Unlock the potential of generative AI across all your managerial functions.
Discover! ×
(+212) 6 60 10 42 56
Log in
Forgot password
Or create your account
You have just added to your selection
Your cart is empty, See our trainings

Description

This advanced course will show you the essential techniques for carrying out a post-mortem analysis (also called inforensic) of computer security incidents. Following attack simulations, you will learn how to collect and preserve evidence, analyze it and improve IT security after the intrusion.

Who is this training for ?

For whom ?

Systems and network engineer/administrator, responsible for security.

Prerequisites

Training objectives

  • Master good reflexes in the event of an intrusion on a machine
  • Collect and preserve the integrity of electronic evidence
  • Analyze the intrusion a posteriori
  • Improve your security after an intrusion

    • Training program

      • Computer forensics.
      • Types of computer crimes.
      • Role of the computer investigator.
      • Types of crime.
      • Security incident management framework, CERT.
      • Analyze and understand network attacks.
      • Network intrusion detection.
      • Protection tools, French legislation.
      • Practical work Analyze network logs from a Volumetric DDoS, ARP.
      • Setting up SNORT.
      • Acquisition, analysis and response.
      • Understanding the startup processes.
      • Collect volatile and non-volatile data.
      • How the system works password, Windows registry.
      • Analysis of data contained in RAM, Windows files.
      • Analysis of cache, cookie and browsing history, event history.
      • Practical work Injecting a user.
      • Crack the password.
      • Collect, analyze data from RAM.
      • Reference, hash all files.
      • Explore browser data, registry.
      • Visualize, sort, search in traces.
      • Splunk to understand attacks.
      • Practical work Install, configure Splunk.
      • Analyze Web logs from a Brute-Force on Form, implementation of countermeasures.
      • Heterogeneity of sources.
      • What is a security event? Security Event Information Management (SIEM), events collected from the IS.
      • System logs of equipment (firewalls, routers, servers, databases).
      • Practical work Geolocation of addresses.
      • Analysis of web user history (cookie, data sent POST).
      • Analyze Web logs from SQL Injection and implement countermeasures.
      • Definition, role, types and classification rules.
      • Evaluate and secure electronic elements of a crime scene.
      • Collect and preserve the integrity of electronic evidence.
      • Practical work Duplicate data bit by bit, check integrity.
      • Recover deleted and/or hidden files.
      • Analysis of digital data.
    • 1026
    • 28 h

    Submit your review

    Training in our centers
    Reference
    PL-54
    Duration
    4 Days ( 28 hrs)
    Request a quote
    Training in your company
    Reference
    PL-54
    Duration
    4 Days ( 28 h)
    Request a quote
    On-demand training

    Interested in this topic? Our experts design your customized training!

    Contact us
    Translated By Google Translate