Windows incident Response and Logging - 1 Day Mon
$99 - ISSA/OWASP/InfraGard Members
$199 - Non Members
Evaluating a Windows based system during an event or incident can be a challenge, many do not know where to begin. An introduction of the basic concepts of Incident Response, and for Windows based systems will be covered. This course will also focus on using LOG-MD, a Windows logging, malware discovery and forensic tool used to investigate a suspect system.
This course will walk through auditing a Windows system and evaluate the report of settings that will need to be configured from a log and audit perspective. Once logging and auditing is properly configured, we will look at what LOG-MD can discover and report from a Logging perspective.
In addition attendees will learn how to use LOG-MD to do full file system hashing and registry snapshots. A full review of the features of LOG-MD and how they can be used for Incident Response and why will be covered.
Once the features of LOG-MD are understood, we will walk through how to use and apply LOG-MD, baseline and whitelist known and trusted items to help reduce the noise to find the bad.
A demonstration of a typical event using real malware will be shown and LOG-MD applied in a table top Incident Response exercise.
All attendees will receive a copy of LOG-MD Professional as a part of the class and to use back at their jobs.
• Introduction to Incident Response
• What logging can do for you – Real hacks caught in the act
• LOG-MD – Audit your system
• The Windows Logging Cheat Sheet(s) – What to set
• Auditing files, directories and registry keys – Why is this important to IR
• Command Line Logging and Network connections – Real intelligence
• Walk through of LOG-MD features
• LOG-MD Logging report
• Other tools used
• LOG-MD Baseline the file system
• LOG-MD Baseline the registry
• Whitelisting known and good items
• Investigating your system
Malware Discovery and Malware Analysis - 2 Days Tue-Weds
$399 - ISSA/OWASP/InfraGard Members
$499 - Non Members
Malware Discovery and Malware Analysis is an essential skill for today’s Information Security and IT professionals.
This course focuses on how to discover if a system has malware, how to build a malware analysis lab and perform basic malware analysis quickly. The goal and objective to apply the results to Malware Management with actionable information to improve your Information Security program. Tools and techniques used and steps to analyze malware to determine if a system is clean or truly infected will be covered. The concept of Malware Management, Malware Discovery and Malware Analysis will be discussed with exercises linking the three concepts together.
This course is intended for everyday commodity malware that you might get in email phishing or surfing to advanced targeted malware. The focus will be on Windows systems; but will touch on some tools for Apple and Linux systems as well. All attendees will get a copy of LOG-MD Professional as part of the class.
• Introductions, Goals & Objectives and Terms & Concepts
• Malware Management & Labs
• Lunch – Provided by Critical Start
• Malware Discovery & Labs
• Types of Analysis and Malware Analysis flows
• Malware Analysis Data Labs
• Questions and Discussion
• Complete Building a Malware Analysis Lab
• Malware Analysis Introduction
• Malware Analysis Tools
• Lunch – Sponsored by
• Automated Analysis & Lab
• Basic Malware Analysis & Lab
• Logging for Malware