Home >> Training >> Courses & Syllabi

Courses & Syllabi

Overview of Hands-On How-To Training Courses :

NetSecurity's Hands-On How-To® Training courses are tailored to IT security, forensics, and auditing professionals who need to know the step-by-step and how-to process for securing, investigating, and auditing or assessing various IT environments. Each course provides students with a simulation of real-world issues and offers the opportunity to "learn-by-doing." Topics are laden with Hands-On How-To Lab Exercises (HOHTLEs) of real-world issues. HOHTLEs are performed by each student to demonstrate mastery of covered topics. In addition, we provide students with relevant tools, products, guides, resources, and references for accomplishing tasks efficiently. These take-aways are quick and easy references for use in the field.

NetSecurity’s Hands-On How-To® Training and education courses and classes, include Cyber Security, Digital Computer Forensics Investigation, Malware Analysis, Cyber Crime Security Incident Response, Memory Forensics, Malicious Document Analysis, and e-Discovery Training. Our proprietary step-by-step non-certification training teaches you the emerging tools, techniques, and skills for solving real-world security and forensics challenges.

Our classes are listed below on this page:

Hands-On How-To Computer Forensics for Attorneys (CLE) Training Course/Class:

Syllabus:Detailed syllabus is available.

Course Overview: Digital information continues to grow at an exponential rate. Data is no longer stored solely in computer hard drives, backup tapes, or compact discs (CDs). With the growth of emerging portable data and storage devices, such as portable digital assistants (PDAs), cell phones, and Blackberry devices, crucial information can be anywhere and easily passed from device-to-device. Information stored in these changing media can be crucial sources of evidence in corporate, civil, and criminal investigations.

Moreover, cyber criminals are continuously crafting ways to evade existing forensics tools and techniques. NetSecurity's Computer Forensics Training for Attorneys course teaches legal professionals the process of locating, acquiring, preserving, analyzing, and producing solid digital evidence that can make the difference between winning and losing a case. The Hands-On How-To Lab Exercises (HOHTLEs) covered in the course incorporate significant real-world experiences necessary to prepare or scrutinize a forensics investigator.

NetSecurity Benefits: Through years of real-world hands-on security and forensics experience, NetSecurity has supported Fortune 500 companies, law firms, and federal agencies — such as the IRS, DHS , VA , BBG, DOL, NSF, and DoD.

The benefits of our Computer Forensics Training for Attorneys include:

  • Customized private sessions, tailored towards your unique requirements
  • Instructor-led and student-performed hands-on exercises
  • Seasoned security and forensics experts with
    • Real-world hands-on consulting and training experience
    • Media publication and industry speaking experience
  • Arsenal of take-aways (guides and relevant forensics resources)
  • Up-to-date course content, addressing emerging forensics topics
  • Small class sizes ensuring maximum student-instructor interaction
  • Vendor-neutral content

Target Audience:

The course is targeted towards technical professionals, including:

  • Cyber Crime Attorneys
  • Paralegal Professionals
  • Magistrates/Judges
  • Private investigators
  • Compliance Officers

Course Format:

  • Interactive presentations by forensics expert
  • Hands-On How-To Lab Exercises (HOHTLEs) in performing computer forensics

Course Duration:Two (2) Days

Course Cost:CALL

Course Objectives: Upon successful completion of the Computer Forensics Training for Attorneys course, each participant will be armed with the required knowledge to understand and analyze computer evidence that can withstand legal scrutiny. Attendees will also learn to dissect evidence produced by opposing counsel. Specifically, attendees will possess relevant knowledge in:

  • Tried and proven forensics investigation processes
  • Evidence authentication, handling, preservation, and security
  • Common mistakes to avoid in an investigation
  • Preparing your own experts and scrutinizing those of opposing expert teams
  • Getting an organization ready for forensics investigations and e-discovery

Course Topics:

NetSecurity’s Computer Forensics Training for Attorneys course includes coverage of real-world scenarios and HOHTLEs in the following areas:

