NetSecurity NetSecurity Forensic Labs Hands-On How-To Security Training
Training Courses On-Site Training Registration Forensic Labs Company
Network &asp; Application Security, Computer Forensics, Incident Response, Network Forensics, Malware Analysis, Memory Forensics, Malicious Document Analysis
Hands-On How-To® Training > Courses >
Overview of Hands-On How-To Training Courses :

NetSecurity's Hands-On How-To® Training courses are tailored to IT security, forensics, and auditing professionals who need to know the step-by-step and how-to process for securing, investigating, and auditing or assessing various IT environments. Each course provides students with a simulation of real-world issues and offers the opportunity to "learn-by-doing." Topics are laden with Hands-On How-To Lab Exercises (HOHTLEs) of real-world issues. HOHTLEs are performed by each student to demonstrate mastery of covered topics. In addition, we provide students with relevant tools, products, guides, resources, and references for accomplishing tasks efficiently. These take-aways are quick and easy references for use in the field.

NetSecurity’s Hands-On How-To® Training and education courses and classes, include Cyber Security, Digital Computer Forensics Investigation, Malware Analysis, Cyber Crime Security Incident Response, Memory Forensics, Malicious Document Analysis, and e-Discovery Training. Our proprietary step-by-step non-certification training teaches you the emerging tools, techniques, and skills for solving real-world security and forensics challenges.

Our classes are listed below on this page or you may jump directly to the course that interests you above.

Hands-On How-To Computer Forensics for Attorneys (CLE) Training Course/Class:

Syllabus: Detailed syllabus is available.

Course Overview:

Digital information continues to grow at an exponential rate. Data is no longer stored solely in computer hard drives, backup tapes, or compact discs (CDs). With the growth of emerging portable data and storage devices, such as portable digital assistants (PDAs), cell phones, and Blackberry devices, crucial information can be anywhere and easily passed from device-to-device. Information stored in these changing media can be crucial sources of evidence in corporate, civil, and criminal investigations.

Moreover, cyber criminals are continuously crafting ways to evade existing forensics tools and techniques. NetSecurity's Computer Forensics Training for Attorneys course teaches legal professionals the process of locating, acquiring, preserving, analyzing, and producing solid digital evidence that can make the difference between winning and losing a case. The Hands-On How-To Lab Exercises (HOHTLEs) covered in the course incorporate significant real-world experiences necessary to prepare or scrutinize a forensics investigator.

NetSecurity Benefits:

Through years of real-world hands-on security and forensics experience, NetSecurity has supported Fortune 500 companies, law firms, and federal agencies — such as the IRS, DHS , VA , BBG, DOL, NSF, and DoD. The benefits of our Computer Forensics Training for Attorneys include:

  • Customized private sessions, tailored towards your unique requirements
  • Instructor-led and student-performed hands-on exercises
  • Seasoned security and forensics experts with
    • Real-world hands-on consulting and training experience
    • Media publication and industry speaking experience
  • Arsenal of take-aways (guides and relevant forensics resources)
  • Up-to-date course content, addressing emerging forensics topics
  • Small class sizes ensuring maximum student-instructor interaction
  • Vendor-neutral content

Target Audience:

T he course is targeted towards technical professionals, including:

  • Cyber Crime Attorneys
  • Paralegal Professionals
  • Magistrates/Judges
  • Private investigators
  • Compliance Officers

Course Format:

  • Interactive presentations by forensics expert
  • Hands-On How-To Lab Exercises (HOHTLEs) in performing computer forensics

Course Duration: Two (2) Days

Course Cost: CALL

Course Objectives:

Upon successful completion of the Computer Forensics Training for Attorneys course, each participant will be armed with the required knowledge to understand and analyze computer evidence that can withstand legal scrutiny. Attendees will also learn to dissect evidence produced by opposing counsel. Specifically, attendees will possess relevant knowledge in:

  • Tried and proven forensics investigation processes
  • Evidence authentication, handling, preservation, and security
  • Common mistakes to avoid in an investigation
  • Preparing your own experts and scrutinizing those of opposing expert teams
  • Getting an organization ready for forensics investigations and e-discovery

Course Topics:

NetSecurity’s Computer Forensics Training for Attorneys course includes coverage of real-world scenarios and HOHTLEs in the following areas:

Topics Discussion and HOHTLEs
  • Computer Overview
  • Computer Fundamentals
  • Computer Storage Media
  • Mobile Storage Devices
  • Computer Networks
  • Computer Hacking Overview
  • Forensics Overview
  • Computer Forensics Fundamentals
  • Benefits of Computer Forensics
  • Computer Crimes
  • Computer Forensics Evidence and the Courts
  • Legal Concerns and Privacy Issues
  • Forensics Process
  • Forensics Investigation Process
  • Securing the Evidence and Crime Scene
  • Chain of Custody
  • Law Enforcement Methodologies
  • Forensics Evidence
  • Evidence Sources
  • Evidence Duplication, Preservation, Handling, and Security
  • Forensics Soundness
  • Order of Volatility of Evidence
  • Collection of Evidence on a Live System
  • Court Admissibility of Volatile Evidence
  • Forensics Readiness
  • Benefits of Forensic Readiness
  • Preparing an Organization for Forensics Investigations
  • Managing an Investigation
  • Forensics Lab
  • Benefits of a Computer Forensics Lab
  • Forensics Lab Requirements
  • Securing the Forensics Lab
  • Acquisition and Duplication
  • Sterilizing Evidence Media
  • Acquiring Forensics Images
  • Acquiring Live Volatile Data
  • Data Analysis
  • Metadata Extraction
  • File System Analysis
  • Performing Searches
  • Recovering Deleted, Encrypted, and Hidden files
  • Internet Forensics
  • Reconstructing Past Internet Activities and Events
  • E-mail Analysis
  • Messenger Analysis: AOL, Yahoo, MSN, and Chats
  • Mobile Device Forensics
  • Evidence in Cell Phone, PDA, Blackberry, iPhone, iPod, iPad, Android, and MP3
  • Evidence in CD, DVD, Tape Drive, USB, Flash Memory, Digital Camera
  • Evidence in other emerging mobile devices
  • Court Testimony
  • Testifying in Court
  • Expert Witness Testimony
  • Evidence Admissibility
  • E-Discovery
  • Federal Rules of Civil Procedure (FRCP)
  • Collection and Preservation of Electronically Stored Information
  • Legal and IT Requirements
  • Developing Computer Investigation and E-Discovery Capabilities

Detailed syllabus is available.

