Technical Deep Dives with Tools of the Trade Course

Dig in for hours of deep-dive technical demonstrations to master memory, network and host forensics techniques.

4 hours, 1 minute

Syllabus

Scenario 3 – Live Ongoing Hacking Incident, Part 3: Eradication/Recovery

Video - 00:08:00

Investigate and contain this incident and see the logical handoff to disaster recovery and business continuity.
Scenario 3 – Live Ongoing Hacking Incident, Part 2: Investigation/Containment

Video - 00:20:00

Investigate and contain this incident and see the logical handoff to disaster recovery.
Scenario 3 – Live Ongoing Hacking Incident, Part 1: Detection/Investigation

Video - 00:22:00

See a walkthrough of being thrown into a live incident where the threat actors are still present. You will be able to follow along and participate in this response effort.
Scenario 2 – Data Breach/Hacking Incident, Part 3: Eradication/Validation

Video - 00:12:00

We will close out this first data breach case with the data threat eradicated, and move on to recovery.
Scenario 2 – Data Breach/Hacking Incident, Part 2: Containment

Video - 00:24:00

Continue the deep dive by moving from identification to containing the malware and other malicious things found in traffic and memory.
Scenario 2 – Data Breach/Hacking Incident, Part 1: Investigation

Video - 00:24:00

See how host, network and memory forensics are all used together to start finding artifacts and IoCs.
Hands-on Memory Forensics Labs, Part 2: Extracting Artifacts and IoCs from the Dump with Volatility

Video - 00:22:00

Continue the journey into memory with Volatility. This will include looking at previous connections that were not present when the dump was taken, all the way to extracting and carving a live piece of malware from the memory dump.
Hands-on Memory Forensics Labs, Part 1: Extracting a Memory Dump

Video - 00:10:00

A deep dive into memory forensics. This first video includes how to create the memory image from a machine for later analysis.
Hands-on Network Forensics Labs, Part 6: Investigating with Wireshark

Video - 00:15:00

Deep dive with Wireshark, including carving data and malware from traffic.
Hands-on Network Forensics Labs, Part 5: Wireshark Intro

Video - 00:13:00

Introduction to Wireshark for IR and some case work.
Hands-on Network Forensics Labs, Part 4: Putting Them Together

Video - 00:29:00

This session wraps up Zeek by showing how the best artifacts and IoCs are sometimes only apparent when you combine the logs and get proper context.
Hands-on Network Forensics Labs, Part 3: Zeek dns.log

Video - 00:11:00

Continuing our Zeek deep dive with DNS logs.
Hands-on Network Forensics Labs, Part 2: Zeek http.log

Video - 00:13:00

Continuing our Zeek deep dive with connection logs.
Hands-on Network Forensics Labs, Part 1: Zeek conn.log

Video - 00:20:00

Introduction to Zeek and a deep dive into pulling artifacts and indicators of compromise from http logs through Zeek.

Meet the author

Keatron Evans

Keatron is a highly experienced cybersecurity expert and VP of Portfolio and Product Strategy at Infosec with a wealth of expertise. Keatron is a respected author, instructor and speaker who holds numerous cybersecurity certifications and regularly contributes as a subject matter expert for major media outlets.

Unlock 7 days of free training

  • 1,400+ hands-on courses and labs
  • Certification practice exams
  • Skill assessments

Associated NICE Work Roles

All Infosec training maps directly to the NICE Workforce Framework for Cybersecurity to guide you from beginner to expert across 52 Work Roles.

  • All-Source Analyst
  • Mission Assessment Specialist
  • Exploitation Analyst

Plans & pricing

Infosec Skills Personal

$299 / year

  • 190+ role-guided learning paths (e.g., Ethical Hacking, Threat Hunting)
  • 100s of hands-on labs in cloud-hosted cyber ranges
  • Custom certification practice exams (e.g., CISSP, Security+)
  • Skill assessments
  • Infosec peer community support

Infosec Skills Teams

$799 per license / year

  • Team administration and reporting
  • Dedicated client success manager
  • Single sign-on (SSO)
    Easily authenticate and manage your learners by connecting to any identity provider that supports the SAML 2.0 standard.
  • Integrations via API
    Retrieve training performance and engagement metrics and integrate learner data into your existing LMS or HRS.
  • 190+ role-guided learning paths and assessments (e.g., Incident Response)
  • 100s of hands-on labs in cloud-hosted cyber ranges
  • Create and assign custom learning paths
  • Custom certification practice exams (e.g., CISSP, CISA)
  • Optional upgrade: Guarantee team certification with live boot camps

Learn about scholarships and financing with

Affirm logo

Award-winning training you can trust