Topics Discussion and HOHTLEs
  • Computer Overview
  • Computer Fundamentals
  • Computer Storage Media
  • Mobile Storage Devices
  • Computer Networks
  • Computer Hacking Overview
  • Forensics Overview
  • Computer Forensics Fundamentals
  • Benefits of Computer Forensics
  • Computer Crimes
  • Computer Forensics Evidence and the Courts
  • Legal Concerns and Privacy Issues
  • Forensics Process
  • Forensics Investigation Process
  • Securing the Evidence and Crime Scene
  • Chain of Custody
  • Law Enforcement Methodologies
  • Forensics Evidence
  • Evidence Sources
  • Evidence Duplication, Preservation, Handling, and Security
  • Forensics Soundness
  • Order of Volatility of Evidence
  • Collection of Evidence on a Live System
  • Court Admissibility of Volatile Evidence
  • Forensics Readiness
  • Benefits of Forensic Readiness
  • Preparing an Organization for Forensics Investigations
  • Managing an Investigation
  • Forensics Lab
  • Benefits of a Computer Forensics Lab
  • Forensics Lab Requirements
  • Securing the Forensics Lab
  • Acquisition and Duplication
  • Sterilizing Evidence Media
  • Acquiring Forensics Images
  • Acquiring Live Volatile Data
  • Data Analysis
  • Metadata Extraction
  • File System Analysis
  • Performing Searches
  • Recovering Deleted, Encrypted, and Hidden files
  • Internet Forensics
  • Reconstructing Past Internet Activities and Events
  • E-mail Analysis
  • Messenger Analysis: AOL, Yahoo, MSN, and Chats
  • Mobile Device Forensics
  • Evidence in Cell Phone, PDA, Blackberry, iPhone, iPod, iPad, Android, and MP3
  • Evidence in CD, DVD, Tape Drive, USB, Flash Memory, Digital Camera
  • Evidence in other emerging mobile devices
  • Court Testimony
  • Testifying in Court
  • Expert Witness Testimony
  • Evidence Admissibility
  • E-Discovery
  • Federal Rules of Civil Procedure (FRCP)
  • Collection and Preservation of Electronically Stored Information
  • Legal and IT Requirements
  • Developing Computer Investigation and E-Discovery Capabilities

Detailed syllabus is available.

Course Schedule and Registration: Course schedule and registration information is available here.

Back to Top

Hands-On How-To Computer Forensics Training Course/Class:

Syllabus: Detailed syllabus is available.

Course Overview: Digital information continues to grow at an exponential rate. Data is no longer stored solely in computer hard drives, backup tapes, or compact discs (CDs). With the growth of emerging portable data and storage devices, such as portable digital assistants (PDAs), cell phones, and Blackberry devices, crucial information can be anywhere and easily passed from device-to-device. Information stored in these changing media can be crucial sources of evidence in corporate, civil, and criminal investigations.

Moreover, forensic investigation is a time-consuming effort that requires specialized expertise, procedures, tools, and real-world knowledge of excavating digital evidence. NetSecurity's Hands-On How-To® Perform Computer Forensics course teaches students the step-by-step process of locating, acquiring, preserving, analyzing, and producing solid digital evidence. The Hands-On How-To Lab Exercises (HOHTLEs) covered in the course incorporate significant real-world experience necessary for delivering world -class results in the field.

NetSecurity Benefits: Through years of real-world hands-on security and forensics experience, NetSecurity has supported Fortune 500 companies and federal agencies such as the IRS, DHS , VA , BBG, DOL, NSF, and DoD. The benefits of our Hands-On How-To Perform Computer Forensics include:

  • Skills to establish and fortify an organization's security, forensics, and incident response capabilities
  • Customized private sessions, tailored towards organizations' unique environments
  • Detailed step-by-step and how-to instructions
  • Instructor-led and student-performed hands-on exercises
  • Real-world simulations of forensics challenges
  • Seasoned expert instructors with real-world hands-on consulting and training experience
  • Arsenal of take-aways (tools, templates, guides, and relevant forensics resources)
  • Up-to-date course content, addressing emerging forensics challenges
  • Small class sizes ensuring maximum student-instructor interaction
  • Vendor-neutral content � covering commercial and freeware tools

Target Audience:

The course is targeted towards technical professionals, including:

  • Computer Forensics Investigators
  • Law Enforcement Personnel
  • Information Security Managers
  • Incident Responders
  • IT Professionals
  • Cyber Crime Attorneys
  • Private investigators
  • Compliance Officers
  • Auditors

Course Format:

  • Interactive presentations by security and forensics expert instructor
  • Hands-On How-To Lab Exercises (HOHTLEs) in performing computer forensics and incident response

Course Duration:Three (3) Days

Course Cost:CALL

Course Objectives: Upon successful completion of the Hands-On How-To® Perform Computer Forensics course, each participant will be armed with the knowledge, tools, and processes required in producing computer evidence that can withstand legal scrutiny. Specifically, students will possess relevant knowledge and real-world hands-on skills in:

  • Requisite technology knowledge relevant to forensics investigations
  • Laws relating to computer crime investigations
  • Tried and proven forensics investigation processes
  • Getting an organization ready for forensics investigations
  • Forensics tools and techniques of the trade
  • Evidence acquisition and duplication
  • How-to analyze evidence for forensics artifacts
  • Performing forensics analysis of common operating systems
  • Internet forensics
  • Analyzing Mobile device
  • Passwords and encryption
  • Information recovery
  • Capturing volatile data from a live computer
  • Conducting memory analysis
  • Analyzing malware and conducting reverse engineering
  • Developing forensics reports
  • Testifying in courts
  • Anti-Forensics techniques