Course Schedule and Registration:

Course schedule and registration information is available here.

Hands-On How-To Computer Forensics Training Course/Class:

Syllabus: Detailed syllabus is available.

Course Overview:

Digital information continues to grow at an exponential rate. Data is no longer stored solely in computer hard drives, backup tapes, or compact discs (CDs). With the growth of emerging portable data and storage devices, such as portable digital assistants (PDAs), cell phones, and Blackberry devices, crucial information can be anywhere and easily passed from device-to-device. Information stored in these changing media can be crucial sources of evidence in corporate, civil, and criminal investigations.

Moreover, forensic investigation is a time-consuming effort that requires specialized expertise, procedures, tools, and real-world knowledge of excavating digital evidence. NetSecurity's Hands-On How-To® Perform Computer Forensics course teaches students the step-by-step process of locating, acquiring, preserving, analyzing, and producing solid digital evidence. The Hands-On How-To Lab Exercises (HOHTLEs) covered in the course incorporate significant real-world experience necessary for delivering world -class results in the field.

NetSecurity Benefits:

Through years of real-world hands-on security and forensics experience, NetSecurity has supported Fortune 500 companies and federal agencies such as the IRS, DHS , VA , BBG, DOL, NSF, and DoD. The benefits of our Hands-On How-To Perform Computer Forensics include:

  • Skills to establish and fortify an organization's security, forensics, and incident response capabilities
  • Customized private sessions, tailored towards organizations' unique environments
  • Detailed step-by-step and how-to instructions
  • Instructor-led and student-performed hands-on exercises
  • Real-world simulations of forensics challenges
  • Seasoned expert instructors with real-world hands-on consulting and training experience
  • Arsenal of take-aways (tools, templates, guides, and relevant forensics resources)
  • Up-to-date course content, addressing emerging forensics challenges
  • Small class sizes ensuring maximum student-instructor interaction
  • Vendor-neutral content � covering commercial and freeware tools

Target Audience:

T he course is targeted towards technical professionals, including:

  • Computer Forensics Investigators
  • Law Enforcement Personnel
  • Information Security Managers
  • Incident Responders
  • IT Professionals
  • Cyber Crime Attorneys
  • Private investigators
  • Compliance Officers
  • Auditors

Course Format:

  • Interactive presentations by security and forensics expert instructor
  • Hands-On How-To Lab Exercises (HOHTLEs) in performing computer forensics and incident response

Course Duration: Three (3) Days

Course Cost: CALL

Course Objectives:

Upon successful completion of the Hands-On How-To® Perform Computer Forensics course, each participant will be armed with the knowledge, tools, and processes required in producing computer evidence that can withstand legal scrutiny. Specifically, students will possess relevant knowledge and real-world hands-on skills in:

  • Requisite technology knowledge relevant to forensics investigations
  • Laws relating to computer crime investigations
  • Tried and proven forensics investigation processes
  • Getting an organization ready for forensics investigations
  • Forensics tools and techniques of the trade
  • Evidence acquisition and duplication
  • How-to analyze evidence for forensics artifacts
  • Performing forensics analysis of common operating systems
  • Internet forensics
  • Analyzing Mobile device
  • Passwords and encryption
  • Information recovery
  • Capturing volatile data from a live computer
  • Conducting memory analysis
  • Analyzing malware and conducting reverse engineering
  • Developing forensics reports
  • Testifying in courts
  • Anti-Forensics techniques

Course Topics:

NetSecurity’s Computer Forensics course includes in-depth coverage of real-world scenarios and HOHTLEs in the following areas:

