The RSA NetWitness Forensics training course examines the role of the security/forensics analyst whose focus is on targeted malware, zero-day attacks and advanced persistent threats (APTs). Participants will learn the concepts and methodology of digital forensics, investigations, including the malevolence of a network attack, the means by which it is carried out and how malware spreads. They will use RSA NetWitness Spectrum, Investigator, and Live! to practice basic skills used to detect malware. Participants will also report on results and make recommendations for corrective actions.
By attending RSA NetWitness Forensics workshop, Participants will learn to:
- Identify the tell-tale signs of malware activity on your network using RSA NetWitness
- Define forensics as it relates to digital evidence, digital investigations, and digital forensic investigations
- Apply a methodology to analyze malware and to identify the malware’s transmission mode as well as its latent capabilities
- Compare and utilize both internal and external sources to support forensic analysis and integrate this information into an ongoing investigation
- Record and report analysis results using shared standards to communicate information to decision-makers and other organizational stake-holders tasked with assessing risk to the organization
- Create rules, parsers and alerts for malware detection
- Integrate automated analysis into forensic observations
Participants should be familiar with basic computer architecture, data networking fundamentals and general security concepts. A background in Enterprise data networking and communications is required. Programming language experience is helpful but not required. Basic knowledge of the TCP/IP protocol stack is recommended. Participants should also have completed or obtained the skills and knowledge provided in the RSA NetWitness Analysis training.
Security analysts who need a basic understanding of the methodologies associated with forensics investigations and are utilizing RSA NetWitness to support them in executing their role.