دوره FOR572: Advanced Network Forensics: Threat Hunting, Analysis, and Incident Response یکی از بهترین دوره های امنیت می باشد که توسط شرکت SANS ارائه می شود به برسی روش های فارنزیک تحت شبکه و جمع آوری مدارک دیجیتالی از ترافیک شبکه از جمله تجهیزات شبکه از قبیل سوئیچ، روتر، فایروال، IDS، IPS و فارنزیک پروتکل های مختلف از قبیل …/http/SMB/SNTP/FTP و تجزیه و تحلیل اطلاعات جمع آوری شده می پردازد.
لینک دانلود دوره SANS FOR572: Advanced Network Forensics: Threat Hunting, Analysis, and Incident Response 2017
دانلود – حجم : 459 مگابايت
رمز فايل: technet24.ir
Price: 6,275 EUR
FOR572: ADVANCED NETWORK FORENSICS: THREAT HUNTING, ANALYSIS AND INCIDENT RESPONSE was designed to cover the most critical skills needed for the increased focus on network communications and artifacts in today’s investigative work, including numerous use cases. Many investigative teams are incorporating proactive threat hunting to their skills, in which existing evidence is used with newly-acquired threat intelligence to uncover evidence of previously-unidentified incidents. Others focus on post-incident investigations and reporting. Still others engage with an adversary in real time, seeking to contain and eradicate the attacker from the victim’s environment. In these situations and more, the artifacts left behind from attackers’ communications can provide an invaluable view into their intent, capabilities, successes, and failures.
In FOR572, we focus on the knowledge necessary to examine and characterize communications that have occurred in the past or continue to occur. Even if the most skilled remote attacker compromised a system with an undetectable exploit, the system still has to communicate over the network. Without command-and-control and data extraction channels, the value of a compromised computer system drops to almost zero.
Whether you are a consultant responding to a client’s site, a law enforcement professional assisting cybercrime victims and seeking prosecution of those responsible, an on-staff forensic practitioner, or a member of the growing ranks of threat hunters, this course offers hands-on experience with real-world scenarios that will help take your work to the next level. Previous SANS SEC curriculum students and other network defenders will benefit from the FOR572 perspective on security operations as they take on more incident response and investigative responsibilities. SANS DFIR alumni can take their existing operating system or device knowledge and apply it directly to the network-based attacks that occur daily. In FOR572, we solve the same caliber of real-world problems without the use of disk or memory images.
The hands-on labs in this class cover a wide range of tools and platforms, including the venerable tcpdump and Wireshark for packet capture and analysis; NetworkMiner for artifact extraction; and open-source tools including nfdump, tcpxtract, tcpflow, and more. Newly added tools in the course include the free and open-source SOF-ELK(R) platform – a VMware appliance pre-configured with a tailored configuration of the Elastic stack. This “big data” platform includes the Elasticsearch storage and search database, the Logstash ingest and parsing engine, and the Kibana graphical dashboard interface. Together with the custom SOF-ELK configuration files, the platform gives forensicators a ready-to-use platform for log and NetFlow analysis. For full-packet analysis and hunting at scale, the free and open-source Moloch platform is also covered and used in a hands-on lab. Through all of the in-class labs, shell scripting skills are highlighted as quick and easy ways to rip through hundreds of thousands of data records.
FOR572 is truly an advanced course – we hit the ground running on day one. Bring your entire bag of skills: forensic techniques and methodologies, full-stake networking knowledge (from the wire all the way up to user-facing services), Linux shell utilities, and everything in between. They will all benefit you throughout the course material as you FIGHT CRIME. UNRAVEL INCIDENTS…ONE BYTE (OR PACKET) AT A TIME.
Advanced Network Forensics: Threat Hunting, Analysis and Incident Response Course Topics:
- Foundational network forensics tools: tcpdump and Wireshark refresher
- Packet capture applications and data
- Unique considerations for network-focused forensic processes
- Network evidence types and sources
- Network architectural challenges and opportunities for investigators
- Investigation OPSEC and footprint considerations
- Network protocol analysis
- Hypertext Transfer Protocol (HTTP)
- Domain Name Service (DNS)
- File Transfer Protocol (FTP)
- Server Message Block (SMB) and related Microsoft protocols
- Simple Mail Transfer Protocol (SMTP)
- Commercial network forensic tools
- Automated tools and libraries
- Collection approaches
- Open-source NetFlow tools
- Wireless networking
- Capturing wireless traffic
- Useful forensic artifacts from wireless traffic
- Common attack methods and detection
- Log data to supplement network examinations
- Microsoft Windows Event Forwarding
- HTTP server logs
- Firewalls, Intrusion Detection Systems (IDSes), and Network Security Monitoring (NSM) Platforms
- Log collection, aggregation, and analysis
- Web proxy server examination
- Secure Sockets Layer (SSL) and Transport Layer Security (TLS)
- Deep packet work
- Network protocol reverse engineering
- Payload reconstruction