Topics Discussion and HOHTLEs
  • Computer Overview
  • Computer Fundamentals
  • Computer File Systems
  • Computer Hard Drive Structure
  • Hard Disk Interfaces (SCSI, IDE, USB, SATA, etc.)
  • Mobile Storage Devices
  • Windows, Linux, and Macintosh Boot Processes  
  • Hard Drive Erasure and Degaussing
  • Virtualization and Virtual Machines (Parallels, VMware, etc.)
  • Networking Technology
  • Fundamentals of Networking
  • The Open System Interconnect (OSI) Model
  • The TCP/IP Model
  • TCP/IP Protocol Addressing
  • Forensics Overview
  • Computer Forensics Fundamentals
  • Benefits of Computer Forensics
  • Computer Crimes
  • Computer Evidence
  • Computer Forensics Evidence and Courts
  • Laws
  • Justice System
  • Legal Concerns and Privacy Issues
  • The Fourth Amendment
  • Internet Laws and Statutes
  • Forensics Process
  • The Forensics Process
  • Steps in Forensics Investigations
  • Authentication and Verification of Suspects
  • Identification of Evidence Source
  • Securing the Evidence
  • Chain of Custody Form
  • Professional and Unbiased Conduct     
  • Law Enforcement Methodologies
  • Collaboration: Working with Upstream and Downstream Providers
  • Collaboration: Dealing with Law Enforcement
  • Collaboration: Dealing with the Media
  • Collaboration: Working With Other Organizations
  • Forensics Evidence
  • Evidence Sources
  • Evidence Seizure
  • Evidence Collection: Duplication and Preservation
  • Evidence Collection: Verification and Authentication (Forensics Soundness)
  • Evidence Collection: Order of Volatility
  • Evidence Integrity: Preventing Tampering and Spoliation
  • Evidence Collection: Bagging, Tagging, Marking, Secure Storage and Transmittal of evidence.
  • Evidence Handling: Chain of Custody
  • Handling and Securing Evidence
  • Forensics Toolkits
  • Common Forensics Toolkits
  • Uncommon Forensics Tools
  • Creating Forensics Toolkits
  • Acquisition and Duplication
  • Sterilizing Evidence Media
  • Forensic Duplication of Source Evidence with Hardware
  • Acquiring Forensics Image with Software
  • Acquiring Live Volatile Data
  • Using Write blockers
  • Data Analysis
  • Metadata Extraction
  • File Signature Analysis
  • File System Analysis
  • Examining Unallocated and Slack Space
  • Identifying Known Bad/Good Files
  • Performing Searches
  • Data Carving
  • Recovering Deleted Data and Partitions
  • Windows Forensics
  • Registry Fundamentals and Analysis
  • Executable File Analysis
  • Windows Live Response
  • Alternate Data Stream (ADS)   
  • Recycle Bin Forensics
  • Windows Prefetch Files
  • Evidence Recovery from Print and Spool Files
  • Simulating/Booting Suspect Environment
  • Internet Forensics
  • Domain Name Ownership Investigation
  • Reconstructing Past Internet Activities and Events
  • Email Forensics: E-mail Analysis
  • Email Forensics: Email Headers and Spoofing
  • Email Forensics: Laws Against Email Crime
  • Messenger Forensics: AOL, Yahoo, MSN, and Chats
  • Browser Forensics: Analyzing Cache and Temporary Internet Files
  • Browser Forensics: Cookie Storage and Analysis
  • Browser Forensics: Web Browsing Activity Reconstruction
  • Mobile Device Forensics
  • Introduction to Handheld Forensics
  • Collecting and Analyzing Cell Phone, PDA, Blackberry, iPhone, iPod, iPad, and MP3 Evidence
  • Analyzing CD, DVD, Tape Drives, USB, Flash Memory, and other Storage Devices
  • Digital Camera Forensics
  • Reconstructing Users Activities
  • Recovering and Reconstructing Deleted Data
  • Passwords and Encryption
  • Files and Data Encryption
  • Password Attacks Tools and Techniques
  • Working with Rainbow Tables
  • Passwords and Storage Locations
  • Encryption Types (Symmetric and Asymmetric)
  • Password Cracking and Recovery
  • Steganography
  • Steganography Overview
  • Steganography Tools and Tricks
  • Data Hiding
  • Data Recovery
  • Volatile Data
  • Collection and Analysis on a Live Windows System
  • Collection and Analysis on a Live Linux System
  • Collection and Analysis on a Live Mac OS System
  • Collection and Analysis of Physical and Process Memory
  • Volatile Evidence in Incident Response
  • Court Admissibility of Volatile Evidence
  • Memory Forensics
  • Memory Fundamentals
  • Memory Data Collection and Examination
  • Extracting and Examining Processes
  • Malware Analysis
  • Malware Analysis Basics
  • Analyzing Live Windows System for Malware
  • Analyzing Live Linux System for Malware
  • Analyzing Physical and Process Memory Dumps for Malware
  • Discovering and Extracting Malware from Windows Systems
  • Discovering and Extracting Malware from Linux Systems
  • Rootkits and Rootkit Detection and Recovery
  • Reverse Engineering Tools and Techniques
  • Forensics Resources
  • Forensics Forms and Checklists
  • Presentation and Reporting
  • Writing Computer Forensic Reports
  • Report Requirements
  • Guidelines for Writing Final Reports
  • Sample Forensic Report
  • Court Testimony
  • Credibility and Success in Court
  • Testifying in Court
  • Expert Witness: The Expert Witness
  • Expert Witness: Becoming an Expert Witness
  • Expert Witness Testimony
  • Evidence Admissibility
  • Anti-Forensics
  • Anti-Forensics Tools and Techniques (Data Hiding, Steganography, Encryption, Deletion of Data)
  • Defeating Anti-Forensic Schemes
  • Erasing Evidence

Detailed syllabus is available.

Course Schedule and Registration:

Course schedule and registration information is available here.

Hands-On How-To Incident Response Training Course/Class :

Syllabus: Detailed syllabus is available.

Real-World Scenario (Course Overview):

Ojehtrade & Co., Inc., a multi-billion dollar brokerage firm with $789 billion in assets, based in New York, NY, with offices throughout the USA has recently suffered a massive computer intrusion. The target systems involved are running on Unix, Windows, and Mac OS X systems. Ojehtrade knew about this intrusion because the cyber criminals sent a message to the firm's executives demanding $5 million dollars in "ransom" and have threatened to contact the media and publish the compromised data online if their demands aren't met within 72 hours.

Ojehtrade is surprised, given the heavy investment in corporate IT security measures, that they were hacked. Your firm, The Forensics Gurus LLC, has been hired by Turner Worten Fitzgerald LLP, a prestigious law firm representing Ojehtrade to handle this high-profile investigation at a bill rate of $450/hr. As the senior incident responder, you have been asked to interrupt your long-scheduled Mediterranean cruise to lead this high-profile incident response engagement.  The client wants to know:  

  • What, if any, is the extent of the damage/compromise?
  • What data has been lost or compromised?
  • Where did the hacker(s) come from?
  • What is the timeline of the hacking activities?
  • What can be done to prevent intrusions in the future?

Incident Response is a time-consuming effort that requires specialized expertise, procedures, tools, and real-world investigative skills. NetSecurity's Hands-On How-To® Incident Response course teaches students the step-by-step process of locating, acquiring, preserving, analyzing, and producing solid digital evidence. The Hands-On How-To ® Lab Exercises (HOHTLEs) covered in the course incorporate significant real-world experience necessary for delivering legally admissible world-class results in the field.

