Investigation

• Record Keeping
• Incident Response Plans

Understanding Operating Systems

• Windows File structure
• Windows Registry
• Linux File System

Suspect Files

• Hidden data
• File types
• Metadata

Malware

• Persistence techniques
• File Analysis
• Anti-Forensics

Infection Vectors

• How email works
• Email Recovery
• Identifying the source of an attack
• Web based attacks