Course

Technical Deep Dives with Tools of the Trade

Dig in for hours of deep-dive technical demonstrations to master memory, network and host forensics techniques.
4 hours, 1 minute 14 videos

Syllabus

Scenario 3 – Live Ongoing Hacking Incident, Part 3: Eradication/Recovery

Video - 00:08:00

Investigate and contain this incident and see the logical handoff to disaster recovery and business continuity.
Scenario 3 – Live Ongoing Hacking Incident, Part 2: Investigation/Containment

Video - 00:20:00

Investigate and contain this incident and see the logical handoff to disaster recovery.
Scenario 3 – Live Ongoing Hacking Incident, Part 1: Detection/Investigation

Video - 00:22:00

See a walkthrough of being thrown into a live incident where the threat actors are still present. You will be able to follow along and participate in this response effort.
Scenario 2 – Data Breach/Hacking Incident, Part 3: Eradication/Validation

Video - 00:12:00

We will close out this first data breach case with the data threat eradicated, and move on to recovery.
Scenario 2 – Data Breach/Hacking Incident, Part 2: Containment

Video - 00:24:00

Continue the deep dive by moving from identification to containing the malware and other malicious things found in traffic and memory.
Scenario 2 – Data Breach/Hacking Incident, Part 1: Investigation

Video - 00:24:00

See how host, network and memory forensics are all used together to start finding artifacts and IoCs.
Hands-on Memory Forensics Labs, Part 2: Extracting Artifacts and IoCs from the Dump with Volatility

Video - 00:22:00

Continue the journey into memory with Volatility. This will include looking at previous connections that were not present when the dump was taken, all the way to extracting and carving a live piece of malware from the memory dump.
Hands-on Memory Forensics Labs, Part 1: Extracting a Memory Dump

Video - 00:10:00

A deep dive into memory forensics. This first video includes how to create the memory image from a machine for later analysis.
Hands-on Network Forensics Labs, Part 6: Investigating with Wireshark

Video - 00:15:00

Deep dive with Wireshark, including carving data and malware from traffic.
Hands-on Network Forensics Labs, Part 5: Wireshark Intro

Video - 00:13:00

Introduction to Wireshark for IR and some case work.
Hands-on Network Forensics Labs, Part 4: Putting Them Together

Video - 00:29:00

This session wraps up Zeek by showing how the best artifacts and IoCs are sometimes only apparent when you combine the logs and get proper context.
Hands-on Network Forensics Labs, Part 3: Zeek dns.log

Video - 00:11:00

Continuing our Zeek deep dive with DNS logs.
Hands-on Network Forensics Labs, Part 2: Zeek http.log

Video - 00:13:00

Continuing our Zeek deep dive with connection logs.
Hands-on Network Forensics Labs, Part 1: Zeek conn.log

Video - 00:20:00

Introduction to Zeek and a deep dive into pulling artifacts and indicators of compromise from http logs through Zeek.

Meet the author

Keatron Evans is a cybersecurity and workforce development expert with over 17 years of experience in penetration testing, incident response and information security management for federal agencies and Fortune 500 organizations. He is VP of Portfolio and Product Strategy at Infosec, where he empowers the human side of cybersecurity with cyber knowledge and skills to outsmart cybercrime. Keatron is an established researcher, instructor and speaker — and lead author of the best-selling book, Chained Exploits: Advanced Hacking Attacks from Start to Finish. He regularly speaks at major industry events like RSA and serves as a cybersecurity subject matter expert for major media outlets like CNN, Fox News, Information Security Magazine and more.

Keatron holds a Bachelor of Science in Business Information Systems and dozens of cybersecurity certifications, including Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), Certified Cloud Security Professional (CCSP) and Licensed Penetration Tester (LTP). When not teaching, speaking or managing his incident response business, KM Cyber Security LLC, Keatron enjoys practicing various martial arts styles, playing piano and bass guitar, and spending time with his family.

Unlock 7 days of free training

  • 1,400+ hands-on courses and labs
  • Certification practice exams
  • Skill assessments

Associated NICE Work Roles

All Infosec training maps directly to the NICE Workforce Framework for Cybersecurity to guide you from beginner to expert across 52 Work Roles.

  • All-Source Analyst
  • Mission Assessment Specialist
  • Exploitation Analyst

Plans & pricing

Infosec Skills Personal

$299 / year

  • 190+ role-guided learning paths (e.g., Ethical Hacking, Threat Hunting)
  • 100s of hands-on labs in cloud-hosted cyber ranges
  • Custom certification practice exams (e.g., CISSP, Security+)
  • Skill assessments
  • Infosec peer community support

Infosec Skills Teams

$799 per license / year

  • Team administration and reporting
  • Dedicated client success manager
  • Single sign-on (SSO)
    Easily authenticate and manage your learners by connecting to any identity provider that supports the SAML 2.0 standard.
  • Integrations via API
    Retrieve training performance and engagement metrics and integrate learner data into your existing LMS or HRS.
  • 190+ role-guided learning paths and assessments (e.g., Incident Response)
  • 100s of hands-on labs in cloud-hosted cyber ranges
  • Create and assign custom learning paths
  • Custom certification practice exams (e.g., CISSP, CISA)
  • Optional upgrade: Guarantee team certification with live boot camps

Award-winning training you can trust