This course will teach you how to set up a complete inforensic analysis procedure for heterogeneous environments. You will discuss the incident response from an organizational point of view. You will also study the appropriate methodologies and tools used in the technical phase of the incident response, namely the info-rensic (or post-incident) analysis. Upon completion of the training, you will be able to preserve the digital evidence for further analysis and presentation as part of a legal remedy.
In particular, the objectives of the training are:
• Good general knowledge in computer science
• Code : AIARI
• Duration: 3 Days
• schedule : 8h30 - 17h30
• place : training center, Center Urbain Nord
• Course materials
• 40% demonstration
• 40% of theory
• 20% practical exercises
Setting up the incident response
• Incident response preparation
• Detection and analysis
• Classification and prioritization
• Notification
• Confinement
• Forensic investigation
• Eradication and resumption of activity
• Get organized
• Choose your tools
• Respect scientific methods
• Present findings in a report
Data collection and duplication
• Understanding Windows, Linux and BSD file systems
• Tools and means of collection
Find deleted partitions and files
Network Attack Analysis
• The sources of capture
• Review of widespread attacks
Recovery and analysis of a RAM capture (Volatility)
Log file analysis and event correlation
• Manual approach
• Using an indexer (ELK)
Inforensic Browser Analysis
Inforensic analysis of e-mails
Do not hesitate to contact our experts for any additional information, study and free calculation of an audit service.