Malware Forensics & Incident Response

Foundstone


Register Now

Overview:

McAfee's Malware Forensics & Incident Response Education (MFIRE) workshop is a proactive weapon to help you normalize your environment after a negative event has occurred. Hackers and cybercriminals have increasingly sophisticated tools and backdoor programs at their disposal to steal your intellectual property and expose sensitive information – all with the ability to cover their tracks by using malware. IT professionals charged with protecting the environment can be overwhelmed, causing attacks to be ignored or mistakenly diagnosed as a system or network problem. During this workshop we provide you with the techniques to identify, respond to, and recover from malware incidents. Malcontent and security holes exist in alarming numbers, and as a result the possible compromises on your network and applications are an unfortunate fact of corporate life. A total network-security plan includes the capability to resolve incidents after they occur. This comprehensive, technically detailed course enables you to successfully respond to malware incidents and reinforces your security posture.

Who Should Take This Class

System and network administrators, corporate security personnel, auditors, law enforcement officers, and consultants responsible with investigating malware outbreaks or network investigations.

Basic understanding of Windows OS, and TCP/IP networking is required for the course to be fully beneficial.

What You'll Learn

This Workshop will give you a study of the incident response process related to malware. Starting from tracing the Internet to analyze malware, Foundstone updates this class continuously by integrating the latest security threats and countermeasures.

In this hands-on classroom, you will learn how to respond to malware incidents. While in the security lab, you will learn to apply this knowledge. With McAfee's expert instruction, you learn step-by-step incident response procedures & forensic techniques used for malware infections and outbreaks. These methods are tailored to your organization's security architecture, so you can apply them in the real world long after class is completed.

Exercises

All topics are supported by hands-on exercises specifically designed to increase knowledge retention. Classroom exercises provide the extensive hands-on experience needed to effectively identify, contain, and respond to complicated and potentially damaging intrusions.

Course Materials

  • Student manual
  • Class handouts
  • REMNux a bootable malware distribution

Workshop Outline

Day 1:
Module 1 – Introduction

  • Introductions
  • Purpose
  • Course Objectives
  • Classroom Etiquette

Module 2 – IR process

  • Tenets of Incident Response
  • Order of Volatility
  • Incident Response Process Overview
  • Pre-Incident preparation
  • User Awareness

Module 3 – Intro to the world of malware

  • Statistics
  • Species
  • What are we dealing with?
  • resources

Module 4 – Research of domains, urls & ip addresses

  • Finding the bad guys on the internet
  • Whois/DNS
  • FastFlux

Day 2:
Module 5 – Forensics & malware analysis

  • Static vs Dynamic analysis
  • Analyzing Malicious Documents
  • Basic Malware Reversing

Module 7 – the Grand Final

  • For the final lab, the instructor will provide a 0-day piece of malware that needs to be analyzed. Students need to use the skills they have learned during the class to conduct and present their analysis


Early:
Ends August 15
Regular:
Ends October 17
Late:
Ends December 12

$2200

$2400

$2600