Technical Deep Dives with Tools of the Trade

Dig in for hours of deep-dive technical exercises to master memory, network and host forensics techniques.

14 videos  //  241 minutes of training

Free training week — 700+ on-demand courses and hands-on labs

Course description

This course is all about doing. The exercises are written with the assumption that viewers may want to follow along and learn from doing these exercises. Virtual machine and data/source files for all labs are included.

Course syllabus

Hands-on Network Forensics Labs, Part 1: Zeek http.logDuration: 19:44

Introduction to Zeek and a deep dive into pulling artifacts and indicators of compromise from http logs through Zeek.

Hands-on Network Forensics Labs, Part 2: Zeek conn.logDuration: 12:43

Continuing our Zeek deep dive with connection logs.

Hands-on Network Forensics Labs, Part 3: Zeek dns.logDuration: 10:44

Continuing our Zeek deep dive with DNS logs.

Hands-on Network Forensics Labs, Part 4: Putting Them TogetherDuration: 28:55

This session wraps up Zeek by showing how the best artifacts and IoCs are sometimes only apparent when you combine the logs and get proper context.

Hands-on Network Forensics Labs, Part 5: Wireshark IntroDuration: 12:56

Introduction to Wireshark for IR and some case work.

Hands-on Network Forensics Labs, Part 6: Investigating with WiresharkDuration: 15:08

Deep dive with Wireshark, including carving data and malware from traffic.

Hands-on Memory Forensics Labs, Part 1: Extracting a Memory DumpDuration: 10:26

A deep dive into memory forensics. This first video includes how to create the memory image from a machine for later analysis.

Hands-on Memory Forensics Labs, Part 2: Extracting Artifacts and IoCs from the Dump with VolatilityDuration: 21:41

Continue the journey into memory with Volatility. This will include looking at previous connections that were not present when the dump was taken, all the way to extracting and carving a live piece of malware from the memory dump.

Scenario 2 – Data Breach/Hacking Incident, Part 1: InvestigationDuration: 23:40

See how host, network and memory forensics are all used together to start finding artifacts and IoCs.

Scenario 2 – Data Breach/Hacking Incident, Part 2: ContainmentDuration: 23:35

Continue the deep dive by moving from identification to containing the malware and other malicious things found in traffic and memory.

Scenario 2 – Data Breach/Hacking Incident, Part 3: Eradication/ValidationDuration: 12:08

We will close out this first data breach case with the data threat eradicated, and move on to recovery.

Scenario 3 – Live Ongoing Hacking Incident, Part 1: Detection/InvestigationDuration: 21:59

See a walkthrough of being thrown into a live incident where the threat actors are still present. You will be able to follow along and participate in this response effort.

Scenario 3 – Live Ongoing Hacking Incident, Part 2: Investigation/ContainmentDuration: 19:39

Investigate and contain this incident and see the logical handoff to disaster recovery.

Scenario 3 – Live Ongoing Hacking Incident, Part 3: Eradication/RecoveryDuration: 7:51

Investigate and contain this incident and see the logical handoff to disaster recovery and business continuity.

Meet the author

Keatron Evans

LinkedIn

Keatron Evans is regularly engaged in training, consulting, penetration testing and incident response for government, Fortune 50 and small business. In addition to being the lead author of the best selling book, Chained Exploits: Advanced Hacking Attacks from Start to Finish, you will see Keatron on major news outlets such as CNN, Fox News and others on a regular basis as a featured analyst concerning cybersecurity events and issues.

For years, Keatron has worked regularly as both an employee and consultant for several intelligence community organizations on breaches and offensive cybersecurity and attack development. Keatron also provides world class training for the top training organizations in the industry, including Infosec Flex live boot camps and the Infosec Skills on-demand skill development platform.

Train on your schedule

Personal
Teams

Infosec Skills subscription

Monthly
Annually
  • 80+ role-based learning paths (Ethical Hacking, Threat Hunting, etc.)
  • 100s of hands-on labs in cloud-hosted cyber ranges
  • Custom certification practice exams (CISSP, Security+, etc.)
  • Skill assessments
  • Infosec peer community support
  • Create custom learning paths from 100s of courses

Infosec Skills boot camp

Request a quote for pricing

 

Request Quote Browse Boot Camps
  • Exam Pass Guarantee
    If you don’t pass your exam on the first attempt, you'll get a second attempt for free. Includes the ability to re-sit the course for free for up to one year.
  • 100% Satisfaction Guarantee
    If you’re not 100% satisfied with your training at the end of the first day, you may withdraw and enroll in a different online or in-person course.
  • Live, instructor-led training (available in-person or online)
  • 90 day extended access to recordings of daily lessons
  • Certification exam voucher
  • Learn by doing with hundreds of additional hands-on courses and labs Infosec Skills Annual

Infosec Skills subscription

Annual

$599 per learner / year

Request Quote Free Team Trial
  • Team administration and reporting
  • Transferable licenses
  • 80+ role-based learning paths (Ethical Hacking, Threat Hunting, etc.)
  • 100s of hands-on labs in cloud-hosted cyber ranges
  • Custom certification practice exams (CISSP, Security+, etc.)
  • Skill assessments
  • Create and assign custom learning paths
  • Dedicated client success manager

Infosec Skills boot camp

Request a quote for pricing

 

Request Quote Browse Boot Camps
  • Team boot camp administration and reporting
  • Exam Pass Guarantee
    If you don’t pass your exam on the first attempt, you'll get a second attempt for free. Includes the ability to re-sit the course for free for up to one year.
  • 100% Satisfaction Guarantee
    If you’re not 100% satisfied with your training at the end of the first day, you may withdraw and enroll in a different online or in-person course.
  • Knowledge Transfer Guarantee
    If an employee leaves within three months of obtaining certification, Infosec will train a different employee at the same organization tuition-free for up to one year.
  • Certification exam vouchers
  • Live, instructor-led training (available onsite, in-person or online)
  • 90 days extended access to recordings of daily lessons
  • Build your team's skills with hundreds of additional hands-on courses and labs

Award-winning training that you can trust

Best Software - Highest Satisfaction

Best Software - Highest Satisfaction

Infosec Skills

Best IT Security-related Training Program

Best IT Security-related Training Program

Infosec Skills

Best Cybersecurity Education Provider & Best Security Education Platform

Best Cybersecurity Education Provider & Best Security Education Platform

Infosec Skills

Most Innovative Product - Cybersecurity Training for Infosec Professionals

Most Innovative Product - Cybersecurity Training for Infosec Professionals

Infosec Skills

Global Excellence - Cyber Security Education & Training

Global Excellence - Cyber Security Education & Training

Infosec Skills

Exceptional learning experiences powered by LX Labs cyber expertise

Infosec Skills courses and labs are powered by LX Labs — our elite team of cyber SMEs, learning specialists and community of top-ranked security instructors, published authors and sought-after industry leaders. We rigorously vet all Infosec Skills training resources to guarantee they meet certification and compliance requirements and align with recognized guidelines like the NICE Cybersecurity Workforce Framework.

LX Labs