Forensic Courses

Forensic Courses

FOR500: Windows Forensic Analysis

SANS DFIR is training a new cadre of the world's best digital forensic professionals, incident responders, and media exploitation experts capable of piecing together what happened on Windows computer systems second by second. Our FOR500: Windows Forensic Analysis will teach you to conduct in-depth forensic analysis of Windows operating systems and media exploitation focusing on Windows 7-Windows 10. FOR500 focuses on identifying artifact and evidence locations to answer critical questions, including application execution, file access, data theft, external device usage, cloud services, geolocation, file download, anti-forensics, and detailed system usage. The class will help focus your capabilities on analysis instead of on how to use a particular tool.

FOR508: Advanced Digital Forensics, Incident Response, and Threat Hunting

Threat hunting and Incident response tactics and procedures have evolved rapidly over the past several years. Your team can no longer afford to use antiquated incident response and threat hunting techniques that fail to properly identify compromised systems. The key is to constantly look for attacks that get past security systems, and to catch intrusions in progress, rather than after attackers have completed their objectives and done worse damage to the organization. For the incident responder, this process is known as "threat hunting".

This in-depth incident response and threat hunting course provides responders and threat hunting teams with advanced skills to hunt down, identify, counter, and recover from a wide range of threats within enterprise networks, including APT nation-state adversaries, organized crime syndicates, and hactivism.

FOR518: Mac and iOS Forensic Analysis and Incident Response

Times and trends change and forensic investigators and analysts need to change with them. The new Mac and iOS Forensic Analysis and Incident Response course provides the tools and techniques necessary to take on any Mac case without hesitation. The intense hands-on forensic analysis skills taught in the course will enable Windows-based investigators to broaden their analysis capabilities and have the confidence and knowledge to comfortably analyze any Mac or iOS system.

FOR526: Memory Forensics In-Depth

Memory Forensics In-Depth provides the critical skills necessary for digital forensics examiners and incident responders to proficiently analyze captured memory images and live response audits. The course uses the most effective freeware and open-source tools in the industry today and provides an in-depth understanding of how these tools work. FOR526 is a critical course for any serious DFIR investigator who wants to tackle advanced forensics, trusted insider, and incident response cases.

FOR572: Advanced Network Forensics: Threat Hunting, Analysis, and Incident Response

This course was built from the ground up to cover the most critical skills needed to mount efficient and effective post-incident response investigations. The course focuses on the knowledge necessary to expand the forensic mindset from residual data on the storage media of a system or device to the transient communications that occurred in the past or continue to occur. Even if the most skilled remote attacker compromised a system with an undetectable exploit, the system still has to communicate over the network. Without command-and-control and data extraction channels, the value of a compromised computer system drops to almost zero.

Put another way: Bad guys are talking - we'll teach you to listen.

FOR578: Cyber Threat Intelligence

Cyber threat intelligence represents a force multiplier for organizations looking to update their response and detection programs to deal with increasingly sophisticated advanced persistent threats. Malware is an adversary's tool but the real threat is the human one, and cyber threat intelligence focuses on countering those flexible and persistent human threats with empowered and trained human defenders.

During a targeted attack, an organization needs a top-notch and cutting-edge threat hunting or incident response team armed with the threat intelligence necessary to understand how adversaries operate and to counter the threat. FOR578: Cyber Threat Intelligence will train you and your team in the tactical, operational, and strategic level cyber threat intelligence skills and tradecraft required to make security teams better, threat hunting more accurate, incident response more effective, and organizations more aware of the evolving threat landscape.

FOR585: Advanced Smartphone Forensics

It is almost impossible today to conduct a digital forensic investigation that does not include a smartphone or mobile device. Smartphones are replacing the need for a personal computer, and almost everyone owns at least one. The smartphone may be the only source of digital evidence tracing an individual's movements and motives, and thus can provide the who, what, when, where, why, and how behind a case. FOR585: Advanced Smartphone Forensics teaches real-life, hands-on skills that help digital forensic examiners, law enforcement officers, and information security professionals handle investigations involving even the most complex smartphones currently available.

FOR610: Reverse-Engineering Malware: Malware Analysis Tools and Techniques

Learn to turn malware inside out! This popular course explores malware analysis tools and techniques in depth. FOR610 training has helped forensic investigators, incident responders, security engineers, and IT administrators acquire the practical skills to examine malicious programs that target and infect Windows systems.

MGT517: Managing Security Operations: Detection, Response, and Intelligence

Managing Security Operations entails the design, build, operation and ongoing growth of all facets of the security capability of the organization. An effective SOC has many moving parts and must be designed with the ability to adjust and work within the constraints of the organization. To run a successful SOC, managers need to provide tactical and strategic direction and inform staff of the changing threat environment as well as provide guidance and training for employees. This course covers design, deployment and operation of the security program to empower leadership through technical excellence.

The course covers the functional areas: Communications, Network Security Monitoring, Threat Intelligence, Incident Response, Forensics, and Self-Assessment.

SEC504: Hacker Tools, Techniques, Exploits, and Incident Handling

SEC504 will prepare you to turn the tables on computer attackers. This course addresses the latest cutting-edge insidious attack vectors, the "oldie-but-goodie" attacks that are still so prevalent, and everything in between. You will learn a time-tested, step-by-step process to respond to computer incidents; how attackers undermine systems so you can prepare, detect, and respond to them; and how to discover holes in your system before the bad guys do. Instead of merely teaching you a few hack attack tricks, this course will give you hands-on experience, equip you with a comprehensive incident handling plan, and help you understand the legal issues associated with responding to computer attacks, including employee monitoring, working with law enforcement, and handling evidence.

SEC573: Automating Information Security with Python

SEC573 will prepare you to apply Python coding skills to do your job more efficiently and help take your career to the next level. Whether or not you have prior experience and knowledge of programming, this self-paced course will meet you where you are so you can get the most out of the class. You will learn to tweak, customize, and develop your own tools to become a great penetration tester; develop applications that interact with networks, websites, databases, and file systems; and build practical applications that you can immediately put into use in your penetration tests. If you already know the essentials, the pyWars lab environment will allow you to quickly accelerate to more advanced material.