NetSecurity Benefits:

Through years of real-world hands-on cyber security, digital forensics, and incident response experience, NetSecurity has supported Fortune 500 companies and federal agencies such as the IRS, DHS, VA, BBG, DOL, NSF, and DoD. The benefits of our Hands-On How-To ® Incident Response course include:

  • Skills to establish and fortify an organization's security, forensics, and incident response capabilities
  • Customized private sessions, tailored towards organizations' unique environments
  • Detailed step-by-step and how-to instructions
  • Instructor-led and student-performed hands-on exercises
  • Real-world simulations of investigating a compromised network
  • Seasoned expert instructors with real-world hands-on consulting and training experience
  • Arsenal of take-aways (tools, templates, guides, and relevant forensics resources)
  • Up-to-date course content, addressing emerging incident response challenges
  • Small class sizes ensuring maximum student-instructor interaction
  • Vendor-neutral content, covering commercial and freeware tools

Target Audience:

The Incident Response course is targeted towards technical professionals, including:

  • Computer Forensics Investigators
  • Incident Responders
  • Malware Analysts
  • Law Enforcement Personnel
  • Information Security Professionals
  • Compliance Officers
  • Auditors

Course Format:

  • Interactive presentations by security, forensics, and incident response expert instructor
  • Hands-On How-To® Lab Exercises performing computer forensics and incident response

Course Duration: Three (3) Days

Course Cost: CALL

Course Objectives:

Upon successful completion of the Hands-On How-To ® Incident Response course, each participant will be armed with the knowledge, tools, and processes required in conducting incident response and producing reports that withstand legal scrutiny. Specifically, students will possess relevant knowledge and real-world hands-on skills in:

  • Incident Response Process
  • Legal Considerations
  • Evidence Collection
  • Evidence Preservation
  • Preparing Incident Response Tools
  • Hackers' Methods of Maintaining Presence (Persistence Methods)
  • System Compromise Indicators (Quickly Detecting and Confirming Intrusions)
  • Advanced Malware
  • Malware Analysis
  • Building Incident Response Tool Suite
  • Windows Registry Analysis
  • Forensics

Course Topics:

NetSecurity’s Incident Response course includes in-depth coverage of real-world scenarios and HOHTLEs in the following areas:

Topics Discussion and HOHTLEs
  • Incident Response Process
  • Preparation
  • Incident Readiness Planning
  • Identification
  • Containment     
  • Eradication
  • Recovery
  • Lessons Learned
  • Legal Considerations
  • Internet Laws and Statutes
  • Legal Concerns and Privacy Issues
  • Court Admissibility of (Volatile) Evidence
  • Evidence Collection
  • Volatile Data Collection
    • Pros and Cons of System Shutdown
    • Order of Volatility (Memory, Process, Network, Registry)
  • Hard Drive Imaging
    • Physical Image
    • Logical Image
    • Full/Partial Drive Encryption Scenarios
  • Documenting the Cyber Crime Scene
  • Collecting Additional Storage Devices, Sticky Notes, etc.
  • Evidence Preservation
  • Securing the Evidence
  • Chain of Custody
  • Preparing Incident Response Tools
  • Statically Linked Binaries
  • Import Library
  • Incident Response Tools Selection
  • Hackers’ Methods of Maintaining Presence (Persistence Methods)
  • Surviving Reboots
  • Autoruns
  • Services
  • Service Host Services
  • Stubpath
  • Scheduled Tasks
  • Windows Firewall
  • System Compromise Indicators (Quickly Detecting and Confirming Intrusions)
  • Firewall, IDS, etc.
  • Temporary Internet Files
  • Anti-Virus Logs
  • Hosts File
  • DNS Cache
  • Running Services
  • Critical Log Files
  • Network Connections
  • Memory
  • Recycled Bin
  • Hidden and Protected Files
  • Advanced Malware
  • Memory-Resident Malware
  • Memory Imaging Tools/Techniques
  • Memory Analysis Tools
  • Malware Analysis
  • Malware Analysis
  • Static Analysis
  • Dynamic Analysis
  • Building Incident Response Tool Suite
  • Building Trusted Toolkits
  • Testing the Tools
  • Windows Registry Analysis
  • Monitoring Registry Changes
  • System Information
  • Users Activities
  • Autostart Locations
  • Forensics
  • Time line Analysis
  • File Signature Analysis
  • Hash Analysis

Detailed syllabus is available.

Course Schedule and Registration:

Course schedule and registration information is available here.

Hands-On How-To Malware Analysis Training Course/Class :

Syllabus: Detailed syllabus is available.

Real-World Scenario (Course Overview):

You are the leader of an incident response team charged with conducting high-profile cyber crime investigations for a major government agency with 182,522 nodes. This organization is hit with millions of hacking attempts daily. The enterprise network has been under attack for the past two weeks and members of your team have been working around-the-clock to contain the incident. After many man-hours, the network seemed calm and the attack appeared to be thwarted; or so you thought. Exactly one week later, a member of the Tier II team observes that attackers have successfully penetrated valuable systems and are pilfering crucial government data to a foreign country. Some of the malicious software (malware) has been captured, but you have limited expertise to answer critical questions about the compromise. Senior agency's officials are demanding immediate answers as to how the malware got into the network, where it originated from, what critical data was compromised, who created the malware, and how the agency can defend against this type of attack in the future. Do you have the requisite skills to provide quick and accurate answers to the above high profile penetration and mitigate future attempts?

Today's cyber adversaries are highly skilled and sophisticated hackers who are either part of state-sponsored or organized crime. These �elite� hackers are so advanced that current security measures do not detect, let alone prevent their attacks. These criminals are paid and spend ample time conducting reconnaissance about their targets, then customizing their attack towards the victim. The firewall doesn't prevent the attack and the IDS doesn't detect these intrusions. These cyber criminals continue to leverage users' susceptibility to social engineering attacks to infiltrate critical networks. Once inside the network, they lay low on the radar and often go undetected since there are no known signatures.

Malware Analysis is a time-consuming effort that requires specialized expertise, procedures, tools, and real-world analysis skills. NetSecurity's Hands-On How-To® Malware Analysis course teaches students the step-by-step process for quickly analyzing malware to determine the extent of their malicious intent and device appropriate countermeasures. The Hands-On How-To ® Lab Exercises (HOHTLEs) covered in the course incorporate significant real-world experience necessary for delivering legally admissible world-class results in the field.

NetSecurity Benefits:

Through years of real-world hands-on cyber security, digital forensics, and incident response experience, NetSecurity has supported Fortune 500 companies and federal agencies such as the IRS, DHS , VA , BBG, DOL, NSF, and DoD. The benefits of our Hands-On How-To ® Malware Analysis course include:

  • Skills to establish and fortify an organization's security, forensics, and incident response capabilities
  • Customized private sessions, tailored towards organizations' unique environments
  • Detailed step-by-step and how-to instructions
  • Instructor-led and student-performed hands-on exercises
  • Real-world simulations of malicious software in a lab environment
  • Seasoned expert instructors with real-world hands-on consulting and training experience
  • Arsenal of take-aways (tools, templates, guides, and relevant forensics resources)
  • Up-to-date course content, addressing emerging malware analysis challenges
  • Small class sizes ensuring maximum student-instructor interaction
  • Vendor-neutral content, covering commercial and freeware tools

Target Audience:

The Malware Analysis course is targeted towards technical professionals, including:

  • Computer Forensics Investigators
  • Incident Responders
  • Malware Analysts
  • Information Security Professionals
  • Technology Enthusiasts

Course Format:

  • Interactive presentations by security, forensics, and incident response expert instructor
  • Hands-On How-To® Lab Exercises performing computer forensics and incident response

Course Duration: Three (3) Days

Course Cost: CALL

Course Objectives:

Upon successful completion of the Hands-On How-To® Malware Analysis course, each participant will be armed with the knowledge, tools, and processes required in conducting malware analysis and producing a report that can withstand legal scrutiny. Specifically, students will possess relevant knowledge and real-world hands-on skills in:

  • Introduction to Malware Analysis
  • Malware Hiding Places
  • Building a Malware Analysis Lab (Environment)
  • Static Analysis
  • Dynamic Analysis
  • Code Analysis
  • Malicious Document Analysis
  • Identifying and Protecting against Malware
  • Malware Challenges in the Real-World

Course Topics:

NetSecurity’s Malware Analysis course includes in-depth coverage of real-world scenarios and HOHTLEs in the following areas:

Topics Discussion and HOHTLEs
  • Introduction to Malware Analysis
  • Malware Taxonomy
  • Malware Threats
  • Malware Analysis Methodologies
  • Legal Considerations
  • Identifying and Protecting against Malware
  • Malware Hiding Places
  • Collecting Malware from Live system
  • Identifying Malware in Dead system
  • Building a Malware Analysis Lab (Environment)
  • Virtual Machine
  • Real Systems
  • Malware Analysis Tools
  • Static Analysis
  • Detailed File Analysis
  • Database of File Hashes
  • Identifying File Compile Date
  • Identifying Packing/Obfuscation Methods
  • Performing Strings
  • File Signature Analysis
  • Local and Online Malware Scanning
  • Identifying File Dependencies
  • Dynamic Analysis
  • System Baselining
  • Host Integrity Monitor
  • Installation Monitor
  • Process Monitor
  • File Monitor
  • Registry Analysis/Monitoring
  • Network Traffic Monitoring/Analysis
  • Port Monitor
  • DNS Monitoring/Resolution
  • Simulating Internet Services
  • Code Analysis
  • Reverse Engineering Malicious Code
  • Identifying Malware Passwords
  • Bypassing Authentication
  • Malicious Document Analysis
  • PDF and Microsoft Office Document Structures
  • PDF and Office Documents Vulnerabilities
  • Malware Extraction and Analysis Tools
  • Analysis of Malicious Documents
  • Malware Challenges
  • Virtual Environment
  • Live Internet Connection
  • Real, Fake, and Virtual Services
  • Anti-Debug and Anti-forensic Malware       

Detailed syllabus is available.

Course Schedule and Registration:

Course schedule and registration information is available here.

Hands-On How-To Memory Forensics Training Course/Class :

Syllabus: Detailed syllabus is available.

Real-World Scenario (Course Overview):

A prominent Government agency has suffered a massive cyber intrusion. The intrusion appears to be a highly sophisticated attack launched by highly skilled hackers who are part of a state-sponsored cyber crime. These �elite� hackers launched a successful and advanced attack that went undetected and unprevented by the agency's current perimeter security measures. Once these attackers penetrated the network, they flew below the radar and went undetected for months while pilfering vital data.

Your firm has been recruited to assist in the investigation. When your team arrives at the cyber crime scene, you notice that some of the compromised systems have been powered down while others are still up and running. Preliminary analysis of the running systems yields no trace of the intrusion on the file systems. Your last resort is to collect volatile data, including memory images of each penetrated system, for later analysis.

Memory forensics analysis is a branch of computer investigation that requires special expertise in excavating relevant artifacts from memory. NetSecurity's Hands-On How-To ® Memory Forensics course teaches students about volatile data stored in memory, which are lost when the system is powered down. Course participants learn to pluck evidentiary information such as memory-resident malware, passwords/passphrases, Internet history, and other critical information running in memory. Upon memory acquisition, students learn how to conduct analysis on memory images and generating reports. The Hands-On How-To ® Lab Exercises (HOHTLEs) covered in the course incorporate significant real-world experience necessary for delivering legally admissible world-class results in the field.

