Deze aanbieding is meer dan 2 weken geleden geplaatst en is mogelijk niet meer beschikbaar.
Intro to DFIR: The Divide and Conquer Process (3 hours) [GRATIS]
185°

Intro to DFIR: The Divide and Conquer Process (3 hours) [GRATIS]

2
185°
Intro to DFIR: The Divide and Conquer Process (3 hours) [GRATIS]
Geplaatst op 9e okt 2020
Voor een select groepje misschien interessant.
GRATIS training om de tijd thuis door te komen.


Intro to DFIR: The Divide and Conquer Process (3 hours)

Learn a systematic approach to intrusion investigations, including a framework for categorizing artifacts that may contain DFIR evidence, how to analyze those artifact categories, and the benefits of an automated approach.

A big challenge when learning about how to investigate endpoints and servers is keeping track of all of the artifacts that you need to consider. It’s a daunting list.

In our new incident response training course, you’ll learn Brian Carrier’s systematic approach to endpoint investigations and how to apply it: the “Divide & Conquer” process. This approach focuses on breaking down big, vague investigative questions, such as “is there malicious user activity” into smaller and smaller questions that can ultimately be answered by a category of artifacts, such as “Login Events.” The goal is to make a simple, mental model of the important questions and artifact categories.

In this free course, you’ll learn:

A framework for categorizing artifacts that may contain DFIR evidence

How to analyze those artifact categories

Benefits of an automated approach

The course is 3 hours, video-based, and on-demand. It’s also vendor agnostic, but Cyber Triage is used as a reference tool. Whether you’re new to this space or a vet, this course will help ensure you’re tackling your next endpoint investigation with state-of-the-art techniques.




Course curriculum

1
Part 1: Overview

2
Part 2: Breaking Up The Big Question

3
Part 3: Endpoint Visibility Tools

4
Part 4: Cyber Triage Basics

5
Part 5: User Activity

6
Part 6: Malware

7
Part 7: OS Configuration Changes

8
Part 8: Process / Prioritization

9
Part 9: Conclusion
Community Updates
2 Reacties
Een mooie aanvulling op de Autopsy cursus van enkele maanden geleden.
Ik dacht even dat het een politiek handboek betrof
Plaats reactie
Avatar
@
    Tekst