RSA NetWitness Forensics

• Course Overview
• Course Content
• Customer Reviews

Course Overview

---

The RSA NetWitness Forensics training course examines the role of the security/forensics analyst whose focus is on targeted malware, zero-day attacks and advanced persistent threats (APTs). Participants will learn the concepts and methodology of digital forensics, investigations, including the malevolence of a network attack, the means by which it is carried out and how malware spreads. They will use RSA NetWitness Spectrum, Investigator, and Live! to practice basic skills used to detect malware. Participants will also report on results and make recommendations for corrective actions.

Course Content

---

The Threat Landscape: Malware and Advanced Persistent Threat   

• Introduction to the Threat Landscape
• Changing the Security Mindset
• Building a Security Capability
• Malware: A Definition
• Concepts in Practice: RSA NetWitness Investigator
• Lab: Using Investigator for Analysis

Developing Sources for Malware Analysis   

• Building External Data Sources
• Building Internal Sources
• Gathering Data with RSA NetWitness Live
• Reviewing RSA NetWitness Spectrum Data Analysis Techniques
• Concepts in Practice
• Lab: Selecting content resources, investigating malicious code using metadata and creating a custom action

Analysis for Malware and Advanced Persistent Threat   

• Digital Evidence
• Defining Advanced Analysis
• Methods for Detecting Malware
• Parsers (Flexparse and SNORT)
• Concepts in Practice - FlexParse for RSA NetWitness
• Lab: Generating a New Parser for RSA NetWitness Decoder

Defining a Forensic Process   

• Obtaining Data
• Filtering the Data
• Performing Analysis (Mad or Bad)
• Communicating Results
• Concepts in Practice - Forensic analysis using RSA NetWitness Investigator
• Lab: Conducting and Reporting an Investigation

Automating Malware Detection: RSA NetWitness Spectrum   

• Automating Detection Overview
• RSA NetWitness Spectrum Overview
• Analysis Techniques
• Use Case Examples
• Analysis Tips
• Concepts in Practice: RSA NetWitness Spectrum
• Lab: Automating malware analysis with RSA NetWitness Spectrum

Making Risk Decisions and Taking Action   

• Defining and Managing Risk
• Building Reports
• Sharing Intelligence using RSA NetWitness
• Taking Action
• Concepts in Practice: Threat Response Collaboration Framework
• Lab: Generating and Sharing Information

Future-Proofing the Enterprise   

• Evolution of Enterprise Security
• Continuous Monitoring
• Incident Response
• Security the Cloud
• Accepting the Challenge

Capstone Project   

• Participants are presented with a case study to determine what types of malicious activities are happening on an organization's network using a record of the packets that have passed through the network, including documenting the findings and archiving the relevant artifacts in a forensic repository.
• Participants will design a report that they can use to present as evidence to a decision-maker
• Participants will present their findings to the class

Customer Reviews

---

---

---

...more