miércoles, 11 de agosto de 2010

Using Network Forensics for Incident Response and Malware Analysis

De la mano de NetWitness, uno de los líderes mundiales en el análisis forense de red, la respuesta a incidentes y el monitoreo de fuga de información, traemos uno de los trainings más innovadores en este campo.


Consulta aquí para mayor información.


TITULO:
Using Network Forensics for Incident Response and Malware Analysis


DESCRIPCION:
Through classroom instruction and practical hands-on exercises, this two-part workshop will teach you how to conduct basic and in-depth network forensic investigations to monitor and defend your agency’s network against advanced network attack methodologies, and find the roots of external and internal security problems in the network data.  Nation-sponsored and criminal attackers have moved away from direct attacks on network perimeters, and are focusing their efforts on application layer attacks.   Part one of this two-part course provides the valuable knowledge needed to improve your incident response process by creating “situational awareness” within your incident response team, including the ability to expose covert network communications channels, detect of data leakage, discovery zero-day malware, and find other unauthorized network activity and advanced threats.  At the end of this workshop, attendees will leave better equipped to identify and respond to advanced network attack activity, perform in-depth network-based investigations and analysis, continuously analyze the status of critical security controls, lower risk and save time and resources by resolving network security problems more quickly, and properly preserve evidence to assist management or law enforcement.

DURACION: 1 Day


IDIOMA:  English


TEMARIO:
Part 1:  Introduction to Network Forensics
This hands-on lab is an introduction to Network Forensics. Designed for the incident responder, computer forensics practitioner, or fraud investigator, who has a need to learn how to perform basic network forensics work, this session covers current adversary attack methodologies and tools, network investigative and technical threat analysis best practices, and chain of custody requirements and evidentiary standards. This lab also provides the attendee with a working knowledge and experience with tools such as NetWitness Investigator Freeware, WinPCAP, TCPDump, Wireshark and others.  The lab uses sample data obtained from actual commercial and U.S. government cases and the students will be asked to perform incident and forensic analysis and make judgments regarding the detailed problems associated with the specific cases presented.

Part 2:  Advanced Network Forensics
This hands-on lab is the follow up to Introduction to Network Forensics. Designed for the incident responder, computer forensics expert, fraud investigator, or auditor who has a good working knowledge and experience with tools such WinPCAP, TCPDump, Wireshark and NetWitness Investigator (Freeware Edition), attendees will perform in depth studies of specific hands on cases of beacon Trojans, BotNets, and zero day malware attacks; learn to recognize obfuscated JavaScript and other malware; understand how to recognize non-standard network traffic operating over standard TCP and UDP ports; learn scripting techniques to build network and application layer rules to mine data forensically in real time. The lab uses sample data obtained from actual commercial and U.S. government cases and the students will be asked to perform forensic analysis and make judgments regarding the detailed problems associated with the specific cases presented.


INSTRUCTOR: Gabe Martinez
Gabe Martinez, Vice President, Customer Success, NetWitness Corporation
With over 13 years in the security industry, Gabe has designed, implemented security solutions and performed risk assessments for every major vertical globally. Gabe is in charge of customer success at NetWitness, the world leader in network forensics and advanced threat analysis.  Gabe also has over five years consulting and implementing ArcSight and was a founding member of the Solution Team and Customer Success Organization at ArcSight.

INSTRUCTOR: Ray Carney
Ray Carney, Manager, NetWitness University, NetWitness Corporation
Ray brings 15 years experience designing and delivering Information Security solutions to Global 1000 and Government organizations internationally, with a proven track record leading teams through all phases of the Information Security process, including audit and review, design and implementation, and development of custom software components.  Prior to NetWitness, Mr. Carney held senior technical positions at Decurity, Splunk and ArcSight.

No hay comentarios: