Courses & Syllabi

Overview ofHands-On How-To Training Courses :

NetSecurity's Hands-On How-To® Training courses are tailored to IT security, forensics, and auditing professionals who need to know the step-by-step and how-to process for securing, investigating, and auditing or assessing various IT environments. Each course provides students with a simulation of real-world issues and offers the opportunity to "learn-by-doing." Topics are laden with Hands-On How-To Lab Exercises (HOHTLEs) of real-world issues. HOHTLEs are performed by each student to demonstrate mastery of covered topics. In addition, we provide students with relevant tools, products, guides, resources, and references for accomplishing tasks efficiently. These take-aways are quick and easy references for use in the field.

NetSecurity’s Hands-On How-To® Training and education courses and classes, include Cyber Security, Digital Computer Forensics Investigation, Malware Analysis, Cyber Crime Security Incident Response, Memory Forensics, Malicious Document Analysis, and e-Discovery Training. Our proprietary step-by-step non-certification training teaches you the emerging tools, techniques, and skills for solving real-world security and forensics challenges.

Our classes are listed below on this page:
Hands-On How-To Computer Forensics for Attorneys (CLE) Training Course/Class:
Syllabus:Detailed syllabus is available.
Course Overview:

Digital information continues to grow at an exponential rate. Data is no longer stored solely in computer hard drives, backup tapes, or compact discs (CDs). With the growth of emerging portable data and storage devices, such as portable digital assistants (PDAs), cell phones, and Blackberry devices, crucial information can be anywhere and easily passed from device-to-device. Information stored in these changing media can be crucial sources of evidence in corporate, civil, and criminal investigations.

Moreover, cyber criminals are continuously crafting ways to evade existing forensics tools and techniques. NetSecurity's Computer Forensics Training for Attorneys course teaches legal professionals the process of locating, acquiring, preserving, analyzing, and producing solid digital evidence that can make the difference between winning and losing a case. The Hands-On How-To Lab Exercises (HOHTLEs) covered in the course incorporate significant real-world experiences necessary to prepare or scrutinize a forensics investigator.

NetSecurity Benefits:

Through years of real-world hands-on security and forensics experience, NetSecurity has supported Fortune 500 companies, law firms, and federal agencies — such as the IRS, DHS , VA , BBG, DOL, NSF, and DoD.

The benefits of our Computer Forensics Training for Attorneys include:

  • Customized private sessions, tailored towards your unique requirements
  • Instructor-led and student-performed hands-on exercises
  • Seasoned security and forensics experts with
  • No Crash Courses...
    • Real-world hands-on consulting and training experience
    • Media publication and industry speaking experience
  • Arsenal of take-aways (guides and relevant forensics resources)
  • Up-to-date course content, addressing emerging forensics topics
  • Small class sizes ensuring maximum student-instructor interaction
  • Vendor-neutral content
Target Audience:

The course is targeted towards technical professionals, including:

  • Cyber Crime Attorneys
  • Paralegal Professionals
  • Magistrates/Judges
  • Private investigators
  • Compliance Officers
Course Format:
  • Interactive presentations by forensics expert
  • Hands-On How-To Lab Exercises (HOHTLEs) in performing computer forensics

Course Duration:Two (2) Days

Course Cost:CALL

Course Objectives:

Upon successful completion of the Computer Forensics Training for Attorneys course, each participant will be armed with the required knowledge to understand and analyze computer evidence that can withstand legal scrutiny. Attendees will also learn to dissect evidence produced by opposing counsel. Specifically, attendees will possess relevant knowledge in:

  • Tried and proven forensics investigation processes
  • Evidence authentication, handling, preservation, and security
  • Common mistakes to avoid in an investigation
  • Preparing your own experts and scrutinizing those of opposing expert teams
  • Getting an organization ready for forensics investigations and e-discovery
Course Topics:

NetSecurity’s Computer Forensics Training for Attorneys course includes coverage of real-world scenarios and HOHTLEs in the following areas:

Course Topics:

NetSecurity's Memory Forensics course includes in-depth coverage of real-world scenarios and HOHTLEs.

Topics Discussion and HOHTLEs
Computer Overview
  • Computer Fundamentals
  • Computer Storage Media
  • Mobile Storage Devices
  • Computer Networks
  • Computer Hacking Overview
Forensics Overview
  • Computer Forensics Fundamentals
  • Benefits of Computer Forensics
  • Computer Crimes
  • Computer Forensics Evidence and the Courts
  • Legal Concerns and Privacy Issues
Forensics Process
  • Forensics Investigation Process
  • Securing the Evidence and Crime Scene
  • Chain of Custody
  • Law Enforcement Methodologies
Forensics Evidence
  • Evidence Sources
  • Evidence Duplication, Preservation, Handling, and Security
  • Forensics Soundness
  • Forensics Soundness
  • Order of Volatility of Evidence
  • Collection of Evidence on a Live System
  • Court Admissibility of Volatile Evidence
Forensics Readiness
  • Benefits of Forensic Readiness
  • Preparing an Organization for Forensics Investigations
  • Managing an Investigation
Forensics Lab
  • Benefits of a Computer Forensics Lab
  • Forensics Lab Requirements
  • CSecuring the Forensics Lab
Acquisition and Duplication
  • Sterilizing Evidence Media
  • Acquiring Forensics Images
  • Acquiring Live Volatile Data
Data Analysis
  • Metadata Extraction
  • File System Analysis
  • Performing Searches
  • Recovering Deleted, Encrypted, and Hidden files
Internet Forensics
  • Reconstructing Past Internet Activities and Events
  • E-mail Analysis
  • Messenger Analysis: AOL, Yahoo, MSN, and Chats
Mobile Device Forensics
  • Evidence in Cell Phone, PDA, Blackberry, iPhone, iPod, iPad, Android, and MP3
  • Evidence in CD, DVD, Tape Drive, USB, Flash Memory, Digital Camera
  • Evidence in other emerging mobile devices
Court Testimony
  • Testifying in Court
  • Expert Witness Testimony
  • Evidence Admissibility
E-Discovery
  • Federal Rules of Civil Procedure (FRCP)
  • Collection and Preservation of Electronically Stored Information
  • Legal and IT Requirements
  • Developing Computer Investigation and E-Discovery Capabilities

Detailed syllabus is available.

Course Schedule and Registration:

Course schedule and registration information is available here.

Back to Top

Hands-On How-To Computer Forensics Training Course/Class:

Syllabus: Detailed syllabus is available.

Course Overview:

Digital information continues to grow at an exponential rate. Data is no longer stored solely in computer hard drives, backup tapes, or compact discs (CDs). With the growth of emerging portable data and storage devices, such as portable digital assistants (PDAs), cell phones, and Blackberry devices, crucial information can be anywhere and easily passed from device-to-device. Information stored in these changing media can be crucial sources of evidence in corporate, civil, and criminal investigations.

Moreover, forensic investigation is a time-consuming effort that requires specialized expertise, procedures, tools, and real-world knowledge of excavating digital evidence. NetSecurity's Hands-On How-To® Perform Computer Forensics course teaches students the step-by-step process of locating, acquiring, preserving, analyzing, and producing solid digital evidence. The Hands-On How-To Lab Exercises (HOHTLEs) covered in the course incorporate significant real-world experience necessary for delivering world -class results in the field.

NetSecurity Benefits:

Through years of real-world hands-on security and forensics experience, NetSecurity has supported Fortune 500 companies and federal agencies such as the IRS, DHS , VA , BBG, DOL, NSF, and DoD. The benefits of our Hands-On How-To Perform Computer Forensics include:

  • Skills to establish and fortify an organization's security, forensics, and incident response capabilities
  • Customized private sessions, tailored towards organizations' unique environments
  • Detailed step-by-step and how-to instructions
  • Instructor-led and student-performed hands-on exercises
  • Real-world simulations of forensics challenges
  • Seasoned expert instructors with real-world hands-on consulting and training experience
  • Arsenal of take-aways (tools, templates, guides, and relevant forensics resources)
  • Up-to-date course content, addressing emerging forensics challenges
  • Small class sizes ensuring maximum student-instructor interaction
  • Vendor-neutral content � covering commercial and freeware tools
Target Audience:

The course is targeted towards technical professionals, including:

  • Computer Forensics Investigators
  • Law Enforcement Personnel
  • Information Security Managers
  • Incident Responders
  • IT Professionals
  • Cyber Crime Attorneys
  • Private investigators
  • Compliance Officers
  • Auditors

Course Format:

  • Interactive presentations by security and forensics expert instructor
  • Hands-On How-To Lab Exercises (HOHTLEs) in performing computer forensics and incident response

Course Duration:Three (3) Days

Course Cost:CALL

Course Objectives:

Upon successful completion of the Hands-On How-To® Perform Computer Forensics course, each participant will be armed with the knowledge, tools, and processes required in producing computer evidence that can withstand legal scrutiny. Specifically, students will possess relevant knowledge and real-world hands-on skills in:

  • Requisite technology knowledge relevant to forensics investigations
  • Laws relating to computer crime investigations
  • Tried and proven forensics investigation processes
  • Getting an organization ready for forensics investigations
  • Forensics tools and techniques of the trade
  • Evidence acquisition and duplication
  • How-to analyze evidence for forensics artifacts
  • Performing forensics analysis of common operating systems
  • Internet forensics
  • Analyzing Mobile device
  • Passwords and encryption
  • Information recovery
  • Capturing volatile data from a live computer
  • Conducting memory analysis
  • Analyzing malware and conducting reverse engineering
  • Developing forensics reports
  • Testifying in courts
  • Anti-Forensics techniques
Course Topics:

NetSecurity’s Computer Forensics course includes in-depth coverage of real-world scenarios and HOHTLEs in the following areas:

Topics Discussion and HOHTLEs
Computer Overview
  • Computer Fundamentals
  • Computer File Systems
  • Computer Hard Drive Structure
  • Hard Disk Interfaces (SCSI, IDE, USB, SATA, etc.)
  • Mobile Storage Devices
  • Windows, Linux, and Macintosh Boot Processes  
  • Hard Drive Erasure and Degaussing
  • Virtualization and Virtual Machines (Parallels, VMware, etc.)
Networking Technology
  • Fundamentals of Networking
  • The Open System Interconnect (OSI) Model
  • The TCP/IP Model
  • TCP/IP Protocol Addressing
Forensics Overview
  • Computer Forensics Fundamentals
  • Benefits of Computer Forensics
  • Computer Crimes
  • Computer Evidence
  • Computer Forensics Evidence and Courts
Laws
  • Justice System
  • Legal Concerns and Privacy Issues
  • The Fourth Amendment
  • Internet Laws and Statutes
Forensics Process
  • The Forensics Process
  • Steps in Forensics Investigations
  • Authentication and Verification of Suspects
  • Identification of Evidence Source
  • Securing the Evidence
  • Chain of Custody Form
  • Professional and Unbiased Conduct     
  • Law Enforcement Methodologies
  • Collaboration: Working with Upstream and Downstream Providers
  • Collaboration: Dealing with Law Enforcement
  • Collaboration: Dealing with the Media
  • Collaboration: Working With Other Organizations
Forensics Evidence
  • Evidence Sources
  • Evidence Seizure
  • Evidence Collection: Duplication and Preservation
  • Evidence Collection: Verification and Authentication (Forensics Soundness)
  • Evidence Collection: Order of Volatility
  • Evidence Integrity: Preventing Tampering and Spoliation
  • Evidence Collection: Bagging, Tagging, Marking, Secure Storage and Transmittal of evidence.
  • Evidence Handling: Chain of Custody
  • Handling and Securing Evidence
Forensics Toolkits
  • Common Forensics Toolkits
  • Uncommon Forensics Tools
  • Creating Forensics Toolkits
Acquisition and Duplication
  • Sterilizing Evidence Media
  • Forensic Duplication of Source Evidence with Hardware
  • Acquiring Forensics Image with Software
  • Acquiring Live Volatile Data
  • Using Write blockers
Data Analysis
  • Metadata Extraction
  • File Signature Analysis
  • File System Analysis
  • Examining Unallocated and Slack Space
  • Identifying Known Bad/Good Files
  • Performing Searches
  • Data Carving
  • Recovering Deleted Data and Partitions
Windows Forensics
  • Registry Fundamentals and Analysis
  • Executable File Analysis
  • Windows Live Response
  • Alternate Data Stream (ADS)   
  • Recycle Bin Forensics
  • Windows Prefetch Files
  • Evidence Recovery from Print and Spool Files
  • Simulating/Booting Suspect Environment
Internet Forensics
  • Domain Name Ownership Investigation
  • Reconstructing Past Internet Activities and Events
  • Email Forensics: E-mail Analysis
  • Email Forensics: Email Headers and Spoofing
  • Email Forensics: Laws Against Email Crime
  • Messenger Forensics: AOL, Yahoo, MSN, and Chats
  • Browser Forensics: Analyzing Cache and Temporary Internet Files
  • Browser Forensics: Cookie Storage and Analysis
  • Browser Forensics: Web Browsing Activity Reconstruction
Mobile Device Forensics
  • Introduction to Handheld Forensics
  • Collecting and Analyzing Cell Phone, PDA, Blackberry, iPhone, iPod, iPad, and MP3 Evidence
  • Analyzing CD, DVD, Tape Drives, USB, Flash Memory, and other Storage Devices
  • Digital Camera Forensics
  • Reconstructing Users Activities
  • Recovering and Reconstructing Deleted Data
Passwords and Encryption
  • Files and Data Encryption
  • Password Attacks Tools and Techniques
  • Working with Rainbow Tables
  • Passwords and Storage Locations
  • Encryption Types (Symmetric and Asymmetric)
  • Password Cracking and Recovery
Steganography
  • Introduction to Handheld Forensics
  • Collecting and Analyzing Cell Phone, PDA, Blackberry, iPhone, iPod, iPad, and MP3 Evidence
  • Analyzing CD, DVD, Tape Drives, USB, Flash Memory, and other Storage Devices
  • Digital Camera Forensics
  • Reconstructing Users Activities
  • Recovering and Reconstructing Deleted Data

Detailed syllabus is available.

Course Schedule and Registration:

Course schedule and registration information is available here.

Back to Top
Hands-On How-To Incident Response Training Course/Class :

Syllabus:Detailed syllabus is available.

Real-World Scenario (Course Overview):

Ojehtrade & Co., Inc., a multi-billion dollar brokerage firm with $789 billion in assets, based in New York, NY, with offices throughout the USA has recently suffered a massive computer intrusion. The target systems involved are running on Unix, Windows, and Mac OS X systems. Ojehtrade knew about this intrusion because the cyber criminals sent a message to the firm's executives demanding $5 million dollars in "ransom" and have threatened to contact the media and publish the compromised data online if their demands aren't met within 72 hours.

Ojehtrade is surprised, given the heavy investment in corporate IT security measures, that they were hacked. Your firm, The Forensics Gurus LLC, has been hired by Turner Worten Fitzgerald LLP, a prestigious law firm representing Ojehtrade to handle this high-profile investigation at a bill rate of $450/hr. As the senior incident responder, you have been asked to interrupt your long-scheduled Mediterranean cruise to lead this high-profile incident response engagement. The client wants to know:

  • Skills to establish and fortify an organization's security, forensics, and incident response capabilities
  • Customized private sessions, tailored towards organizations' unique environments
  • Detailed step-by-step and how-to instructions
  • Instructor-led and student-performed hands-on exercises
  • Real-world simulations of investigating a compromised network
  • Seasoned expert instructors with real-world hands-on consulting and training experience
  • Arsenal of take-aways (tools, templates, guides, and relevant forensics resources)
  • Up-to-date course content, addressing emerging incident response challenges
  • Small class sizes ensuring maximum student-instructor interaction
  • Vendor-neutral content, covering commercial and freeware tools
Target Audience:

The Incident Response course is targeted towards technical professionals, including:

  • Computer Forensics Investigators
  • Incident Responders
  • Malware Analysts
  • Law Enforcement Personnel
  • Technology Enthusiasts
Course Format:
  • Interactive presentations by security, forensics, and incident response expert instructor
  • Hands-On How-To® Lab Exercises performing computer forensics and incident response

Course Duration:Three (3) Days

Course Cost:CALL

Course Objectives:

Upon successful completion of the Hands-On How-To® Malware Analysis course, each participant will be armed with the knowledge, tools, and processes required in conducting malware analysis and producing a report that can withstand legal scrutiny. Specifically, students will possess relevant knowledge and real-world hands-on skills in:

  • Introduction to Malware Analysis
  • Malware Hiding Places
  • Building a Malware Analysis Lab (Environment)
  • Static Analysis
  • Dynamic Analysis
  • Code Analysis
  • Malicious Document Analysis
  • Identifying and Protecting against Malware
  • Malware Challenges in the Real-World
Course Topics:

NetSecurity’s Malware Analysis course includes in-depth coverage of real-world scenarios and HOHTLEs in the following areas:

Topics Discussion and HOHTLEs
Introduction to Malware Analysis
  • Malware Taxonomy
  • Malware Threats
  • Malware Analysis Methodologies
  • Legal Considerations
  • Identifying and Protecting against Malware
Malware Hiding Places
  • Collecting Malware from Live system
  • Identifying Malware in Dead system
Building a Malware Analysis Lab (Environment)
  • Virtual Machine
  • Real Systems
  • Malware Analysis Tools
Static Analysis
  • Detailed File Analysis
  • Database of File Hashes
  • Identifying File Compile Date
  • Identifying Packing/Obfuscation Methods
  • Performing Strings
  • File Signature Analysis
  • Local and Online Malware Scanning
  • Identifying File Dependencies
Dynamic Analysis
  • System Baselining
  • Host Integrity Monitor
  • Installation Monitor
  • Process Monitor
  • File Monitor
  • Registry Analysis/Monitoring
  • Network Traffic Monitoring/Analysis
  • Port Monitors
  • DNS Monitoring/Resolution
  • Simulating Internet Services
Code Analysis
  • Reverse Engineering Malicious Code
  • Identifying Malware Passwords
  • Bypassing Authentication
Malicious Document Analysis
  • PDF and Microsoft Office Document Structures
  • PDF and Office Documents Vulnerabilities
  • Malware Extraction and Analysis Tools
  • Analysis of Malicious Documents
Malware Challenges
  • Virtual Environment
  • Live Internet Connection
  • Real, Fake, and Virtual Services
  • Anti-Debug and Anti-forensic Malware

Detailed syllabus is available.

Course Schedule and Registration:

Course schedule and registration information is available here.

Back to Top

Hands-On How-To Memory Forensics Training Course/Class :

Syllabus:Detailed syllabus is available.

Real-World Scenario (Course Overview):

A prominent Government agency has suffered a massive cyber intrusion. The intrusion appears to be a highly sophisticated attack launched by highly skilled hackers who are part of a state-sponsored cyber crime. These �elite� hackers launched a successful and advanced attack that went undetected and unprevented by the agency's current perimeter security measures. Once these attackers penetrated the network, they flew below the radar and went undetected for months while pilfering vital data.

Your firm has been recruited to assist in the investigation. When your team arrives at the cyber crime scene, you notice that some of the compromised systems have been powered down while others are still up and running. Preliminary analysis of the running systems yields no trace of the intrusion on the file systems. Your last resort is to collect volatile data, including memory images of each penetrated system, for later analysis.

Memory forensics analysis is a branch of computer investigation that requires special expertise in excavating relevant artifacts from memory. NetSecurity's Hands-On How-To ® Memory Forensics course teaches students about volatile data stored in memory, which are lost when the system is powered down. Course participants learn to pluck evidentiary information such as memory-resident malware, passwords/passphrases, Internet history, and other critical information running in memory. Upon memory acquisition, students learn how to conduct analysis on memory images and generating reports. The Hands-On How-To ® Lab Exercises (HOHTLEs) covered in the course incorporate significant real-world experience necessary for delivering legally admissible world-class results in the field.

