SANS FOR509: Enterprise Cloud Forensics and Incident Response

دوره SANS FOR509: Enterprise Cloud Forensics and Incident Response به شما کمک خواهد کرد که بیاموزید که چگونه فرآیندهای پزشکی قانونی خود را برای پردازش سریعتر داده ها در فضای ابری بررسی می کند. همچنین یاد خواهید گرفت که چگونه از منابع Microsoft Azure، AWS و Google Cloud Platform برای جمع آوری شواهد استفاده کنید و بدانید که مایکروسافت 365 و Google Workspace چه گزارش هایی را برای بررسی در اختیار تحلیلگران قرار داده اند. آزمایشگاه‌های عملی متعدد در طول دوره به شما این امکان می‌دهد به شواهد تولید شده بر اساس رایج‌ترین حوادث و تحقیقات دسترسی داشته باشید. همچنین در دوره SANS FOR509 یاد خواهید گرفت که داده ها را از کجا استخراج کنید و چگونه آن ها را تجزیه و تحلیل کنید. داده‌ها به جای اینکه مستقیماً از طریق ابر به آنها دسترسی داشته باشید، در VM شما در دسترس خواهند بود تا از تجربه آزمایشگاهی ثابتی اطمینان حاصل شود.

 

لینک دانلود دوره آموزشی SANS FOR509: Enterprise Cloud Forensics and Incident Response

 

حجم: 4 گیگابایت

دانلود – eBooks PDF
دانلود – Video – بخش اول
دانلود – Video – بخش دوم
دانلود – Virtual Machine – بخش اول
دانلود – Virtual Machine – بخش دوم
دانلود – Virtual Machine – بخش سوم

Date: 2021
Price: $8,525 USD
Publisher: SANS
By: David Cowen, Pierre Lidome, Josh Lemon, Megan Roddie-Fonseca
Format: eBook PDF + WorkBook + Video + Virtual Machine
Website: Link

What You Will Learn

Find the Storm in the Cloud
FOR509: Enterprise Cloud Forensics and Incident Response will help you
  • Understand forensic data only available in the cloud
  • Implement best practices in cloud logging for DFIR
  • Learn how to leverage Microsoft Azure, AWS and Google Cloud Platform resources to gather evidence
  • Understand what logs Microsoft 365 and Google Workspace have available for analysts to review
  • Learn how to move your forensic processes to the cloud for faster data processing

With FOR509: Enterprise Cloud Forensics and Incident Response, examiners will learn how each of the major cloud service providers (Microsoft Azure, Amazon AWS and Google Cloud Platform) are extending analyst’s capabilities with new evidence sources not available in traditional on-premise investigations. From cloud equivalents of network traffic monitoring to direct hypervisor interaction for evidence preservation, forensics is not dead. It is reborn with new technologies and capabilities.

Incident response and forensics are primarily about following breadcrumbs left behind by attackers. These breadcrumbs are primarily found in logs. Your knowledge of the investigation process is far more important than the mechanics of acquiring the logs.

This class focuses on log analysis to help examiners come up to speed quickly with cloud-based investigation techniques. It’s critical to know which logs are available in the cloud, their retention, whether they are turned on by default, and how to interpret the meaning of the events they contain.

Numerous hands-on labs throughout the course will allow examiners to access evidence generated based on the most common incidents and investigations. Examiners will learn where to pull data from and how to analyze it to find evil. The data will be available in your VM rather than accessed directly via the cloud to ensure a consistent lab experience.

FOR509 Enterprise Cloud Forensics Will Prepare Your Team To

  • Learn and master the tools, techniques, and procedures necessary to effectively locate, identify, and collect data no matter where it is located
  • Identify and utilize new data only available from cloud environments
  • Utilize cloud-native tools to capture and extract traditional host evidence
  • Quickly parse and filter large data sets using scalable technologies such as the Elastic Stack
  • Understand what data is available in various cloud environments

FOR509 Enterprise Cloud Forensics Course Topics

  • Cloud Infrastructure and IR data sources
  • Microsoft 365 and Graph API Investigations
  • Azure Incident Response
  • AWS Incident Response
  • High-level Kubernetes Clouds logs
  • Google Workspace Investigations
  • Google Cloud Incident Response

Business Takeaways

  • Understand digital forensics and incident response as it applies to the cloud
  • Identify malicious activities within the cloud
  • Cost-effectively use cloud-native tools and services for DFIR
  • Ensure the business is adequately prepared to respond to cloud incidents
  • Decrease adversary dwell time in compromised cloud deployments

What You Will Receive

  • SOF-ELK(R) Virtual Machine – a publicly available appliance running the Elastic Stack and the course author’s custom set of configurations and lab data. The VM is preconfigured to ingest cloud logs from Microsoft 365, Azure, AWS, Google Cloud and Google Workspace. It will be used during the class to help students wade through the large number of records they are likely to encounter during a typical investigation.
  • Case data to examine during class.
  • Electronic workbook with detailed step-by-step instructions and examples to help you master cloud forensics

Syllabus (36 CPEs)

FOR509.1: Microsoft 365 and Graph API
FOR509.2: Microsoft Azure
FOR509.3: Amazon (AWS)
FOR509.4: Google Workspace
FOR509.5: Google Cloud
FOR509.6: Multi-Cloud Intrusion Challenge

90%
Awesome
  • Design
دیدگاه

آدرس ایمیل شما منتشر نخواهد شد.