NetSecurity Benefits:

Through years of real-world hands-on cyber security, digital forensics, and incident response experience, NetSecurity has supported Fortune 500 companies and federal agencies such as the IRS, DHS , VA , BBG, DOL, NSF, and DoD. The benefits of our Hands-On How-To ® Malware Analysis course include:

  • Skills to establish and fortify an organization's security, forensics, and incident response capabilities
  • Customized private sessions, tailored towards organizations' unique environments
  • Detailed step-by-step and how-to instructions
  • Instructor-led and student-performed hands-on exercises
  • Real-world simulations of malicious software in a lab environment
  • Seasoned expert instructors with real-world hands-on consulting and training experience
  • Arsenal of take-aways (tools, templates, guides, and relevant forensics resources)
  • Up-to-date course content, addressing emerging malware analysis challenges
  • Small class sizes ensuring maximum student-instructor interaction
  • Vendor-neutral content, covering commercial and freeware tools

Target Audience:

The Memory Forensics course is targeted towards technical professionals, including:

  • Computer Forensics Investigators
  • Incident Responders
  • Malware Analysts
  • Information Security Professionals
  • Technology Enthusiasts

Course Format:

  • Interactive presentations by security, forensics, and incident response expert instructor
  • Hands-On How-To® Lab Exercises performing memory forensics analysis

Course Duration: Two (2) Days

Course Cost: CALL

Course Objectives:

Upon successful completion of the Hands-On How-To ® Memory Forensics course, each participant will learn about volatile data stored in memory, which are lost when the system is powered down. Course participants also learn how to extract evidentiary information such as memory-resident malware, passwords/passphrases, Internet history, and other information running in memory. Upon memory acquisition, students learn about conducting analysis on memory images and generating reports. Students will be armed with the knowledge, tools, and processes required in conducting memory forensics and producing a report that can withstand legal scrutiny. Specifically, students will possess relevant knowledge and real-world hands-on skills in:

  • Introduction to Memory Forensics
  • Memory Acquisition
  • Volatility for RAM Analysis
  • File Carving
  • Fuzzy Hashing
  • Analysis of Extracted Malware Specimen

Course Topics:

NetSecurity's Memory Forensics course includes in-depth coverage of real-world scenarios and HOHTLEs.

Topics Discussion and HOHTLEs
  • Introduction to Memory Forensics
  • What is in RAM?
  • Why Physical Memory Analysis
  • Identify Malicious Property
  • Memory Analysis Challenges
  • Memory Analysis Tools
  • Memory Acquisition
  • Acquiring the RAM, Hibernation Files, Page/Swap Files
  • Acquisition Tools (Winen, FastDump, FTK Imager, MDD, etc.)
  • Remote Acquisition
  • Volatility for RAM Analysis
  • Memory Analysis with Volatility
  • Virtual Address Descriptors (VAD) tree
  • Volatility Modules
  • Volatility Plug-ins
  • Network Connections, Loaded DLLs, Open Files,
  • Extracting Process Memory, EXEs, and DLLs from RAM
  • Recovering Passphrases and Encryption Keys
  • Analyzing RAM for Malware
  • File Carving
  • File Extraction using Scapel, Foremost, FTK, and other File Carving Tools
  • Fuzzy Hashing
  • MD5 Hash
  • Fuzzy Hashing
  • File Matching
  • Malware-Injected Processes
  • Analysis of Extracted Malware Specimen
  • Static
  • Dynamic Analysis
  • Code Analysis   

Detailed syllabus is available.

Course Schedule and Registration:

Course schedule and registration information is available here.

Hands-On How-To Malicious Document Analysis Training Course/Class :

Syllabus: Detailed syllabus is available.

Real-World Scenario (Course Overview):

You have been recruited as the head of information security of a reputable organization, with over 125,000 hosts and 50,000 users. The organization has invested in top-of-the-line perimeter defenses, including firewalls, intrusion detection and prevention systems, virtual private networks (VPNs) and content filtering technologies. The organization also has �well trained� incident responders and intrusion detection analysts who monitor the entries network vigilantly. The employees of this entity are often trained on opening email attachments, even though they may be scanned by the content filtering technologies that you just purchased and deployed.

The perimeter defenses are configured with very simple but stringent rule-sets to prevent cyber adversaries from infiltrating your network. Everything is going well, when on the eve of your long-planned Mediterranean cruise, you receive a call stating that several employees have received some suspicious documents through email and web downloads. You direct the security team to scan the documents for a possible virus, but no virus was detected. Soon the team observes some strange command-and-control communications being initiated from the user systems to an IP address in a foreign country. Unfortunately, the cable news networks are covering the cyber intrusion of your organization and your career is at stake for not preventing this attack in the first place.

Although no anti-virus software was able to detect a malware, your analysts have captured the suspicious document, but lack the knowledge and resources to provide prompt answers to the provocative questions being ask by upper management. Do you have the requisite skills to provide quick and accurate answers pertaining to the above incident and mitigate future attempts?

Cyber attackers now use malicious documents as an attack vector to bypass enterprise perimeter defensive measures and anti-virus solutions. NetSecurity's Hands-On How-To® Malicious Document Analysis course teaches students how to analyze malicious documents such as Microsoft Office and Adobe Acrobat PDF files for the presence of hidden malware. Course participants learn the tools and techniques for reverse-engineering malicious documents, finding and extracting hidden code, Shellcodes, JavaScripts, and VBA macros from an infected document. Students also learn how to disassemble and examine these malicious codes to understand their intent and capabilities. The Hands-On How-To ® Lab Exercises (HOHTLEs) covered in the course incorporate significant real-world experience necessary for delivering legally admissible world-class results in the field.

