Incident Analysis

This training is a practical incident analysis workshop, focusing on windows systems and a bit traffic analysis with lots of hands on exercises. It is designed for anybody with IT background, willing to learn some of the essential steps during an incident analysis. This is not an advanced class, but more of an incident analysis 101 with a steep learning curve. Topics like incident handling and incident response will not be part of this course.

During this course you will (hopefully ;-) ) learn a lot about windows/malware internals, and how to

  • Identify indicators of compromise
  • Analyze network traffic for suspicious behavior, investigate disk images (this topic is covered more specifically in the “Forensic Computing”-WS)
  • Analyze memory dumps with volatility
  • Differentiate malware from harmless software
  • Analyze malware(behavior),
  • Correlate gathered logfiles to a specific incident.

The language of this course depends on the attendees: If only Germans attend the training will be done in Deutsch, otherwise the training will be done in English.

Requirements for this course:

  • A laptop with administrative privileges and pre installed VirtualBox
  • TCP/IP Knowledge
  • Wireshark usage
  • Familiar with a shell

Good to have, but not necessary:

Experience with at least one programming language. Basic knowledge about hacking techniques.

About the Speakers