EncartaLabs

RSA NetWitness Forensics

( Duration: 4 Days )

The RSA NetWitness Forensics training course examines the role of the security/forensics analyst whose focus is on targeted malware, zero-day attacks and advanced persistent threats (APTs). Participants will learn the concepts and methodology of digital forensics, investigations, including the malevolence of a network attack, the means by which it is carried out and how malware spreads. They will use RSA NetWitness Spectrum, Investigator, and Live! to practice basic skills used to detect malware. Participants will also report on results and make recommendations for corrective actions.

By attending RSA NetWitness Forensics workshop, Participants will learn to:

  • Identify the tell-tale signs of malware activity on your network using RSA NetWitness
  • Define forensics as it relates to digital evidence, digital investigations, and digital forensic investigations
  • Apply a methodology to analyze malware and to identify the malware’s transmission mode as well as its latent capabilities
  • Compare and utilize both internal and external sources to support forensic analysis and integrate this information into an ongoing investigation
  • Record and report analysis results using shared standards to communicate information to decision-makers and other organizational stake-holders tasked with assessing risk to the organization
  • Create rules, parsers and alerts for malware detection
  • Integrate automated analysis into forensic observations

Participants should be familiar with basic computer architecture, data networking fundamentals and general security concepts. A background in Enterprise data networking and communications is required. Programming language experience is helpful but not required. Basic knowledge of the TCP/IP protocol stack is recommended. Participants should also have completed or obtained the skills and knowledge provided in the RSA NetWitness Analysis training.

Security analysts who need a basic understanding of the methodologies associated with forensics investigations and are utilizing RSA NetWitness to support them in executing their role.

COURSE AGENDA

1

The Threat Landscape: Malware and Advanced Persistent Threat

  • Introduction to the Threat Landscape
  • Changing the Security Mindset
  • Building a Security Capability
  • Malware: A Definition
  • Concepts in Practice: RSA NetWitness Investigator
2

Developing Sources for Malware Analysis

  • Building External Data Sources
  • Building Internal Sources
  • Gathering Data with RSA NetWitness Live
  • Reviewing RSA NetWitness Spectrum Data Analysis Techniques
  • Concepts in Practice
3

Analysis for Malware and Advanced Persistent Threat

  • Digital Evidence
  • Defining Advanced Analysis
  • Methods for Detecting Malware
  • Parsers (Flexparse and SNORT)
  • Concepts in Practice – FlexParse for RSA NetWitness
4

Defining a Forensic Process

  • Obtaining Data
  • Filtering the Data
  • Performing Analysis (Mad or Bad)
  • Communicating Results
  • Concepts in Practice – Forensic analysis using RSA NetWitness Investigator
5

Automating Malware Detection: RSA NetWitness Spectrum

  • Automating Detection Overview
  • RSA NetWitness Spectrum Overview
  • Analysis Techniques
  • Use Case Examples
  • Analysis Tips
  • Concepts in Practice: RSA NetWitness Spectrum
6

Making Risk Decisions and Taking Action

  • Defining and Managing Risk
  • Building Reports
  • Sharing Intelligence using RSA NetWitness
  • Taking Action
  • Concepts in Practice: Threat Response Collaboration Framework
7

Future-Proofing the Enterprise

  • Evolution of Enterprise Security
  • Continuous Monitoring
  • Incident Response
  • Security the Cloud
  • Accepting the Challenge

Encarta Labs Advantage

  • One Stop Corporate Training Solution Providers for over 4,000 Modules on a variety of subjects
  • All courses are delivered by Industry Veterans
  • Get jumpstarted from newbie to production ready in a matter of few days
  • Trained more than 50,000 Corporate executives across the Globe
  • All our trainings are conducted in workshop mode with more focus on hands-on sessions

View our other course offerings by visiting http://encartalabs.com/course-catalogue-all.php

Contact us for delivering this course as a public/open-house workshop for a group of 10+ candidates at our venue

Top