Dead Box Analysis for Incident Response Intermediate ⢠One-Day ...
Dead Box Analysis for Incident Response Intermediate • One-Day Instructor-Led Course
The analysis of volatile data is critical to any incident response. It is not however the only analysis that needs to be completed. The Dead Box Analysis of a compromised system can offer many artifacts that cannot be gained from volatile data analysis activities. This one-day course will take student through the critical components of a Dead Box investigation for incident response purposes. Through hands-on activities and scenarios, each student will learn the skills needed to further complete and incident response process. During this one-day class, participants will review the following: Registry Artifacts System Configurations Capture Files Staging Areas System and Volatile Data The class includes multiple hands-on labs that allow students to apply what they have learned in the workshop.
Prerequisites To obtain the maximum benefit from this class, you should meet the following requirements:
Read and understand the English language Basic knowledge of and experience using personal computers including working with files and folders and basic navigation skills. The skills gained from the Networking for Incident Response five-day class. Basic understanding of Digital Attacks Basic understanding of Incident Response
Class Materials and Software You will receive the student training manual and CD containing the training material, lab exercises and classrelated information.
(Continued on other side)
For a complete listing of scheduled courses, visit http://www.accessdata.com/training/calendar-and-syllabi Some topics and items in this class syllabus are subject to change. This document is for information purposes only. AccessData makes no warranties, express or implied, in this document. AccessData, AccessData Certified Examiner, ACE, Distributed Network Attack, DNA, Forensic Toolkit, FTK, LAB, Password Recovery Toolkit, PRTK, Registry Viewer, and Ultimate Toolkit are registered trademarks of the AccessData Group, LLC. in the United States and/or other countries. Other trademarks referenced are property of their respective owners.
Dead Box Analysis for Incident Response Intermediate • One-Day Instructor-Led Course
(Continued) Module 1: Introduction
Module 3: Data Exfiltration
Topics Introduction of Instructor and Students Class Objectives
Objectives: Capture Files Staging Areas Deleted Artifacts
Module 2: Registry Artifacts
Module 4: System and Volatile Data
Objectives: Networking Rogue or Modified Registry Keys o Persistence Applications System Configurations
Objectives: Malware Backup Files Shadow Volume Copy Internet Cache System Cache DNS
For a complete listing of scheduled courses, visit http://www.accessdata.com/training/calendar-and-syllabi Some topics and items in this class syllabus are subject to change. This document is for information purposes only. AccessData makes no warranties, express or implied, in this document. AccessData, AccessData Certified Examiner, ACE, Distributed Network Attack, DNA, Forensic Toolkit, FTK, LAB, Password Recovery Toolkit, PRTK, Registry Viewer, and Ultimate Toolkit are registered trademarks of the AccessData Group, LLC. in the United States and/or other countries. Other trademarks referenced are property of their respective owners.
The analysis of volatile data is critical to any incident response. It is not however the only analysis that needs to be completed. The Dead Box Analysis of a compromised system can offer many artifacts that cannot be gained from volatile data analysis activities. This one-day course will take student through the critical components of a Dead Box investigation for incident response purposes. Through hands-on activities and scenarios, each student will learn the skills needed to further complete and incident response process. During this one-day class, participants will review the following: Registry Artifacts System Configurations Capture Files Staging Areas System and Volatile Data The class includes multiple hands-on labs that allow students to apply what they have learned in the workshop.
Prerequisites To obtain the maximum benefit from this class, you should meet the following requirements:
Read and understand the English language Basic knowledge of and experience using personal computers including working with files and folders and basic navigation skills. The skills gained from the Networking for Incident Response five-day class. Basic understanding of Digital Attacks Basic understanding of Incident Response
Class Materials and Software You will receive the student training manual and CD containing the training material, lab exercises and classrelated information.
(Continued on other side)
For a complete listing of scheduled courses, visit http://www.accessdata.com/training/calendar-and-syllabi Some topics and items in this class syllabus are subject to change. This document is for information purposes only. AccessData makes no warranties, express or implied, in this document. AccessData, AccessData Certified Examiner, ACE, Distributed Network Attack, DNA, Forensic Toolkit, FTK, LAB, Password Recovery Toolkit, PRTK, Registry Viewer, and Ultimate Toolkit are registered trademarks of the AccessData Group, LLC. in the United States and/or other countries. Other trademarks referenced are property of their respective owners.
Dead Box Analysis for Incident Response Intermediate • One-Day Instructor-Led Course
(Continued) Module 1: Introduction
Module 3: Data Exfiltration
Topics Introduction of Instructor and Students Class Objectives
Objectives: Capture Files Staging Areas Deleted Artifacts
Module 2: Registry Artifacts
Module 4: System and Volatile Data
Objectives: Networking Rogue or Modified Registry Keys o Persistence Applications System Configurations
Objectives: Malware Backup Files Shadow Volume Copy Internet Cache System Cache DNS
For a complete listing of scheduled courses, visit http://www.accessdata.com/training/calendar-and-syllabi Some topics and items in this class syllabus are subject to change. This document is for information purposes only. AccessData makes no warranties, express or implied, in this document. AccessData, AccessData Certified Examiner, ACE, Distributed Network Attack, DNA, Forensic Toolkit, FTK, LAB, Password Recovery Toolkit, PRTK, Registry Viewer, and Ultimate Toolkit are registered trademarks of the AccessData Group, LLC. in the United States and/or other countries. Other trademarks referenced are property of their respective owners.
