Malware Forensics & Incident Response
Foundstone july 21-24
Ends February 1
Ends June 1
Ends July 20
McAfee's Malware Forensics & Incident Response Education (MFIRE) workshop is a proactive weapon to help you normalize your environment after a negative event has occurred. Hackers and cybercriminals have increasingly sophisticated tools and backdoor programs at their disposal to steal your intellectual property and expose sensitive information – all with the ability to cover their tracks by using malware. IT professionals charged with protecting the environment can be overwhelmed, causing attacks to be ignored or mistakenly diagnosed as a system or network problem. During this workshop we provide you with the techniques to identify, respond to, and recover from malware incidents. Malcontent and security holes exist in alarming numbers, and as a result the possible compromises on your network and applications are an unfortunate fact of corporate life. A total network-security plan includes the capability to resolve incidents after they occur. This comprehensive, technically detailed course enables you to successfully respond to malware incidents and reinforces your security posture.
Who Should Take This Class
System and network administrators, corporate security personnel, auditors, law enforcement officers, and consultants responsible with investigating malware outbreaks or network investigations.
Basic understanding of Windows OS, and TCP/IP networking is required for the course to be fully beneficial.
What You'll Learn
This Workshop will give you a study of the incident response process related to malware. Starting from tracing the Internet to analyze malware, Foundstone updates this class continuously by integrating the latest security threats and countermeasures.
In this hands-on classroom, you will learn how to respond to malware incidents. While in the security lab, you will learn to apply this knowledge. With McAfee's expert instruction, you learn step-by-step incident response procedures & forensic techniques used for malware infections and outbreaks. These methods are tailored to your organization's security architecture, so you can apply them in the real world long after class is completed.
All topics are supported by hands-on exercises specifically designed to increase knowledge retention. Classroom exercises provide the extensive hands-on experience needed to effectively identify, contain, and respond to complicated and potentially damaging intrusions.
Module 1 - Introduction
- Course Objectives
- Classroom Etiquette
- Introduction to malware
- Tenets of Incident Response
- Order of Volatility
- Incident Response Process Overview
- Pre-Incident Preparation
- Malware & IR hands on
- Malware Strategies
- Finding the bad guys on the internet
- Building your toolkit
- Static vs Dynamic analysis
- Analyzing Malicious Documents:, PDF, Office files
- In-depth Windows rootkits
- Memory structure
- Acquiry of memory
- Acquiry of memory from Virtual Machines
- Analysis of memory
- Wireshark, Snort, Ngrep, Hub
- What is the malware doing on the network
- Wireshark Kung-Fu
- Snort detection Rules
- For the final lab, the instructor will infect a machine with targeted, 0-day malware. Students will be divided into teams, and then be expected to analyze the malware using what they have learned during the course, and then present their final analysis to the class.