NetSecurity Benefits:

Through years of real-world hands-on cyber security, digital forensics, and incident response experience, NetSecurity has supported Fortune 500 companies and federal agencies such as the IRS, DHS , VA , BBG, DOL, NSF, and DoD. The benefits of our Hands-On How-To ® Malware Analysis course include:

  • Skills to establish and fortify an organization's security, forensics, and incident response capabilities
  • Customized private sessions, tailored towards organizations' unique environments
  • Detailed step-by-step and how-to instructions
  • Instructor-led and student-performed hands-on exercises
  • Instructor-led and student-performed hands-on exercises
  • Seasoned expert instructors with real-world hands-on consulting and training experience
  • Arsenal of take-aways (tools, templates, guides, and relevant forensics resources)
  • Up-to-date course content, addressing emerging malware analysis challenges
  • Small class sizes ensuring maximum student-instructor interaction
  • Vendor-neutral content, covering commercial and freeware tools
Target Audience:

The Memory Forensics course is targeted towards technical professionals, including:

  • Computer Forensics Investigators
  • Incident Responders
  • Malware Analysts
  • Information Security Professionals
  • Technology Enthusiasts
Course Format:
  • Interactive presentations by security, forensics, and incident response expert instructor
  • Hands-On How-To® Lab Exercises performing memory forensics analysis

Course Duration:Two (2) Days

Course Cost:CALL

Course Objectives:

Upon successful completion of the Hands-On How-To ® Memory Forensics course, each participant will learn about volatile data stored in memory, which are lost when the system is powered down. Course participants also learn how to extract evidentiary information such as memory-resident malware, passwords/passphrases, Internet history, and other information running in memory. Upon memory acquisition, students learn about conducting analysis on memory images and generating reports. Students will be armed with the knowledge, tools, and processes required in conducting memory forensics and producing a report that can withstand legal scrutiny. Specifically, students will possess relevant knowledge and real-world hands-on skills in:

  • Introduction to Memory Forensics
  • Memory Acquisition
  • Volatility for RAM Analysis
  • File Carving
  • Fuzzy Hashing
  • Analysis of Extracted Malware Specimen
Course Topics:

NetSecurity's Memory Forensics course includes in-depth coverage of real-world scenarios and HOHTLEs.

Topics Discussion and HOHTLEs
Introduction to Memory Forensics
  • What is in RAM?
  • Why Physical Memory Analysis
  • Identify Malicious Property
  • Memory Analysis Challenges
  • Memory Analysis Tools
Memory Acquisition
  • Acquiring the RAM, Hibernation Files, Page/Swap Files
  • Acquisition Tools (Winen, FastDump, FTK Imager, MDD, etc.)
  • Remote Acquisition
Volatility for RAM Analysis
  • Memory Analysis with Volatility
  • Virtual Address Descriptors (VAD) tree
  • Volatility Modules
  • Volatility Plug-ins
  • Network Connections, Loaded DLLs, Open Files,
  • Extracting Process Memory, EXEs, and DLLs from RAM
  • Recovering Passphrases and Encryption Keys
  • Analyzing RAM for Malware
File Carving
  • File Extraction using Scapel, Foremost, FTK, and other File Carving Tools
Fuzzy Hashing
  • MD5 Hash
  • Fuzzy Hashing
  • File Matching
  • Malware-Injected Processes
Analysis of Extracted Malware Specimen
  • Static
  • Dynamic Analysis
  • Code Analysis

Detailed syllabus is available.

Course Schedule and Registration:

Course schedule and registration information is available here

Back to Top

Hands-On How-To Malicious Document Analysis Training Course/Class :

Syllabus: Detailed syllabus is available.

Real-World Scenario (Course Overview):

You have been recruited as the head of information security of a reputable organization, with over 125,000 hosts and 50,000 users. The organization has invested in top-of-the-line perimeter defenses, including firewalls, intrusion detection and prevention systems, virtual private networks (VPNs) and content filtering technologies. The organization also has �well trained� incident responders and intrusion detection analysts who monitor the entries network vigilantly. The employees of this entity are often trained on opening email attachments, even though they may be scanned by the content filtering technologies that you just purchased and deployed.

The perimeter defenses are configured with very simple but stringent rule-sets to prevent cyber adversaries from infiltrating your network. Everything is going well, when on the eve of your long-planned Mediterranean cruise, you receive a call stating that several employees have received some suspicious documents through email and web downloads. You direct the security team to scan the documents for a possible virus, but no virus was detected. Soon the team observes some strange command-and-control communications being initiated from the user systems to an IP address in a foreign country. Unfortunately, the cable news networks are covering the cyber intrusion of your organization and your career is at stake for not preventing this attack in the first place.

