Forensic Courses

Forensic Courses

FOR408: Windows Forensic Analysis

This course covers the fundamental steps of the in-depth computer forensic and media exploitation methodology so that each student will have the complete qualifications to work as a computer forensic investigator in the field helping solve and fight crime. In addition to in-depth technical digital forensic knowledge on Windows Digital Forensics (Windows XP through Windows 7 and Server 2008) you will be exposed to well known computer forensic tools so such as Access Data's Forensic Toolkit (FTK), Guidance Software's EnCase, Registry Analyzer, FTK Imager, Prefetch Analyzer, and much more. Many of the tools covered in the course are freeware, comprising a full-featured forensic laboratory that each student can take with them.

SEC504: Hacker Tools, Techniques, Exploits and Incident Handling

This course addresses the latest cutting-edge insidious attack vectors, the "oldie-but-goodie" attacks that are still so prevalent, and everything in between. Instead of merely teaching a few hack attack tricks, this course includes a time-tested, step-by-step process for responding to computer incidents; a detailed description of how attackers undermine systems so you can prepare, detect, and respond to them; and a hands-on workshop for discovering holes before the bad guys do. Additionally, the course explores the legal issues associated with responding to computer attacks, including employee monitoring, working with law enforcement, and handling evidence.

FOR508: Advanced Digital Forensics and Incident Response

FOR508: Advanced Incident Response and Digital Forensics. This in-depth incident response course provides responders with advanced skills to hunt down, counter, and recover from a wide range of threats within enterprise networks, including APT adversaries, organized crime syndicates, and hactivism. Constantly updated, the incident response course (FOR508) addresses today's incidents by providing hands-on incident response tactics and techniques that elite responders are successfully using in real-world breach cases.

A hands-on enterprise intrusion lab - developed from a real-world targeted APT attack on an enterprise network and based on how an APT group will target your network - leads you through the challenges and solutions via extensive use of the SANS SIFT Workstation collection of tools.

FOR518: Mac Forensic Analysis

Times and trends change and forensic investigators and analysts need to change with them. The new FOR518: Mac Forensic Analysis course provides the tools and techniques necessary to take on any Mac case without hesitation. The intense hands-on forensic analysis skills taught in the course will enable Windows-based investigators to broaden their analysis capabilities and have the confidence and knowledge to comfortably analyze any Mac or iOS system.

FOR526: Memory Forensics In-Depth

Memory Forensics In-Depth provides the critical skills necessary for digital forensics examiners and incident responders to proficiently analyze captured memory images and live response audits. The course uses the most effective freeware and open-source tools in the industry today and provides an in-depth understanding of how these tools work. FOR526 is a critical course for any serious DFIR investigator who wants to tackle advanced forensics, trusted insider, and incident response cases.

MGT535: Incident Response Team Management

This course discusses the often-neglected topic of managing an incident response team. Given the frequency and complexity of today's cyber-attacks, incident response is a critical function for organizations. Incident response is the last line of defense.

This course was developed by an information security professional with over 26 years of experience, much of it in incident response. He was the founder of the first U.S. government incident response team. Students will learn by applying course content through hands-on skill-building exercises. These exercises range from: writing and evaluating incident response procedures, to the table-top validation of procedures, incident response management role playing in hypothetical scenarios, and hands-on experience in tracking incident status in hypothetical scenarios.

FOR572: Advanced Network Forensics and Analysis

This course was built from the ground up to cover the most critical skills needed to mount efficient and effective post-incident response investigations. The course focuses on the knowledge necessary to expand the forensic mindset from residual data on the storage media of a system or device to the transient communications that occurred in the past or continue to occur. Even if the most skilled remote attacker compromised a system with an undetectable exploit, the system still has to communicate over the network. Without command-and-control and data extraction channels, the value of a compromised computer system drops to almost zero.

Put another way: Bad guys are talking - we'll teach you to listen.

FOR578: Cyber Threat Intelligence

Make no mistake: current computer network defense and incident response contains a strong element of intelligence and counterintelligence that analysts must understand and leverage in order to defend their computers, networks, and proprietary data. FOR578: Cyber Threat Intelligence will help network defenders and incident responders determine:

  • Construct and exploit threat intelligence to detect, respond, and defeat advanced persistent threats (APTs)
  • Fully analyze successful and unsuccessful intrusions by advanced attackers
  • Piece together intrusion campaigns, threat actors, and nation-state organizations
  • Manage, share, and receive intelligence on APT adversary groups
  • Generate intelligence from their own data sources and share it accordingly
  • Identify, extract, and leverage intelligence from APT intrusions
  • Expand upon existing intelligence to build profiles of adversary groups
  • Leverage intelligence to better defend against and respond to future intrusions.

FOR585: Advanced Smartphone Forensics

It is almost impossible today to conduct a digital forensic investigation that does not include a smartphone or mobile device. Smartphones are replacing the need for a personal computer, and almost everyone owns at least one. The smartphone may be the only source of digital evidence tracing an individual's movements and motives, and thus can provide the who, what, when, where, why, and how behind a case. FOR585: Advanced Smartphone Forensics teaches real-life, hands-on skills that help digital forensic examiners, law enforcement officers, and information security professionals handle investigations involving even the most complex smartphones currently available.

FOR610: Reverse-Engineering Malware: Malware Analysis Tools and Techniques

This popular course explores malware analysis tools and techniques in depth. FOR610 training has helped forensic investigators, incident responders, security engineers, and IT administrators acquire the practical skills to examine malicious programs that target and infect Windows systems. Understanding the capabilities of malware is critical to an organization's ability to derive threat intelligence, respond to information security incidents, and fortify defenses. This course builds a strong foundation for reverse-engineering malicious software using a variety of system and network monitoring utilities, a disassembler, a debugger, and other tools useful for turning malware inside-out.