Incident Analysis
This training is a practical Incident Analysis workshop, focusing on Windows systems and a bit of traffic analysis with lots of hands on exercises. It is designed for anybody with IT background, willing to learn some of the essential steps during an incident analysis. This is not an advanced class, but more of an incident analysis 101 with a steep learning curve. Topics such as incident handling and incident response will not be part of this course.
During this course you will (hopefully ;-) ) learn a lot about windows/malware internals, and how to:
- Identify Indicators of Compromise
- Analyze network traffic for suspicious behavior
- Investigate disk images
- Analyze memory dumps with volatility
- Differentiate malware from harmless software
- Analyze malware (behavior)
- Correlate gathered logfiles to a specific incident
The language of this course depends on the attendees: if only Germans attend the training, it will be done in German, otherwise the training will be done in English.