Course Topics:

NetSecurity’s Computer Forensics course includes in-depth coverage of real-world scenarios and HOHTLEs in the following areas:

Topics Discussion and HOHTLEs
  • Computer Overview
  • Computer Fundamentals
  • Computer File Systems
  • Computer Hard Drive Structure
  • Hard Disk Interfaces (SCSI, IDE, USB, SATA, etc.)
  • Mobile Storage Devices
  • Windows, Linux, and Macintosh Boot Processes  
  • Hard Drive Erasure and Degaussing
  • Virtualization and Virtual Machines (Parallels, VMware, etc.)
  • Networking Technology
  • Fundamentals of Networking
  • The Open System Interconnect (OSI) Model
  • The TCP/IP Model
  • TCP/IP Protocol Addressing
  • Forensics Overview
  • Computer Forensics Fundamentals
  • Benefits of Computer Forensics
  • Computer Crimes
  • Computer Evidence
  • Computer Forensics Evidence and Courts
  • Laws
  • Justice System
  • Legal Concerns and Privacy Issues
  • The Fourth Amendment
  • Internet Laws and Statutes
  • Forensics Process
  • The Forensics Process
  • Steps in Forensics Investigations
  • Authentication and Verification of Suspects
  • Identification of Evidence Source
  • Securing the Evidence
  • Chain of Custody Form
  • Professional and Unbiased Conduct     
  • Law Enforcement Methodologies
  • Collaboration: Working with Upstream and Downstream Providers
  • Collaboration: Dealing with Law Enforcement
  • Collaboration: Dealing with the Media
  • Collaboration: Working With Other Organizations
  • Forensics Evidence
  • Evidence Sources
  • Evidence Seizure
  • Evidence Collection: Duplication and Preservation
  • Evidence Collection: Verification and Authentication (Forensics Soundness)
  • Evidence Collection: Order of Volatility
  • Evidence Integrity: Preventing Tampering and Spoliation
  • Evidence Collection: Bagging, Tagging, Marking, Secure Storage and Transmittal of evidence.
  • Evidence Handling: Chain of Custody
  • Handling and Securing Evidence
  • Forensics Toolkits
  • Common Forensics Toolkits
  • Uncommon Forensics Tools
  • Creating Forensics Toolkits
  • Acquisition and Duplication
  • Sterilizing Evidence Media
  • Forensic Duplication of Source Evidence with Hardware
  • Acquiring Forensics Image with Software
  • Acquiring Live Volatile Data
  • Using Write blockers
  • Data Analysis
  • Metadata Extraction
  • File Signature Analysis
  • File System Analysis
  • Examining Unallocated and Slack Space
  • Identifying Known Bad/Good Files
  • Performing Searches
  • Data Carving
  • Recovering Deleted Data and Partitions
  • Windows Forensics
  • Registry Fundamentals and Analysis
  • Executable File Analysis
  • Windows Live Response
  • Alternate Data Stream (ADS)   
  • Recycle Bin Forensics
  • Windows Prefetch Files
  • Evidence Recovery from Print and Spool Files
  • Simulating/Booting Suspect Environment
  • Internet Forensics
  • Domain Name Ownership Investigation
  • Reconstructing Past Internet Activities and Events
  • Email Forensics: E-mail Analysis
  • Email Forensics: Email Headers and Spoofing
  • Email Forensics: Laws Against Email Crime
  • Messenger Forensics: AOL, Yahoo, MSN, and Chats
  • Browser Forensics: Analyzing Cache and Temporary Internet Files
  • Browser Forensics: Cookie Storage and Analysis
  • Browser Forensics: Web Browsing Activity Reconstruction
  • Mobile Device Forensics
  • Introduction to Handheld Forensics
  • Collecting and Analyzing Cell Phone, PDA, Blackberry, iPhone, iPod, iPad, and MP3 Evidence
  • Analyzing CD, DVD, Tape Drives, USB, Flash Memory, and other Storage Devices
  • Digital Camera Forensics
  • Reconstructing Users Activities
  • Recovering and Reconstructing Deleted Data
  • Passwords and Encryption
  • Files and Data Encryption
  • Password Attacks Tools and Techniques
  • Working with Rainbow Tables
  • Passwords and Storage Locations
  • Encryption Types (Symmetric and Asymmetric)
  • Password Cracking and Recovery
  • Steganography
  • Steganography Overview
  • Steganography Tools and Tricks
  • Data Hiding
  • Data Recovery
  • Volatile Data
  • Collection and Analysis on a Live Windows System
  • Collection and Analysis on a Live Linux System
  • Collection and Analysis on a Live Mac OS System
  • Collection and Analysis of Physical and Process Memory
  • Volatile Evidence in Incident Response
  • Court Admissibility of Volatile Evidence
  • Memory Forensics
  • Memory Fundamentals
  • Memory Data Collection and Examination
  • Extracting and Examining Processes
  • Malware Analysis
  • Malware Analysis Basics
  • Analyzing Live Windows System for Malware
  • Analyzing Live Linux System for Malware
  • Analyzing Physical and Process Memory Dumps for Malware
  • Discovering and Extracting Malware from Windows Systems
  • Discovering and Extracting Malware from Linux Systems
  • Rootkits and Rootkit Detection and Recovery
  • Reverse Engineering Tools and Techniques
  • Forensics Resources
  • Forensics Forms and Checklists
  • Presentation and Reporting
  • Writing Computer Forensic Reports
  • Report Requirements
  • Guidelines for Writing Final Reports
  • Sample Forensic Report
  • Court Testimony
  • Credibility and Success in Court
  • Testifying in Court
  • Expert Witness: The Expert Witness
  • Expert Witness: Becoming an Expert Witness
  • Expert Witness Testimony
  • Evidence Admissibility
  • Anti-Forensics
  • Anti-Forensics Tools and Techniques (Data Hiding, Steganography, Encryption, Deletion of Data)
  • Defeating Anti-Forensic Schemes
  • Erasing Evidence

