The focus of this course is to provide a foundation in investigating network-based crimes, and in proactive methods that can be used to assess network-based threats.
The course is structured in five key areas, and will re-enforce knowledge, building up to a final large-scale investigation. Attendees will be assessed for their skills after each day, and then at the end as part of the investigation.
The course is supported by on-line testing, on-line videos, fun activities and a range of sample network traces.
Overview: This involves an in-depth analysis of the capture and analysis of network based traffic, including all the key protocols involves. This includes ARP, ICMP, IP, TCP, Email, Remote Access, and a wide range of protocols.
· Understanding of the key traces of the timeline of activity.
· Develop a deep understanding in how to analyse the details of a trace, especially focused on the key places for evidence gathering.
Overview: This involves investigating a range of tools which can be used to probe for vulnerabilities within an IT infrastructure, and uses tools such as NMAP and NESSUS to analyse weaknesses in systems. This knowledge can be used to provide support for organisations, and also to provide vectors into criminal infrastructures. Along with this the investigator will gain the skills of identifying probes within a network, which might identify signs of criminal activities. The day will also cover taking an adversary role in order to exploit weaknesses.
· Understand how to use vulnerability scanning tool to assess systems.
· Identify the key traces of someone probing into a network in order to discover information.
· Follow an adversary role in order to exploit a weakness.
Overview: This day builds on Day 2 and analyses Web-based infrastructure in order to gather information around an intrusion.
· Understand the methods used to gather information related to an intrusion.
· Develop an in-depth knowledge of probing within a network infrastructure.
· Develop an understanding of how to analyse and find information which large log files.
Overview: This day analyses malware in detail, and aim to understand how malware is transmitted over a network and the pointers for investigation when the malware has infected a host.
· Understand a how real-life malware work and the trails of evidence that they leave.
· Understand how to investigate key places for malware analysis, including from memory, the registry, network traffic, and the trace on disk systems.
· Define ways of clearing a malware.
Overview: This day sets up a number of large-scale investigation, in order to determine the key trails of incidence.
· Understanding of how to analyse and report on a network traffic investigation for a simulated criminal event.
· Understanding of how to analyse and report on network and host log investigation for a simulated criminal event.
· Understanding of how to scan a host and then exploit it to gain access to some sensitive data.