KeyW is now part of Jacobs. Learn more about this exciting combination.

Digital Forensics & Analysis (DFA)

Upcoming Courses

          • December 2 – 13, 2019 *Guaranteed to Run*

          • February 24 – March 6, 2020

          • June 15 – 26, 2020

          • October 19 – 30, 2020

          • November 30 – December 11, 2020

Cost (single seat): $9,200

Course Length: 10 Days

Recommended for: Intermediate Students

Additional group and government discounts available. Contact Parrot Labs for more information!

Register for Course

To begin the registration process, click Register Here to complete our Payment Agreement. We will contact you to complete the process.

 Download Course Catalog                                                                                      

What will you get out of DFA?

Students will learn in-depth digital forensic knowledge of the inner workings of malware analysis while preparing to become proficient cyber mission malware hunters and defenders.

What does DFA offer?

    • Textbook and lab manual to accompany instruction
    • Access to a personal sandboxed network, allowing students to learn at their own pace
    • Realistic network including rootkits and malware for analysis, and routing and servers set up to perform the malware delivery chain

Why should you enroll in DFA?

Learn about the inner workings of Windows 7 as it relates to live forensics and malware analysis.

    • Investigate real malware, including TDL4, Spybot, and Metasploit backdoors
    • Learn how to perform Memory forensics seeking malware that bypasses antivirus solution
    • Discover how reading network traffic assists with finding artifacts and identifying malicious behavior

Malware Delivery Chain

What topics are covered in DFA?

PROCESS INTERROGATION

  • Learn about the Sysinternals Suite and native tools (netstat, tasklist, etc.)
  • Begin PowerShell scripting to automate process analysis
  • Locate running malware and discover persistence vectors

FILE SYSTEM ANALYSIS

  • Search for forensic artifacts and perform a timeline analysis
  • Copy a hard drive using open-source tools

SUPPLEMENTAL ARTIFACTS

  • Analyze the following artifacts
    • Prefetch files
    • Volume Shadow Copy Service
    • Interesting registry keys
    • Shellbags

RESPONSIVE ACTIONS

  • Become a more proficient cyber mission defender running malware executables
  • Create signatures for malware executables as Indicators of Compromise (IOC) and check other systems on the network for these IOCs

CAPSTONE

  • This course concludes with a full-day capstone that combines the skills learned throughout the course

The ACE CREDIT logo is a registered trademark of the American Council on Education and cannot be used or reproduced without the express written consent of the American Council on Education.