Detailed syllabus is available.

Course Schedule and Registration: Course schedule and registration information is available here.

Back to Top

Hands-On How-To Incident Response Training Course/Class :

Syllabus:Detailed syllabus is available.

Real-World Scenario (Course Overview): Ojehtrade & Co., Inc., a multi-billion dollar brokerage firm with $789 billion in assets, based in New York, NY, with offices throughout the USA has recently suffered a massive computer intrusion. The target systems involved are running on Unix, Windows, and Mac OS X systems. Ojehtrade knew about this intrusion because the cyber criminals sent a message to the firm's executives demanding $5 million dollars in "ransom" and have threatened to contact the media and publish the compromised data online if their demands aren't met within 72 hours.

 

Ojehtrade is surprised, given the heavy investment in corporate IT security measures, that they were hacked. Your firm, The Forensics Gurus LLC, has been hired by Turner Worten Fitzgerald LLP, a prestigious law firm representing Ojehtrade to handle this high-profile investigation at a bill rate of $450/hr. As the senior incident responder, you have been asked to interrupt your long-scheduled Mediterranean cruise to lead this high-profile incident response engagement. The client wants to know:

  • What, if any, is the extent of the damage/compromise?
  • What data has been lost or compromised?
  • Where did the hacker(s) come from?
  • What is the timeline of the hacking activities?
  • What can be done to prevent intrusions in the future?

Incident Response is a time-consuming effort that requires specialized expertise, procedures, tools, and real-world investigative skills. NetSecurity's Hands-On How-To® Incident Response course teaches students the step-by-step process of locating, acquiring, preserving, analyzing, and producing solid digital evidence. The Hands-On How-To ® Lab Exercises (HOHTLEs) covered in the course incorporate significant real-world experience necessary for delivering legally admissible world-class results in the field.

NetSecurity Benefits: Through years of real-world hands-on cyber security, digital forensics, and incident response experience, NetSecurity has supported Fortune 500 companies and federal agencies such as the IRS, DHS, VA, BBG, DOL, NSF, and DoD. The benefits of our Hands-On How-To ® Incident Response course include:

  • Skills to establish and fortify an organization's security, forensics, and incident response capabilities
  • Customized private sessions, tailored towards organizations' unique environments
  • Detailed step-by-step and how-to instructions
  • Instructor-led and student-performed hands-on exercises
  • Real-world simulations of investigating a compromised network
  • Seasoned expert instructors with real-world hands-on consulting and training experience
  • Arsenal of take-aways (tools, templates, guides, and relevant forensics resources)
  • Up-to-date course content, addressing emerging incident response challenges
  • Small class sizes ensuring maximum student-instructor interaction
  • Vendor-neutral content, covering commercial and freeware tools

Target Audience:

The Incident Response course is targeted towards technical professionals, including:

  • Computer Forensics Investigators
  • Incident Responders
  • Malware Analysts
  • Law Enforcement Personnel
  • Information Security Professionals
  • Compliance Officers
  • Auditors

Course Format:

  • Interactive presentations by security, forensics, and incident response expert instructor
  • Hands-On How-To® Lab Exercises performing computer forensics and incident response

Course Duration: Three (3) Days

Course Cost: CALL

Course Objectives: Upon successful completion of the Hands-On How-To ® Incident Response course, each participant will be armed with the knowledge, tools, and processes required in conducting incident response and producing reports that withstand legal scrutiny. Specifically, students will possess relevant knowledge and real-world hands-on skills in:

  • Incident Response Process
  • Legal Considerations
  • Evidence Collection
  • Evidence Preservation
  • Preparing Incident Response Tools
  • System Compromise Indicators (Quickly Detecting and Confirming Intrusions)
  • Advanced Malware
  • Malware Analysis
  • Building Incident Response Tool Suite
  • Windows Registry Analysis
  • Forensics

Course Topics:

NetSecurity’s Incident Response course includes in-depth coverage of real-world scenarios and HOHTLEs in the following areas:

Topics Discussion and HOHTLEs
  • Incident Response Process
  • Preparation
  • Incident Readiness Planning
  • Identification
  • Containment     
  • Eradication
  • Recovery
  • Lessons Learned
  • Legal Considerations
  • Internet Laws and Statutes
  • Legal Concerns and Privacy Issues
  • Court Admissibility of (Volatile) Evidence
  • Evidence Collection
  • Volatile Data Collection
    • Pros and Cons of System Shutdown
    • Order of Volatility (Memory, Process, Network, Registry)
  • Hard Drive Imaging
    • Physical Image
    • Logical Image
    • Full/Partial Drive Encryption Scenarios
  • Documenting the Cyber Crime Scene
  • Collecting Additional Storage Devices, Sticky Notes, etc.
  • Evidence Preservation
  • Securing the Evidence
  • Chain of Custody
  • Preparing Incident Response Tools
  • Statically Linked Binaries
  • Import Library
  • Incident Response Tools Selection
  • Hackers’ Methods of Maintaining Presence (Persistence Methods)
  • Surviving Reboots
  • Autoruns
  • Services
  • Service Host Services
  • Stubpath
  • Scheduled Tasks
  • Windows Firewall
  • System Compromise Indicators (Quickly Detecting and Confirming Intrusions)
  • Firewall, IDS, etc.
  • Temporary Internet Files
  • Anti-Virus Logs
  • Hosts File
  • DNS Cache
  • Running Services
  • Critical Log Files
  • Network Connections
  • Memory
  • Recycled Bin
  • Hidden and Protected Files
  • Advanced Malware
  • Memory-Resident Malware
  • Memory Imaging Tools/Techniques
  • Memory Analysis Tools
  • Malware Analysis
  • Malware Analysis
  • Static Analysis
  • Dynamic Analysis
  • Building Incident Response Tool Suite
  • Building Trusted Toolkits
  • Testing the Tools
  • Windows Registry Analysis
  • Monitoring Registry Changes
  • System Information
  • Users Activities
  • Autostart Locations
  • Forensics
  • Time line Analysis
  • File Signature Analysis
  • Hash Analysis

Detailed syllabus is available.

Course Schedule and Registration: Course schedule and registration information is available here.

Back to Top

Hands-On How-To Malware Analysis Training Course/Class :

Syllabus:Detailed syllabus is available.

Real-World Scenario (Course Overview): You are the leader of an incident response team charged with conducting high-profile cyber crime investigations for a major government agency with 182,522 nodes. This organization is hit with millions of hacking attempts daily. The enterprise network has been under attack for the past two weeks and members of your team have been working around-the-clock to contain the incident. After many man-hours, the network seemed calm and the attack appeared to be thwarted; or so you thought. Exactly one week later, a member of the Tier II team observes that attackers have successfully penetrated valuable systems and are pilfering crucial government data to a foreign country. Some of the malicious software (malware) has been captured, but you have limited expertise to answer critical questions about the compromise. Senior agency's officials are demanding immediate answers as to how the malware got into the network, where it originated from, what critical data was compromised, who created the malware, and how the agency can defend against this type of attack in the future. Do you have the requisite skills to provide quick and accurate answers to the above high profile penetration and mitigate future attempts?

 

Today's cyber adversaries are highly skilled and sophisticated hackers who are either part of state-sponsored or organized crime. These �elite� hackers are so advanced that current security measures do not detect, let alone prevent their attacks. These criminals are paid and spend ample time conducting reconnaissance about their targets, then customizing their attack towards the victim. The firewall doesn't prevent the attack and the IDS doesn't detect these intrusions. These cyber criminals continue to leverage users' susceptibility to social engineering attacks to infiltrate critical networks. Once inside the network, they lay low on the radar and often go undetected since there are no known signatures.

Malware Analysis is a time-consuming effort that requires specialized expertise, procedures, tools, and real-world analysis skills. NetSecurity's Hands-On How-To® Malware Analysis course teaches students the step-by-step process for quickly analyzing malware to determine the extent of their malicious intent and device appropriate countermeasures. The Hands-On How-To ® Lab Exercises (HOHTLEs) covered in the course incorporate significant real-world experience necessary for delivering legally admissible world-class results in the field.

