• Start page
  • Courses
  • MasterClass: System Forensics, Incident Handling And Threat Hunting

Masterclass: System Forensics, Incident Handling And Threat Hunting

Forensics and Incident Handling are constantly evolving and crucial topics in the area of cybersecurity. In order to stay on top of the attackers, the knowledge of Individuals and Teams responsible for collecting digital evidences and handling the incidents has to be constantly enhanced and updated.

This advanced training provides skills necessary to find, collect and preserve data in a correct manner, analyze it and get to know as much about the incident as possible. This is an intense hands-on course covering the general approach to forensics and incident handling, network forensics, important aspects of Windows internals, memory and storage analysis, detecting indicators of compromise and a proper way of reporting.

 Target Audience

The target audience for this training:
IT professionals, Forensics and Incident Handling Specialists, Security Consultants, Enterprise Administrators, Infrastructure Architects, Security Professionals, Systems Engineers, Network Administrators and other people responsible for implementing network and perimeter security.

 

About the instructor: Paula Januszkiewicz

Paula Januszkiewicz is a world-renowned cybersecurity Expert, a founder of CQURE and CQURE Academy, and Microsoft Regional Director and MVP.

CQURE has been providing cybersecurity services and trainings since it was set up in Warsaw in 2008. Throughout the years, our services have reached a wide range of clients around the world, which allowed us to open new offices in New York (2013), Dubai (2014), and Zug (2016).

CQURE Academy is primarily a training program consisting of over 40 high-quality technical workshops and seminars, and providing certification to specialists. Additionally, in October 2016 CQURE has successfully launched online and subscription-based trainings.

CQURE Experts speak at the international events and engage in multiple cybersecurity projects – they bring their knowledge and experience from the field to the trainings. CQURE Academy also involves R&D – that is why CQURE Team is so recognizable in the cybersecurity field.



Course content:

Module 1: Introduction to Windows Internals

  1. Introduction to Windows Internals
  2. Processes and Threads
  3. PID and TID
  4. Information Gathering from Running Operating System
  5. Obtaining Volatile Data
  6. A Deep Dive into Autoruns
  7. Effective Permissions Auditing
  8. PowerShell Get NTFS Permissions
  9. Obtaining Permissions Information with Access Check
  10. Unnecessary and Malicious Services
  11. Detecting Unnecessary Services with PowerShell

Module 2: Securing Monitoring Operations & Threat Hunting

  1. Types of Hunting
  2. Defining Hunt Missions
  3. Malware Hiding Techniques
  4. Uncovering Internal Reconnaissance
  5. Uncovering Lateral Movement
  6. Uncovering Hidden Network Transmissions

Module 3: Handling Malicious Code Incidents

  1. Count of Malware Samples
  2. Virus, Worms, Trojans, and Spywares
  3. Incident Handling Preparation
  4. Incident Prevention
  5. Detection of Malicious Code
  6. Containment Strategy
  7. Evidence Gathering and Handling Eradication and Recovery

Module 4: Static Malware Analysis

  1. Static Malware Analysis Scenarios
  2. Types and Goals of Malware Analysis
  3. Cloud-Based Malware Analysis
  4. Incident Prevention and Response Steps
  5. Containment and Mitigation
  6. Executable analysis
  7. Static Analysis Tools

Module 5: Behavioral Malware Analysis and Threat Hunting

  1. Malware Detonation
  2. Sysinternals Suite
  3. Network Communication Analysis
  4. Monitoring System Events
  5. Memory Dump Analysis
  6. Simulation a Real Environment

Module 6: Network Forensics and Monitoring

  1. Types and Approaches to Network Monitoring
  2. Network Evidence Acquisition
  3. Network Protocols and Logs
  4. LAB: Detecting Data Thievery
  5. LAB: Detecting WebShells
  6. Gathering Data from Network Security Appliances
  7. Detecting Intrusion Patterns and Attack Indicators
  8. Data Correlation
  9. Hunting Malware in Network Traffic
  10. Encoding and Encryption
  11. Denial-of-Service Incidents
  12. Distributed Denial-of-Service Attack
  13. Detecting DoS Attack
  14. Incident Handling Preparations for DoS
  15. DoS Response and Preventing Strategies

Module 7: Memory: Dumping and Analysis

  1. Introduction to Memory Dumping and Analysis
  2. Creating Memory Dump - Belkasoft RAM Capturer and DumpIt
  3. Utilizing Volatility to Analyze Windows Memory Image
  4. Analyzing Stuxnet Memory Dump with Volatility
  5. Automatic Memory Analysis with Volatile

