Advanced Digital Forensics, Incident Response, and Threat Hunting Training Course Hands-on
Threat hunting and Incident response tactics and procedures have evolved rapidly over the past several years. Your team can no longer afford to use antiquated incident response and threat hunting techniques that fail to properly identify compromised systems, provide ineffective containment of the breach, and ultimately fail to rapidly remediate the incident. Incident response and threat hunting teams are the keys to identifying and observing malware indicators and patterns of activity in order to generate accurate threat intelligence that can be used to detect current and future intrusions.
This in-depth Advanced Digital Forensics, Incident Response, and Threat Hunting Training course provides responders and threat hunting teams with advanced skills to hunt down, identify, counter, and recover from a wide range of threats within enterprise networks, including APT nation-state adversaries, organized crime syndicates, and hactivism. Constantly updated, Advanced Digital Forensics, Incident Response, and Threat Hunting Training addresses today's incidents by providing hands-on incident response and threat hunting tactics and techniques that elite responders and hunters are successfully using to detect, counter, and respond to real-world breach cases.
The Advanced Digital Forensics, Incident Response, and Threat Hunting Training course uses a hands-on enterprise intrusion lab - modeled after a real-world targeted APT attack on an enterprise network and based on APT group tactics to target a network - to lead you to challenges and solutions via extensive use of the SIFT Workstation collection of tools. During the Advanced Digital Forensics, Incident Response, and Threat Hunting Training lab exercises, you will identify where the initial targeted attack occurred and how the adversary is moving laterally through multiple compromised systems. You will also extract and create crucial cyber threat intelligence that can help you properly scope the compromise and detect future breaches.
● We can adapt this course to your group’s background and work requirements at little to no added cost.
● If you are familiar with some aspects of this Advanced Digital Forensics, Incident Response, and Threat Hunting Training course, we can omit or shorten their discussion.
● We can adjust the emphasis placed on the various topics or build the course around the mix of technologies of interest to you (including technologies other than those included in this outline).
● If your background is nontechnical, we can exclude the more technical topics, include the topics that may be of special interest to you (e.g., as a manager or policy-maker), and present the course in manner understandable to lay audiences.
Audience / Target Group
• Incident Response Team Members who regularly respond to complex security incidents/intrusions from APT groups/advanced adversaries and need to know how to detect, investigate, remediate, and recover from compromised systems across an enterprise.
• Threat Hunters who are seeking to understand threats more fully and how to learn from them in order to more effectively hunt threats and counter their tradecraft.
• Experienced Digital Forensic Analysts who want to consolidate and expand their understanding of memory and timeline forensics, investigation of technically advanced individuals, incident response tactics, and advanced intrusion investigations.
• Information Security Professionals who may encounter data breach incidents and intrusions.
• Federal Agents and Law Enforcement Professionals who want to master advanced intrusion investigations and incident response, and expand their investigative skills beyond traditional host-based digital forensics.
Duration: 6 days
• Advanced Digital Forensics, Incident Response, and Threat Hunting Training is an advanced incident response and threat hunting course that focuses on detecting and responding to advanced persistent threats and organized crime threat groups. We do not cover the introduction or basics of incident response, Windows digital forensics, or hacker techniques in this course.
• We recommend that you should have a background in one of the following courses:Hacker Tools, Techniques, Exploits, and Incident Handling training or Windows Forensic Analysis, or equivalent training
After completing this Advanced Digital Forensics, Incident Response, and Threat Hunting Training course, attendees will be able to:
• Learn and master the tools, techniques, and procedures necessary to effectively hunt, detect, and contain a variety of adversaries and to remediate incidents.
• Detect and hunt unknown live, dormant, and custom malware in memory across multiple Windows systems in an enterprise environment.
• Hunt through and perform incident response across hundreds of unique systems simultaneously using F-Response Enterprise and the SIFT Workstation .
• Identify and track malware beaconing outbound to its command and control (C2) channel via memory forensics, registry analysis, and network connection residue.
• Determine how the breach occurred by identifying the beachhead and spear phishing attack mechanisms.
• Target advanced adversary anti-forensics techniques like hidden and time-stomped malware, along with utility-ware used to move in the network and maintain an attacker's presence.
• Use memory analysis, incident response, and threat hunting tools in the SIFT Workstation to detect hidden processes, malware, attacker command lines, rootkits, network connections, and more.
• Track user and attacker activity second-by-second on the system you are analyzing through in-depth timeline and super-timeline analysis.
• Recover data cleared using anti-forensics techniques via Volume Shadow Copy and Restore Point analysis.
• Identify lateral movement and pivots within your enterprise, showing how attackers transition from system to system without detection.
• Understand how the attacker can acquire legitimate credentials - including domain administrator rights - even in a locked-down environment.
• Track data movement as the attackers collect critical data and shift them to exfiltration collection points.
• Recover and analyze archives and .rar files used by APT-like attackers to exfiltrate sensitive data from the enterprise network.
• Use collected data to perform effective remediation across the entire enterprise.
• Advanced use of a wide range of best-of-breed open-source tools in the SIFT Workstation to perform incident response and digital forensics.
• Hunting and responding to advanced adversaries such as nation-state actors, organized crime, and hacktivists.
• Threat hunting techniques that will aid in quicker identification of breaches.
• Rapid incident response analysis and breach assessment.
• Incident response and intrusion forensics methodology.
• Remote and enterprise incident response system analysis.
• Windows live incident response.
• Memory analysis during incident response and threat hunting.
• Detailed instruction on Windows enterprise credentials and how they are compromised.
• Internal lateral movement analysis and detection.
• Rapid and deep-dive timeline creation and analysis.
• Volume shadow copy exploitation for hunting threats and incident response.
• Detection of anti-forensics and adversary hiding techniques.
• Discovery of unknown malware on a system.
• Adversary threat intelligence development, indicators of compromise, and usage.
• Cyber-kill chain strategies.
• Step-by-step tactics and procedures to respond to and investigate intrusion cases