NetSecurity Benefits: Through years of real-world hands-on cyber security, digital forensics, and incident response experience, NetSecurity has supported Fortune 500 companies and federal agencies such as the IRS, DHS , VA , BBG, DOL, NSF, and DoD. The benefits of our Hands-On How-To ® Malware Analysis course include:

  • Skills to establish and fortify an organization's security, forensics, and incident response capabilities
  • Customized private sessions, tailored towards organizations' unique environments
  • Detailed step-by-step and how-to instructions
  • Instructor-led and student-performed hands-on exercises
  • Real-world simulations of malicious software in a lab environment
  • Seasoned expert instructors with real-world hands-on consulting and training experience
  • Arsenal of take-aways (tools, templates, guides, and relevant forensics resources)
  • Up-to-date course content, addressing emerging malware analysis challenges
  • Small class sizes ensuring maximum student-instructor interaction
  • Vendor-neutral content, covering commercial and freeware tools

Target Audience:

The Malware Analysis course is targeted towards technical professionals, including:

  • Computer Forensics Investigators
  • Incident Responders
  • Malware Analysts
  • Information Security Professionals
  • Technology Enthusiasts

Course Format:

  • Interactive presentations by security, forensics, and incident response expert instructor
  • Hands-On How-To® Lab Exercises performing computer forensics and incident response

Course Duration:Three (3) Days

Course Cost:CALL

Course Objectives: Upon successful completion of the Hands-On How-To® Malware Analysis course, each participant will be armed with the knowledge, tools, and processes required in conducting malware analysis and producing a report that can withstand legal scrutiny. Specifically, students will possess relevant knowledge and real-world hands-on skills in:

  • Introduction to Malware Analysis
  • Malware Hiding Places
  • Building a Malware Analysis Lab (Environment)
  • Static Analysis
  • Dynamic Analysis
  • Code Analysis
  • Malicious Document Analysis
  • Identifying and Protecting against Malware
  • Malware Challenges in the Real-World

Course Topics:

NetSecurity’s Malware Analysis course includes in-depth coverage of real-world scenarios and HOHTLEs in the following areas:

Topics Discussion and HOHTLEs
  • Introduction to Malware Analysis
  • Malware Taxonomy
  • Malware Threats
  • Malware Analysis Methodologies
  • Legal Considerations
  • Identifying and Protecting against Malware
  • Malware Hiding Places
  • Collecting Malware from Live system
  • Identifying Malware in Dead system
  • Building a Malware Analysis Lab (Environment)
  • Virtual Machine
  • Real Systems
  • Malware Analysis Tools
  • Static Analysis
  • Detailed File Analysis
  • Database of File Hashes
  • Identifying File Compile Date
  • Identifying Packing/Obfuscation Methods
  • Performing Strings
  • File Signature Analysis
  • Local and Online Malware Scanning
  • Identifying File Dependencies
  • Dynamic Analysis
  • System Baselining
  • Host Integrity Monitor
  • Installation Monitor
  • Process Monitor
  • File Monitor
  • Registry Analysis/Monitoring
  • Network Traffic Monitoring/Analysis
  • Port Monitor
  • DNS Monitoring/Resolution
  • Simulating Internet Services
  • Code Analysis
  • Reverse Engineering Malicious Code
  • Identifying Malware Passwords
  • Bypassing Authentication
  • Malicious Document Analysis
  • PDF and Microsoft Office Document Structures
  • PDF and Office Documents Vulnerabilities
  • Malware Extraction and Analysis Tools
  • Analysis of Malicious Documents
  • Malware Challenges
  • Virtual Environment
  • Live Internet Connection
  • Real, Fake, and Virtual Services
  • Anti-Debug and Anti-forensic Malware       

Detailed syllabus is available.

Course Schedule and Registration: Course schedule and registration information is available here.

Back to Top

Hands-On How-To Memory Forensics Training Course/Class :

Syllabus:Detailed syllabus is available.

Real-World Scenario (Course Overview): A prominent Government agency has suffered a massive cyber intrusion. The intrusion appears to be a highly sophisticated attack launched by highly skilled hackers who are part of a state-sponsored cyber crime. These �elite� hackers launched a successful and advanced attack that went undetected and unprevented by the agency's current perimeter security measures. Once these attackers penetrated the network, they flew below the radar and went undetected for months while pilfering vital data.

 

Your firm has been recruited to assist in the investigation. When your team arrives at the cyber crime scene, you notice that some of the compromised systems have been powered down while others are still up and running. Preliminary analysis of the running systems yields no trace of the intrusion on the file systems. Your last resort is to collect volatile data, including memory images of each penetrated system, for later analysis.

