Sandboxing for Incident Response Syllabus 1.1.14
Sandboxing for Incident Response Intermediate • Two-Day Instructor-Led Course
You’ve responded to the incident on your network. You have collected all of the critical volatile data and performed analysis. During your investigation, you found a piece of malware on the victim system, but do not quite understand all that it is designed to do. What are the next steps? This two-day class will help the student understand the concept of building a lab based sandbox environment that can be used to test and observe many artifacts discovered in a breach. Students will walk away with the knowledge and several tools that will help them build their own sandbox environment. During this two-day class, participants will review the following: What is a Sandbox? Building the Sandbox Environment Sandboxes for different Scenarios Monitoring the Sandbox Sandbox Analysis Prerequisites Read and understand the English language Basic knowledge of and experience using personal computers including working with files and folders and basic navigation skills. The skills gained from the Networking for Incident Response five-day class. Basic understanding of Digital Attacks Basic understanding of Incident Response Class Materials and Software You will receive class related information and materials as presented in class as well as lab exercises.
(Continued on other side)
For a complete listing of scheduled courses, visit http://www.accessdata.com/training/calendar-and-syllabi Some topics and items in this class syllabus are subject to change. This document is for information purposes only. AccessData makes no warranties, express or implied, in this document. AccessData, AccessData Certified Examiner, ACE, Distributed Network Attack, DNA, Forensic Toolkit, FTK, LAB, Password Recovery Toolkit, PRTK, Registry Viewer, and Ultimate Toolkit are registered trademarks of the AccessData Group, LLC. in the United States and/or other countries. Other trademarks referenced are property of their respective owners.
Sandboxing for Incident Response Intermediate • Two-Day Instructor-Led Course
(Continued) Module 1: Introduction
Module 4: Sandboxes for Different Scenarios
Topics Introduction of Instructor and Students Class Objectives
Objectives: Malware Network Attack Vector Exfiltration Vulnerability Analysis IOC Development Snapshot Creation
Module 2: What is the Sandbox? Objectives: Defining Sandbox Environments Victim Systems for the Lab Attack Systems for the Lab Monitor and Analysis Systems Module 3: Building the Sandbox Objectives: Designing the Sandbox Building Base Systems Building the Core Network Environment Designing Sandbox Audit Trails Live System Replicas
Module 5: Sandbox Monitoring and Analysis Objectives: Monitoring o Tools o Processes Analysis
For a complete listing of scheduled courses, visit http://www.accessdata.com/training/calendar-and-syllabi Some topics and items in this class syllabus are subject to change. This document is for information purposes only. AccessData makes no warranties, express or implied, in this document. AccessData, AccessData Certified Examiner, ACE, Distributed Network Attack, DNA, Forensic Toolkit, FTK, LAB, Password Recovery Toolkit, PRTK, Registry Viewer, and Ultimate Toolkit are registered trademarks of the AccessData Group, LLC. in the United States and/or other countries. Other trademarks referenced are property of their respective owners.
You’ve responded to the incident on your network. You have collected all of the critical volatile data and performed analysis. During your investigation, you found a piece of malware on the victim system, but do not quite understand all that it is designed to do. What are the next steps? This two-day class will help the student understand the concept of building a lab based sandbox environment that can be used to test and observe many artifacts discovered in a breach. Students will walk away with the knowledge and several tools that will help them build their own sandbox environment. During this two-day class, participants will review the following: What is a Sandbox? Building the Sandbox Environment Sandboxes for different Scenarios Monitoring the Sandbox Sandbox Analysis Prerequisites Read and understand the English language Basic knowledge of and experience using personal computers including working with files and folders and basic navigation skills. The skills gained from the Networking for Incident Response five-day class. Basic understanding of Digital Attacks Basic understanding of Incident Response Class Materials and Software You will receive class related information and materials as presented in class as well as lab exercises.
(Continued on other side)
For a complete listing of scheduled courses, visit http://www.accessdata.com/training/calendar-and-syllabi Some topics and items in this class syllabus are subject to change. This document is for information purposes only. AccessData makes no warranties, express or implied, in this document. AccessData, AccessData Certified Examiner, ACE, Distributed Network Attack, DNA, Forensic Toolkit, FTK, LAB, Password Recovery Toolkit, PRTK, Registry Viewer, and Ultimate Toolkit are registered trademarks of the AccessData Group, LLC. in the United States and/or other countries. Other trademarks referenced are property of their respective owners.
Sandboxing for Incident Response Intermediate • Two-Day Instructor-Led Course
(Continued) Module 1: Introduction
Module 4: Sandboxes for Different Scenarios
Topics Introduction of Instructor and Students Class Objectives
Objectives: Malware Network Attack Vector Exfiltration Vulnerability Analysis IOC Development Snapshot Creation
Module 2: What is the Sandbox? Objectives: Defining Sandbox Environments Victim Systems for the Lab Attack Systems for the Lab Monitor and Analysis Systems Module 3: Building the Sandbox Objectives: Designing the Sandbox Building Base Systems Building the Core Network Environment Designing Sandbox Audit Trails Live System Replicas
Module 5: Sandbox Monitoring and Analysis Objectives: Monitoring o Tools o Processes Analysis
For a complete listing of scheduled courses, visit http://www.accessdata.com/training/calendar-and-syllabi Some topics and items in this class syllabus are subject to change. This document is for information purposes only. AccessData makes no warranties, express or implied, in this document. AccessData, AccessData Certified Examiner, ACE, Distributed Network Attack, DNA, Forensic Toolkit, FTK, LAB, Password Recovery Toolkit, PRTK, Registry Viewer, and Ultimate Toolkit are registered trademarks of the AccessData Group, LLC. in the United States and/or other countries. Other trademarks referenced are property of their respective owners.