NetSecurity Benefits:

Through years of real-world hands-on cyber security, digital forensics, and incident response experience, NetSecurity has supported Fortune 500 companies and federal agencies such as the IRS, DHS , VA , BBG, DOL, NSF, and DoD. The benefits of our Hands-On How-To ® Malicious Document Analysis course include:

  • Skills to establish and fortify an organization's security, forensics, and incident response capabilities
  • Customized private sessions, tailored towards organizations' unique environments
  • Detailed step-by-step and how-to instructions
  • Instructor-led and student-performed hands-on exercises
  • Real-world simulations of malicious software in a lab environment
  • Seasoned expert instructors with real-world hands-on consulting and training experience
  • Arsenal of take-aways (tools, templates, guides, and relevant forensics resources)
  • Up-to-date course content, addressing emerging malware analysis challenges
  • Small class sizes ensuring maximum student-instructor interaction
  • Vendor-neutral content, covering commercial and freeware tools

Target Audience:

The Malicious Document Analysis course is targeted towards technical professionals, including:

  • Computer Forensics Investigators
  • Incident Responders
  • Malware Analysts
  • Information Security Professionals
  • Technology Enthusiasts

Course Format:

  • Interactive presentations by security, forensics, and incident response expert instructor
  • Hands-On How-To® Lab Exercises performing malicious code analysis

Course Duration: One (1) Day

Course Cost: CALL

Course Objectives:

Upon successful completion of the Hands-On How-To® Malicious Document Analysis course, each participant will be armed with the knowledge, tools, and processes required to analyze malicious Microsoft Office and Adobe PDF files for the presence of hidden malware. Students learn the tools and techniques for disassembling and reverse-engineering malicious documents, finding and extracting hidden codes, Shellcodes, JavaScripts, and VBA macros from an infected document. Specifically, students will possess relevant knowledge and real-world hands-on skills in:

  • Document Structures
  • Document Vulnerabilities
  • Tools of the Trade
  • Malware Extraction
  • Malware Analysis

Course Topics:

NetSecurity’s Malicious Document Analysis course includes in-depth coverage of real-world scenarios and HOHTLEs in the following areas:

Topics Discussion and HOHTLEs
  • Document Structures
  • PDF Document Structures
  • Microsoft Office Document Structures
  • Document Vulnerabilities
  • PDF  Vulnerabilities
  • Potentially Dangerous PDF Functions
  • Office Documents Vulnerabilities
  • Tools of the Trade
  • OfficeMalScanner
  • MalHost-Setup
  • Offvis
  • PDFiD
  • PDF-parser
  • Origami (Walker, PDFscan, Extractjs)
  • Malzilla
  • DisView
  • PDF StructAzer
  • Many more
  • Malware Extraction
  • Malware Codes/Specimens (Shellcodes, JavaScripts, and VBA macros)
  • Locating Malicious Code in a Document
  • Extracting Malware from PDF Documents
  • Extracting Malware from Office Documents
  • Extracting Infected Documents from RAM
  • Malware Analysis
  • Static Analysis of Malware Specimen
  • Dynamic Analysis Malware Specimen
  • Reverse-Engineering & Disassembling Malware

Detailed syllabus is available.

Course Schedule and Registration:

Course schedule and registration information is available here.

Hands-On How-To Secure & Audit Network Systems, Devices, and Services Training Course/Class :
Sophistication in computer technology has resulted in a proportionate advancement in security threats and attack techniques. Audit methodologies that unveil the latest network vulnerabilities must be in place to proactively discover security weaknesses. NetSecurity's Hands-On How-To Secure and Audit Network Systems course is designed to provide students the knowledge and skills needed to secure network infrastructures against today's diverse and emerging security threats and vulnerabilities. This course provides students a step-by-step, cost-effective process for securing and assessing or auditing network systems.

This course is intended for IT professionals who are responsible for maintaining systems security and procedures for organizations as well as those responsible for reviewing these systems to ensure the security measures in place are working to prevent network vulnerabilities. This course offers the skills needed to analyze common internal and external security threats against a network so that participants can develop proactive security and audit strategies that protect their organization's information and data.

HOHTLEs for this course include network security technologies (Firewalls, VPN, content filtering, encryption technologies, IDS/IPS), their weaknesses, common configuration flaws, and techniques for auditing these devices. Additional exercises cover common network protocols (TCP/IP, Telnet, HTTP, SMTP, FTP, DNS, etc.), how to securely configure them, and tools used to discover vulnerabilities associated with these and other network services.
Hands-On How-To Secure & Audit Unix Systems Training Course/Class :
Whether you are a new or seasoned security or systems professional, this course teaches you to use native "out-of-the-box" operating system capabilities to secure and audit Unix environments - Solaris, xBSD, Linux, AIX, etc. The course is designed to help students ensure that Unix systems are adequately protected from unauthorized users and further teaches students how to conduct hackers' attacks and investigations to identify intrusion. Students also learn how to audit a Unix system to identify areas of security weakness and vulnerabilities.

The course discusses particular security measures that incorporate HOHTLEs to show how these security measures can be implemented. Additionally, students learn how to use the Unix shell to capture auditable evidence, control the environment, and generally examine system logs for critical information. Upon course completion, participants go home with hundreds of security tips and ready-to-use scripts - invaluable resources for securing and auditing Unix systems.
Hands-On How-To Secure & Audit Windows 2003 Servers Training Course/Class :
This Hands-On How-To course provides students with an in-depth knowledge and tools needed to secure Windows 2003 servers and network clients. The course covers actual implementation of concrete steps to ensure long-term security of Windows 2003 network environments. The course further provides the students with the skills needed to implement security for Domain Controllers, DNS, DHCP, certificate servers, and secure Active Directory objects, attributes, and use Group Policy to manage user accounts, passwords, etc.

The course is designed to ensure that participants know the practical step-by-step process for hardening Windows 2003 enterprise systems from the top down, focusing on authentication, access controls, borders, logical security boundaries, communications, storage, and administrative authority. The course addresses how to protect servers, desktops, and laptops through permissions, security templates, TCP/IP settings, and application-level security. HOHTLE covers secure configuration and products and tools for auditing Windows 2003 server.