Memory forensics analysis is a branch of computer investigation that requires special expertise in excavating relevant artifacts from memory. NetSecurity's Hands-On How-To ® Memory Forensics course teaches students about volatile data stored in memory, which are lost when the system is powered down. Course participants learn to pluck evidentiary information such as memory-resident malware, passwords/passphrases, Internet history, and other critical information running in memory. Upon memory acquisition, students learn how to conduct analysis on memory images and generating reports. The Hands-On How-To ® Lab Exercises (HOHTLEs) covered in the course incorporate significant real-world experience necessary for delivering legally admissible world-class results in the field.

NetSecurity Benefits: Through years of real-world hands-on cyber security, digital forensics, and incident response experience, NetSecurity has supported Fortune 500 companies and federal agencies such as the IRS, DHS , VA , BBG, DOL, NSF, and DoD. The benefits of our Hands-On How-To ® Malware Analysis course include:

  • Skills to establish and fortify an organization's security, forensics, and incident response capabilities
  • Customized private sessions, tailored towards organizations' unique environments
  • Detailed step-by-step and how-to instructions
  • Instructor-led and student-performed hands-on exercises
  • Real-world simulations of malicious software in a lab environment
  • Seasoned expert instructors with real-world hands-on consulting and training experience
  • Arsenal of take-aways (tools, templates, guides, and relevant forensics resources)
  • Up-to-date course content, addressing emerging malware analysis challenges
  • Small class sizes ensuring maximum student-instructor interaction
  • Vendor-neutral content, covering commercial and freeware tools

Target Audience:

The Memory Forensics course is targeted towards technical professionals, including:

  • Computer Forensics Investigators
  • Incident Responders
  • Malware Analysts
  • Information Security Professionals
  • Technology Enthusiasts

Course Format:

  • Interactive presentations by security, forensics, and incident response expert instructor
  • Hands-On How-To® Lab Exercises performing memory forensics analysis

Course Duration:Two (2) Days

Course Cost:CALL

Course Objectives: Upon successful completion of the Hands-On How-To ® Memory Forensics course, each participant will learn about volatile data stored in memory, which are lost when the system is powered down. Course participants also learn how to extract evidentiary information such as memory-resident malware, passwords/passphrases, Internet history, and other information running in memory. Upon memory acquisition, students learn about conducting analysis on memory images and generating reports. Students will be armed with the knowledge, tools, and processes required in conducting memory forensics and producing a report that can withstand legal scrutiny. Specifically, students will possess relevant knowledge and real-world hands-on skills in:

  • Introduction to Memory Forensics
  • Memory Acquisition
  • Volatility for RAM Analysis
  • File Carving
  • Fuzzy Hashing
  • Analysis of Extracted Malware Specimen

Course Topics:

NetSecurity's Memory Forensics course includes in-depth coverage of real-world scenarios and HOHTLEs.

Topics Discussion and HOHTLEs
  • Introduction to Memory Forensics
  • What is in RAM?
  • Why Physical Memory Analysis
  • Identify Malicious Property
  • Memory Analysis Challenges
  • Memory Analysis Tools
  • Memory Acquisition
  • Acquiring the RAM, Hibernation Files, Page/Swap Files
  • Acquisition Tools (Winen, FastDump, FTK Imager, MDD, etc.)
  • Remote Acquisition
  • Volatility for RAM Analysis
  • Memory Analysis with Volatility
  • Virtual Address Descriptors (VAD) tree
  • Volatility Modules
  • Volatility Plug-ins
  • Network Connections, Loaded DLLs, Open Files,
  • Extracting Process Memory, EXEs, and DLLs from RAM
  • Recovering Passphrases and Encryption Keys
  • Analyzing RAM for Malware
  • File Carving
  • File Extraction using Scapel, Foremost, FTK, and other File Carving Tools
  • Fuzzy Hashing
  • MD5 Hash
  • Fuzzy Hashing
  • File Matching
  • Malware-Injected Processes
  • Analysis of Extracted Malware Specimen
  • Static
  • Dynamic Analysis
  • Code Analysis   

Detailed syllabus is available.

Course Schedule and Registration: Course schedule and registration information is available here

Back to Top

Hands-On How-To Malicious Document Analysis Training Course/Class :

Syllabus: Detailed syllabus is available.

Real-World Scenario (Course Overview): You have been recruited as the head of information security of a reputable organization, with over 125,000 hosts and 50,000 users. The organization has invested in top-of-the-line perimeter defenses, including firewalls, intrusion detection and prevention systems, virtual private networks (VPNs) and content filtering technologies. The organization also has �well trained� incident responders and intrusion detection analysts who monitor the entries network vigilantly. The employees of this entity are often trained on opening email attachments, even though they may be scanned by the content filtering technologies that you just purchased and deployed.

