- Payment Agreement
- › Our Cyber Training Courses
- Cyber Leader Course (CLC)
- Cyber Mission Foundations (CMF)
- Digital Forensics & Analysis (DFA)
- Mobile Digital Forensics (MDF)
- Offensive Methodology & Analysis (OMA)
- Windows & Linux Scripting (WLS)
- Windows Exploitation & Analysis (WEA)
- My Account
- Log In
- Class Alerts
- My Courses
Please call to register for this class.Cost (single seat): $10,000 Course Length: 10 Days Additional group and government discounts available. Contact Parrot Labs for more information. Download Course Catalog
What will you get out of DFA?The ultimate goal is for you to become a proficient cyber-mission malware hunter and defender for your organization. By the end of the course, you’ll know what looks suspicious, and have the tools to help you investigate and identify malware at a forensic level.
What makes this course unique?You’ll perform your exercises and scenarios in a sandboxed network, allowing you to practice and learn at your own pace without affecting other students.
Why should you enroll in DFA?In DFA, students learn about the inner workings of Windows 7 as it relates to live forensics and malware analysis. DFA is designed to provide in-depth digital forensic knowledge of the Microsoft Windows operating systems.
- Investigate real malware, including TDL4, Spybot, and Metasploit backdoors
- Memory forensics: learn how to find malware that bypasses antivirus solution
- Discover how reading network traffic assists with finding artifacts and identifying malicious behavior
Malware Delivery ChainStudents will actively run real malware in a sandboxed environment. All rootkits and malware are analyzed in a realistic network with routing and servers set up to perform the malware delivery chain. Students will become proficient cyber defenders using the skills learned in hands-on experience with Redkit, TDL4, Spybot, and other kits.
ANATOMY OF AN ATTACKAnalyze a malicious threat, and begin exploiting a target and experience it from an attacker’s point of view.
PROCESS INTERROGATIONUse Sysinternals Suite, native tools (netstat, tasklist, etc.), and introductory PowerShell scripting to automate process analysis. Using these skills, you will locate running malware and discover persistence vectors.
FILE SYSTEM ANALYSISSeek forensic artifacts and perform a timeline analysis to see the chain of events using log2timeline, mounting hard drives and using forensic tools on your findings. You will also learn to create a copy of the hard drive using open source tools.
NETWORK TRAFFIC FORENSICSView exploit kits (like Redkit) on a network and explore packet analysis with an introduction to Wireshark.
SUPPLEMENTAL ARTIFACTSIdentify malware, using basic techniques and analyze artifacts, such as:
- Prefetch files
- Volume Shadow Copy Service
- Interesting Registry Keys