Upon course completion, participants are able to plan and implement a comprehensive security management strategy that includes identifying risks and configuring security technologies, applying security best practices, and monitoring and responding to security incidents within Windows environments.
Hands-On How-To Secure & Audit WiFi Networks Training Course/Class :
Wireless technology can be a significant business enabler that provides a flexible means of physical network management. The availability of wireless networks in virtually every business network environment has made it possible for war drivers to gain a great deal of media attention by wreaking havoc in companies with permeable wireless security defenses. While discovering wireless access points from outside a network cannot be easily prevented, students of our Hands-On How-To course learn how to lower the risk of using wireless LAN technology and monitor its use and abuse effectively.

This course is valuable for technical professionals, network engineers, security professionals, and auditors who manage, operate, audit or implement wireless networks. The student is provided an intensive, hands-on audit of the security risks associated with wireless infrastructure which enables them to make informed decisions on wireless security technologies best suited for various organizational needs. This course also reviews wireless security protocols - WEP, WPA, and WPA2.

HOHTLEs for this course emphasize configuring and securing wireless networks, using wireless and wired intrusion detection techniques, and identifying wireless access points and encryption technologies and their corresponding weaknesses. Exercises include passive monitoring of a wireless network to glean encryption keys and other critical data. Furthermore, the professional learns industry best practices on security and auditing wireless networks.
Hands-On How-To Secure & Audit Database Servers Training Course/Class :
Database management systems have become important and indispensable assets to the operations of all organizations that use them to store mission-critical information. The ubiquity of databases has resulted in frequent reports and incidents of widespread hacking and malicious software exploits targeting these systems. Organizations that do not take the necessary security measures to properly configure and audit these systems proactively run the risk of data compromise and potential loss of critical business assets.

NetSecurity's Hands-On How-To Secure & Audit Database Servers course is designed to enable students to learn how to securely and properly configure database systems and protect the data they store. Further, the course provides how-to instruction on auditing database servers (MySQL, Oracle, MS SQL, etc.) in order to identify security weaknesses effectively and promptly.

Students also explore emerging database security vulnerabilities, hackers' exploits, and effective countermeasures that highlight common database configuration errors, flaws, and vulnerabilities. In addition, participants examine the differences in security implementation in various database platforms. Students perform exercises using sample audit scripts, audit/security checklists, and an impressive list of database vulnerability testing tools that are used in diverse database environments in the field.
Hands-On How-To Secure & Audit Web-based Applications Training Course/Class :
Corporate applications are constantly Web-enabled for access from the Internet from any platform. An enormous number of applications services (e.g., electronic commerce, intranets, electronic data interchange, electronic banking and payment systems, email, remote logins, file transfer, etc.) are web-enabled through the auspices of TCP/IP networking, easily extending application accessibility to more and more users. Internet threats and attacks now target these Web-enabled systems to gain access to corporate jewels. This course explores web-based applications to discover known and unknown vulnerabilities, mechanisms and tools for auditing, and measures for protecting against these vulnerabilities to prevent proprietary data theft.

This course demonstrates how to identify security weaknesses of web-enabled services that are exploitable by remote users using publicly and commercially available software and manual techniques. The course is especially useful for those auditing, developing or managing the development of a web-based application. In addition, the course enables participants to identify the key building blocks in today's networks and advanced applications - understanding of critical threats and vulnerabilities, defining best practices for perimeter and web application security, and locating useful tools and techniques for auditing web applications.

Specific areas to be examined include OWASP top 10 vulnerabilities, how to secure systems and applications to protect against potential exploits, and how to audit these Web-based systems to ensure that applicable vulnerabilities are discovered and mitigated promptly and effectively.
Hands-On How-To Develop Security Policies Training Course/Class :
The proliferation and massive connectivity of systems and enterprise portals have led to an increase in information systems security threats. FBI research shows that internal users continue to breach security more often than external users.

Like other corporate documents, a poorly written security policy can result in non-compliance or policy violation. Our Hands-On How-To Develop Security Policies course is designed to empower IT professionals (with the responsibility for creating, assessing, approving, or implementing security policies) with the tools and techniques to develop concise, effective, implementable, and enforceable security policies and procedures. The course examines the recommended industry best practices and standards and shows how to customize them to address specific business and regulatory requirements. The course also focuses on checklists, sample policies, procedures, standards, guidelines, and synopses of the relevant BS 7799, ISO 17799, and ISO 27001 standards as well as COBIT framework.

As with all NetSecurity's HOHTLEs, students get real-world simulation of actual security policy design, development, review, and implementation through participation in hands-on projects writing policies, procedures, and standards.
Hands-On How-To Perform Certification & Accreditation (C&A) Training Course/Class :
OMB Circular A-130, Appendix III, requires that agencies conduct certification and accreditation (C&A) of information systems. C&A provides a form of quality control and challenges agencies to implement the most effective security controls possible in an information system. This process ensures that all aspects of security are addressed throughout the life cycle of the system. Armed with the most complete, accurate, and trustworthy information possible on the security status of a system, an agency official can make risk-based decisions on whether to authorize operation of a system within the agency.

NetSecurity's Hands-On How-To C&A course teaches students the step-by-step process of performing certification and accreditation of complex and simple systems and applications. Course HOHTLEs incorporate significant documentation and processes that are necessary for developing C&A packages.

The course drills include real-world scenarios, including in-depth coverage of the following areas:
  • Security Categorization
  • Regulations and Guidance - NIST, FISMA, FIPS 199, OMB, etc. - and applicability to C&A
  • Performing C&A tasks
  • Developing C&A documentation
  • Developing System Security Plan (SSP)
  • Conducting a risk assessment
  • Developing a Security Test and Evaluation (ST&E) plan and test procedures
  • Conducting an ST&E and analysis of test results
  • Developing a Continuity of Operations and Disaster Recovery Plans
  • Developing the certification and accreditation package
  • Developing Plan of Action and Milestones (POA&M)

HANDS-ON HOW-T FORENSICS COURSES

 

HANDS-ON HOWT SECURITY COURSES

 

HANDS-ON HOW-T GENERAL COURSES

 

certification training