 

The perimeter defenses are configured with very simple but stringent rule-sets to prevent cyber adversaries from infiltrating your network. Everything is going well, when on the eve of your long-planned Mediterranean cruise, you receive a call stating that several employees have received some suspicious documents through email and web downloads. You direct the security team to scan the documents for a possible virus, but no virus was detected. Soon the team observes some strange command-and-control communications being initiated from the user systems to an IP address in a foreign country. Unfortunately, the cable news networks are covering the cyber intrusion of your organization and your career is at stake for not preventing this attack in the first place.

Although no anti-virus software was able to detect a malware, your analysts have captured the suspicious document, but lack the knowledge and resources to provide prompt answers to the provocative questions being ask by upper management. Do you have the requisite skills to provide quick and accurate answers pertaining to the above incident and mitigate future attempts?

Cyber attackers now use malicious documents as an attack vector to bypass enterprise perimeter defensive measures and anti-virus solutions. NetSecurity's Hands-On How-To® Malicious Document Analysis course teaches students how to analyze malicious documents such as Microsoft Office and Adobe Acrobat PDF files for the presence of hidden malware. Course participants learn the tools and techniques for reverse-engineering malicious documents, finding and extracting hidden code, Shellcodes, JavaScripts, and VBA macros from an infected document. Students also learn how to disassemble and examine these malicious codes to understand their intent and capabilities. The Hands-On How-To ® Lab Exercises (HOHTLEs) covered in the course incorporate significant real-world experience necessary for delivering legally admissible world-class results in the field.

NetSecurity Benefits: Through years of real-world hands-on cyber security, digital forensics, and incident response experience, NetSecurity has supported Fortune 500 companies and federal agencies such as the IRS, DHS , VA , BBG, DOL, NSF, and DoD. The benefits of our Hands-On How-To ® Malicious Document Analysis course include:

  • Skills to establish and fortify an organization's security, forensics, and incident response capabilities
  • Customized private sessions, tailored towards organizations' unique environments
  • Detailed step-by-step and how-to instructions
  • Instructor-led and student-performed hands-on exercises
  • Real-world simulations of malicious software in a lab environment
  • Seasoned expert instructors with real-world hands-on consulting and training experience
  • Arsenal of take-aways (tools, templates, guides, and relevant forensics resources)
  • Up-to-date course content, addressing emerging malware analysis challenges
  • Small class sizes ensuring maximum student-instructor interaction
  • Vendor-neutral content, covering commercial and freeware tools

Target Audience:

The Malicious Document Analysis course is targeted towards technical professionals, including:

  • Computer Forensics Investigators
  • Incident Responders
  • Malware Analysts
  • Information Security Professionals
  • Technology Enthusiasts

Course Format:

  • Interactive presentations by security, forensics, and incident response expert instructor
  • Hands-On How-To® Lab Exercises performing malicious code analysis

Course Duration: One (1) Day

Course Cost: CALL

Course Objectives: Upon successful completion of the Hands-On How-To® Malicious Document Analysis course, each participant will be armed with the knowledge, tools, and processes required to analyze malicious Microsoft Office and Adobe PDF files for the presence of hidden malware. Students learn the tools and techniques for disassembling and reverse-engineering malicious documents, finding and extracting hidden codes, Shellcodes, JavaScripts, and VBA macros from an infected document. Specifically, students will possess relevant knowledge and real-world hands-on skills in:

  • Document Structures
  • Document Vulnerabilities
  • Tools of the Trade
  • Malware Extraction
  • Malware Analysis

Course Topics:

NetSecurity’s Malicious Document Analysis course includes in-depth coverage of real-world scenarios and HOHTLEs in the following areas:

Topics Discussion and HOHTLEs
  • Document Structures
  • PDF Document Structures
  • Microsoft Office Document Structures
  • Document Vulnerabilities
  • PDF  Vulnerabilities
  • Potentially Dangerous PDF Functions
  • Office Documents Vulnerabilities
  • Tools of the Trade
  • OfficeMalScanner
  • MalHost-Setup
  • Offvis
  • PDFiD
  • PDF-parser
  • Origami (Walker, PDFscan, Extractjs)
  • Malzilla
  • DisView
  • PDF StructAzer
  • Many more
  • Malware Extraction
  • Malware Codes/Specimens (Shellcodes, JavaScripts, and VBA macros)
  • Locating Malicious Code in a Document
  • Extracting Malware from PDF Documents
  • Extracting Malware from Office Documents
  • Extracting Infected Documents from RAM
  • Malware Analysis
  • Static Analysis of Malware Specimen
  • Dynamic Analysis Malware Specimen
  • Reverse-Engineering & Disassembling Malware

Detailed syllabus is available.

Course Schedule and Registration: Course schedule and registration information is available here.

Back to Top