This course covers the fundamentals of live analysis forensics and
investigation for endpoints.
Hands-on activities span the entire forensics process, beginning
with a FireEye-generated alert, leading to discovery and analysis of
the host for evidence of malware and other unwanted intrusion.
Analysis of computer systems will be performed using FireEye products
and freely available tools.
For FireEye Endpoint Security customers, activities focus on
investigation techniques using features such as the Triage Summary and
Audit Viewer. Optionally, students can work with the API to automate
actions and explore integrating FireEye Endpoint Security with other systems.
After completing this course, learners should be able to:
- Describe methods of live analysis
- Demonstrate the
ability to plan, execute and report on a digital forensic
- Investigate a Redline triage package using a
- Validate and provide further context
for FireEye alerts
- Identify malicious activity hidden among
common Windows events
Who Should Attend
Network security professionals and incident responders who must use
FireEye Endpoint Security to investigate, identify and stop cyber threats.
Completion of the Endpoint Security Deployment course. A working
understanding of networking and network security, the Windows
operating system, file system, registry and regular expressions, and
experience scripting in Python.