Although no anti-virus software was able to detect a malware, your analysts have captured the suspicious document, but lack the knowledge and resources to provide prompt answers to the provocative questions being ask by upper management. Do you have the requisite skills to provide quick and accurate answers pertaining to the above incident and mitigate future attempts?

Cyber attackers now use malicious documents as an attack vector to bypass enterprise perimeter defensive measures and anti-virus solutions. NetSecurity's Hands-On How-To® Malicious Document Analysis course teaches students how to analyze malicious documents such as Microsoft Office and Adobe Acrobat PDF files for the presence of hidden malware. Course participants learn the tools and techniques for reverse-engineering malicious documents, finding and extracting hidden code, Shellcodes, JavaScripts, and VBA macros from an infected document. Students also learn how to disassemble and examine these malicious codes to understand their intent and capabilities. The Hands-On How-To ® Lab Exercises (HOHTLEs) covered in the course incorporate significant real-world experience necessary for delivering legally admissible world-class results in the field.

NetSecurity Benefits:

Through years of real-world hands-on cyber security, digital forensics, and incident response experience, NetSecurity has supported Fortune 500 companies and federal agencies such as the IRS, DHS , VA , BBG, DOL, NSF, and DoD. The benefits of our Hands-On How-To ® Malicious Document Analysis course include:

  • Skills to establish and fortify an organization's security, forensics, and incident response capabilities
  • Customized private sessions, tailored towards organizations' unique environments
  • Detailed step-by-step and how-to instructions
  • Instructor-led and student-performed hands-on exercises
  • Real-world simulations of malicious software in a lab environment
  • Seasoned expert instructors with real-world hands-on consulting and training experience
  • Arsenal of take-aways (tools, templates, guides, and relevant forensics resources)
  • Up-to-date course content, addressing emerging malware analysis challenges
  • Small class sizes ensuring maximum student-instructor interaction
  • Vendor-neutral content, covering commercial and freeware tools
Target Audience:

The Malicious Document Analysis course is targeted towards technical professionals, including:

  • Computer Forensics Investigators
  • Incident Responders
  • Malware Analysts
  • Information Security Professionals
  • Technology Enthusiasts
Course Format:
  • Interactive presentations by security, forensics, and incident response expert instructor
  • Hands-On How-To® Lab Exercises performing malicious code analysis

Course Duration: One (1) Day

Course Cost: CALL

Course Objectives:

Upon successful completion of the Hands-On How-To® Malicious Document Analysis course, each participant will be armed with the knowledge, tools, and processes required to analyze malicious Microsoft Office and Adobe PDF files for the presence of hidden malware. Students learn the tools and techniques for disassembling and reverse-engineering malicious documents, finding and extracting hidden codes, Shellcodes, JavaScripts, and VBA macros from an infected document. Specifically, students will possess relevant knowledge and real-world hands-on skills in:

  • Document Structures
  • Document Vulnerabilities
  • Tools of the Trade
  • Malware Extraction
  • Malware Analysis
Course Topics:

NetSecurity’s Malicious Document Analysis course includes in-depth coverage of real-world scenarios and HOHTLEs in the following areas:

Topics Discussion and HOHTLEs
Document Structures
  • PDF Document Structures
  • Microsoft Office Document Structures
Document Vulnerabilities
  • PDF Vulnerabilities
  • Potentially Dangerous PDF Functions
  • Office Documents Vulnerabilities
Tools of the Trade
  • OfficeMalScanner
  • MalHost-Setup
  • Offvis
  • PDFiD
  • PDF-parser
  • Origami (Walker, PDFscan, Extractjs)
  • Malzilla
  • DisView
  • PDF StructAzer
  • Many more
Malware Extraction
  • Malware Codes/Specimens (Shellcodes, JavaScripts, and VBA macros)
  • Locating Malicious Code in a Document
  • Extracting Malware from PDF Documents
  • Extracting Malware from Office Documents
  • Extracting Infected Documents from RAM
Malware Analysis
  • Static Analysis of Malware Specimen
  • Dynamic Analysis Malware Specimen
  • Reverse-Engineering & Disassembling Malware

Detailed syllabus is available.

Course Schedule and Registration:

Course schedule and registration information is available here.