Module 8: Memory: Indicators of compromise

  1. Yara Rules Language
  2. Malware Detonation
  3. Introduction to Reverse Engineering

Module 9: Disk: Storage Acquisition and Analysis

  1. Introduction to Storage Acquisition and Analysis
  2. Drive Acquisition
  3. Mounting Forensic Disk Images
  4. Virtual Disk images
  5. Signature vs. File Carving
  6. Introduction to NTFS File System
  7. Windows File System Analysis
  8. Autopsy with Other filesystems
  9. External Device Usage Data Extraction (USB Usage etc.)
  10. Reviving the Account Usage
  11. Extracting Data Related with the Recent Use of Application, File etc.
  12. Recovering Data after Deleting Partitions
  13. Extracting Delete File and File Related Information
  14. Extracting Data from File Artifacts Like $STANDARD_INFORMATION etc.
  15. Password Recovery
  16. Extracting Windows Indexing Service data
  17. Deep-dive into Automatic Destinations
  18. Detailed Analysis of Windows Prefetch
  19. Extracting Information about
  20. Program execution (UserAssist, RecentApps, Shimcache, appcompatcache etc.)
  21. Extracting information about browser usage (web browsing history, cache, cookies etc.) 
  22. Communicator Apps Data Extraction
  23. Extracting Information about
  24. Network Activity
  25. Building Timelines

Module 10: Malicious Non-Exe Files

  1. Alternative Binaries
  2. PowerShell Scripts
  3. Office Documents
  4. Jscript
  5. HTML Documents
  6. Living off the Land Binaries 

Certification

After finishing the course, you will be granted a CQURE Certificate of Completion. Please note that after completing the course you will also be eligible for CPE points!

 

FAQ – Masterclass: System Forensics, Incident Handling and Threat Hunting

Hva koster kurset?
Prisen er 39 900 NOK for 5 dager. Kurset inkluderer kursmateriell, praktiske lab-øvelser, tilgang til virtuelle laboratorier og livslang sertifisering etter fullført kurs.

Hvor lenge varer kurset?
Kurset går over 5 intensive dager fra 09:00 til 16:00 og gjennomføres som et internasjonalt live virtuelt kurs ledet av CQUREs cybersikkerhetseksperter.

Hvordan gjennomføres kurset?
Kurset leveres som en live virtuell klasse med praktiske øvelser og realistiske scenarioer. Deltakerne jobber med analyse av digitale spor, hendelseshåndtering og trusseljakt ved hjelp av profesjonelle verktøy brukt i moderne sikkerhetsmiljøer.

Hvem passer kurset for?
Kurset er utviklet for tekniske fagpersoner som arbeider med sikkerhet, hendelseshåndtering og analyse av IT-miljøer:

  • IT professionals
  • Forensics and Incident Handling Specialists
  • Security consultants
  • Enterprise administrators
  • Infrastructure architects
  • Security professionals
  • Systems engineers
  • Network administrators

Hva lærer jeg i løpet av kurset?
Kurset gir en avansert gjennomgang av digital etterforskning, hendelseshåndtering og trusseljakt. Etter kurset vil du kunne:

  • Samle inn og bevare digitale bevis på korrekt måte
  • Analysere kompromitterte systemer og identifisere angrep
  • Utføre memory- og disk-analyse
  • Identifisere Indicators of Compromise (IoC)
  • Gjennomføre nettverksanalyse og hendelsesundersøkelser
  • Analysere skadevare og ondsinnet kode
  • Rapportere funn og dokumentere hendelser profesjonelt

Er kurset praktisk rettet?
Ja. Kurset er sterkt hands-on og inkluderer praktiske lab-øvelser hvor deltakerne analyserer hendelser, jobber med malware-analyse og utfører digital etterforskning i realistiske scenarioer.

Hvilke verktøy brukes i kurset?
Kurset benytter blant annet verktøy som:

  • Belkasoft RAM Capturer
  • Wireshark
  • Volatility
  • Sysinternals Suite
  • PowerShell-baserte analyseverktøy

Hvilke temaer dekkes i kurset?
Kurset dekker blant annet:

  • Windows internals og systemanalyse
  • Threat hunting og angriperteknikker
  • Malware-analyse (statisk og dynamisk)
  • Network forensics
  • Memory dumping og analyse
  • Disk- og filsystemanalyse
  • Indicators of compromise
  • Digital etterforskning og hendelseshåndtering

Får jeg sertifisering etter kurset?
Ja. Etter fullført kurs mottar du en livslang sertifisering utstedt via Accredible, som dokumenterer kompetanse innen digital forensics, incident handling og threat hunting.

Hva gjør dette kurset unikt?
Kurset kombinerer digital etterforskning, hendelseshåndtering og avansert trusseljakt i ett intensivt program basert på reelle angrepsscenarioer og erfaring fra globale sikkerhetsprosjekter.

 

Threat Hunting & Incident Response

Advanced Cybersecurity

Cybersecurity Certifications

Other relevant courses

MasterClass: Hacking and Securing Windows Infrastructure
13. April
5 days
Virtual Classroom
MasterClass: Windows Security and Infrastructure Management with Windows Internals
15. June
4 days
Classroom Virtual
MasterClass: Administering and Configuring Active Directory Federation Services and Claims
15. June
3 days
Classroom
MasterClass: Microsoft Identity Manager
13. April
4 days
Virtual Classroom