Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Endpoint Live Forensics
While there is undoubtedly a need for deep forensic analysis in the investigation of malware and operating system intrusions, an investigator has to know that there has been an intrusion before that activity can begin. Many organizations rely on technology to perform this task, but there is still no substitute for a well-trained analyst, when it comes to identifying and investigating abnormal behavior on a system.
Endpoint Live Forensics teaches students how to identify abnormal activity and investigate a running system that may have been compromised. In this course, students will learn the most useful commands, tools and techniques that can be employed during investigation to reveal the significant indicators of infiltration, as well as how to create a system baseline to be used for future analysis. This course is focused primarily on the Windows 10 and Linux operating systems.
Course Overview
- Familiarity with the general use of Windows systems and at least beginner-level experience with the command line interface
- Basic understanding of TCP/IP networking
- Experience with VMware or other virtualization software is an advantage
Related Courses:
8890 McGaw Road
Suite 200
Columbia, MD 21045
625 W Adams Street
Chicago, IL 60661
5908 Headquarters Drive
Suite 400
Plano, TX 75024
201 N Franklin St
Floor 37
Tampa, FL 33602
40 E. Rio Salado Parkway
Suite 200
Tempe, AZ 85281
- Providers
- Courses
- Course and Provider Quantity
Learning Objectives
- Identify the core components of the operating system and certain a current state, using built-in or other trusted tools.
- Analyze a running system and detect abnormal behavior relating to operating system components.
- Use event log analysis to verify and correlate the artifacts of anomalous behavior and determine the scope of an intrusion.
- Build or modify PowerShell scripts to Interrogate an operating system and automate repetitive analytic tasks.
- Create and use a system baseline to identify unexpected items, such as rogue accounts or configuration changes.
Framework Connections
The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):
Competency Areas
Feedback
If you would like to provide feedback on this course, please e-mail the NICCS team at NICCS@mail.cisa.dhs.gov. Please keep in mind that NICCS does not own this course or accept payment for course entry. If you have questions related to the details of this course, such as cost, prerequisites, how to register, etc., please contact the course training provider directly. You can find course training provider contact information by following the link that says “Visit course page for more information...” on this page.