Digital Forensics & Analysis (DFA)

Upcoming Courses

Please call to register for this class.

Cost (single seat): $10,000

Course Length: 10 Days

Recommended for: Intermediate Students

Additional group and government discounts available. Contact Parrot Labs for more information!

 Download Course Catalog                                                                                      

What will you get out of DFA?

Students will learn in-depth digital forensic knowledge of the inner workings of Windows 7 malware analysis while preparing to become proficient cyber mission malware hunters and defenders.

What does DFA offer?

    • Textbook and lab manual to accompany instruction
    • Access to a personal sandboxed network, allowing students to learn at their own pace
    • Realistic network including rootkits and malware for analysis, and routing and servers set up to perform the malware delivery chain

Why should you enroll in DFA?

Learn about the inner workings of Windows 7 as it relates to live forensics and malware analysis.

    • Investigate real malware, including TDL4, Spybot, and Metasploit backdoors
    • Learn how to perform Memory forensics seeking malware that bypasses antivirus solution
    • Discover how reading network traffic assists with finding artifacts and identifying malicious behavior

Malware Delivery Chain

What topics are covered in DFA?

PROCESS INTERROGATION

  • Learn about the Sysinternals Suite and native tools (netstat, tasklist, etc.)
  • Begin PowerShell scripting to automate process analysis
  • Locate running malware and discover persistence vectors

FILE SYSTEM ANALYSIS

  • Search for forensic artifacts and perform a timeline analysis
  • Copy a hard drive using open-source tools

SUPPLEMENTAL ARTIFACTS

  • Analyze the following artifacts
    • Prefetch files
    • Volume Shadow Copy Service
    • Interesting registry keys
    • Shellbags

RESPONSIVE ACTIONS

  • Become a more proficient cyber mission defender running malware executables
  • Create signatures for malware executables as Indicators of Compromise (IOC) and check other systems on the network for these IOCs

SUSTAINING ACCESS

  • Detect antivirus tool and intrusion detection systems
  • Learn techniques for sustaining access

CAPSTONE

  • This course concludes with a full-day capstone that combines the skills learned throughout the course

The ACE CREDIT logo is a registered trademark of the American Council on Education and cannot be used or reproduced without the express written consent of the American Council on Education.