Digital Forensics & Analysis (DFA)

Upcoming Courses

 

February 25 – March 8, 2019

 

Cost (single seat): $10,000

Course Length: 10 Days

Recommended for: Intermediate Students

Additional group and government discounts available. Contact Parrot Labs for more information.

 Download Course Catalog                                                                                      

What will you get out of DFA?

 

Students will learn in-depth digital forensic knowledge of the inner workings of Windows 7 malware analysis while preparing to become proficient cyber mission malware hunters and defenders.

What does DFA offer?

 

  • Textbook and lab manual to accompany instruction
  • Access to a personal sandboxed network, allowing students to learn at their own pace
  • Realistic network including rootkits and malware for analysis, and routing and servers set up to perform the malware delivery chain
  •  

Why should you enroll in DFA?

 

Learn about the inner workings of Windows 7 as it relates to live forensics and malware analysis. 

  • Investigate real malware, including TDL4, Spybot, and Metasploit backdoors
  • Learn how to perform Memory forensics seeking malware that bypasses antivirus solution
  • Discover how reading network traffic assists with finding artifacts and identifying malicious behavior
  •  

Malware Delivery Chain

What topics are covered in DFA?

 

PROCESS INTERROGATION

  • Learn about the Sysinternals Suite and native tools (netstat, tasklist, etc.)
  • Begin PowerShell scripting to automate process analysis
  • Locate running malware and discover persistence vectors

 

FILE SYSTEM ANALYSIS

  • Search for forensic artifacts and perform a timeline analysis
  • Copy a hard drive using open-source tools

 

SUPPLEMENTAL ARTIFACTS

  • Analyze the following artifacts
    • Prefetch files
    • Volume Shadow Copy Service
    • Interesting registry keys
    • Shellbags

 

RESPONSIVE ACTIONS

  • Become a more proficient cyber mission defender running malware executables
  • Create signatures for malware executables as Indicators of Compromise (IOC) and check other systems on the network for these IOCs

 

SUSTAINING ACCESS

  • Detect antivirus tool and intrusion detection systems
  • Learn techniques for sustaining access

 

CAPSTONE

  • This course concludes with a full-day capstone that combines the skills learned throughout the course

 

The ACE CREDIT logo is a registered trademark of the American Council on Education and cannot be used or reproduced without the express written consent of the American Council on Education.