Present the trainees with the principles of digital forensics and evidence gathering. The modules not only cover the configuration aspects of interconnecting the tools but also show how security analysts in their daily duties can use these orchestrated tools. The course materials consist of independent modules, each covering a particular combination of popular CSIRT tools. The purpose of this training material is to help CSIRTs and Incident Response teams to manage the constant stream of cyber security events in an efficient way and share back their data to their peers. Each module has an indication of its duration. Modular approach with 16 hours of total duration. This task also gives an overview of popular malware characteristics, methods of identification and tools that may be used at the scene.ĬSIRT technical staff involved in setting up tools and analysts for incident handling. Establish a common knowledge of the requirements regarding evidence admissibility in a court of law. Present the trainees with the principles of evidence gathering. Identification and handling of electronic evidence Additionally, demonstrate how to leverage CRITs to visualize relationships among different elements of a campaign, how to extract indicators from incident data, develop mitigation actions, and track those actions. Learn how to create and deploy indicators of compromise using Collaborative Research into Threats (CRITs) platform. Using indicators to enhance defence capabilities The goal of this training is to introduce the participants to all aspects of static artefact analysis. This training presents methods and techniques of dynamic artefact analysis with the use of OllyDbg debugger package. It is the first part of a three-day course introducing assembly language and tools commonly used for the advanced artefact analysis. This training presents the introduction to the advanced artefact analysis. Introduction to advanced artefact analysisĬSIRT staff and incident handlers involved in the technical analysis of incidents. Learn how to collect, store and correlate different types of information about samples and how to make use of this information with the assumption that having a structured and organised database is a good way to reaching synergy in the area of artifact analysis and incident investigation. Both network and system oriented signatures will be discussed.Ĭommon framework for artefact a nalysis activities Learn how to leverage information gathered during analysis into actionable signatures. This training requires the students to perform a forensic analysis of three (web) servers, identified during the first two exercises as taking part in a malicious campaign. Trainees will follow traces in the workstation and discover that analysed network captures together with logs, lead to another machine on the network. The main goal of this training is to teach trainees network forensic techniques and extend trainees operating system forensic capabilities beyond Microsoft Windows systems to include Linux. Training material mainly uses open source and free tools.įorensic analysis: Network Incident Response It is technical in nature and has the aim to provide a guided training for both incident handlers and investigators while providing lifelike conditions. This three-day training module will follow the tracks of an incident handler and investigator, teaching best practices and covering both sides of the breach. Both Windows and Linux systems will be covered.įorensic analysis: Local Incident Response Teach students how to obtain memory images from different sources and to analyse them. Present how to safely execute suspicious code in the controlled environment along with most important security precautions. Present the trainees malicious artifact analysis fundamentals and various types of analyses. Exercise also provides knowledge how to modify and patch created system to better suit lab environment needs. Teach how to correctly set up spam collecting environment and simple artifacts repository. Present the trainees various methods of malicious artifacts acquisition with emphasis on artifacts collected through spam e-mails monitoring. The main objective is to create safe and useful artifact analysis environment, based on current best practices. Presenting, correlating and filtering various feedsīuilding artefact handling and analysis environment.Orchestration of CSIRT Tools (2019-2021).
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |