7Safe Certified Malware Investigator Training (CMI)

7Safe Certified Malware Investigator Training (CMI)

Course Delivery

This Course is available in the following format:

Request this course in a different delivery format

GSA Schedule 70 Saving for Government Customers

Course Overview:

7Safe Certified Malware Investigator Training (CMI) Course with Hands-on Labs

This is a core-level technical 7Safe Certified Malware Investigator Training (CMI) course for people looking to extend their digital forensic knowledge beyond conventional device analysis.

On this four-day practical 7Safe Certified Malware Investigator Training (CMI) course you will investigate forensic case studies, applying the principles, knowledge and techniques learn during the 7Safe Certified Malware Investigator Training (CMI) course. It will help you protect your IT environment by showing you how to conduct malware analysis, from first principles all the way to investigating network activity stemming from malicious software infection that your AV software has failed to detect.

Customize It:

• If you are familiar with some aspects of this 7Safe Certified Malware Investigator Training (CMI) course, we can omit or shorten their discussion.
• We can adjust the emphasis placed on the various topics or build the 7Safe Certified Malware Investigator Training (CMI) course around the mix of technologies of interest to you (including technologies other than those included in this outline).
• If your background is nontechnical, we can exclude the more technical topics, include the topics that may be of special interest to you (e.g., as a manager or policy-maker), and present the 7Safe Certified Malware Investigator Training (CMI) course in manner understandable to lay audiences.

Related Courses:

7Safe Certified Security Testing Associate (CSTA) – Ethical Hacking Training
7Safe Certified Security Testing Professional (CSTP) – Ethical Hacking II Training

Prerequisites:

The knowledge and skills that a learner must have before attending this 7Safe Certified Malware Investigator Training (CMI) course are as follows:

Completion of the 7Safe CFIP course is highly recommended. Otherwise you will need:

• Knowledge of the principles surrounding forensic investigation and an understanding of the preliminary forensic investigation case considerations
• Sound experience with the Microsoft Windows operating systems
• An understanding of how a web page is requested and delivered
• Ideally an understanding of Command Line Interface (CLI) and TCP/IP networking concepts

Audience / Target Group:

The target audience for this 7Safe Certified Malware Investigator Training (CMI) course:

• Technical persons who support, install, deploy or administer Check Point Software Blades should attend this course.

This could include the following:

For those looking to develop their skills in malware identification and analysis including:

• Digital forensic analysts
• Cyber incident investigators
• Law Enforcement Officers
• System administrators

What You Will Learn:

Upon completing this 7Safe Certified Malware Investigator Training (CMI) course, learners will be able to meet these objectives:

After completing this 7Safe Certified Malware Investigator Training (CMI) course, attendees will be able to:

• You will learn how to identify, analyse and interpret malicious software and associated forensic artefacts, including Trojan horses, viruses, worms, backdoors and rootkits
• How Trojan payloads can be used to bypass anti-virus software, personal and corporate firewalls
• You will practice malware investigations from mounted, booted and network perspectives, and undertake real-world exercises, including the conversion of E01 forensic images to bootable virtual machine disks
• The function, structure and operation of the Windows registry, and investigation of malicious software locations in the registry and file system

7Safe Certified Malware Investigator Training (CMI) – Course Syllabus:

1. Analysis Environments

a. Identify and define the five analysis environments
b. Identify situations in which each of the investigation environments could be used effectively
c. Identify their respective levels of risk both to the original data as well as other systems

2. Malicious Software

a. Define the term “malicious software”
b. Identify and define different types of malicious software
c. Identify similarities and differences between different types of malicious software

3. Malware Investigation

a. Identify the stages of malware investigation
b. Critically assess the capabilities and limitations of antimalware tools
c. Identify the different means of running software at system start-up

4. Methods of Deception

a. Identify mechanisms of malware delivery
b. Identify mechanisms of disguise
c. Identify client security circumvention

5. Mounted Analysis

a. Mounting forensic images as logical drives
b. Using malware scanners against the mounted image
c. Documenting the results of malware scans
d. Using online scanners for further clarification

6. Booted Analysis

a. Identify approaches to creating a booted analysis environment
b. Experiment with making a Virtual Machine
c. Identifying password implications
d. Identifying and explaining the potential differences between mounted and booted analysis results

7. Network Analysis

a. Identify key reasons for network analysis
b. Methods of building a network for analysis
c. Explaining network communication protocols
d. Using traffic analysis tools for network analysis
e. External Port Analysis
f. Identifying and explaining the potential differences between network and other analysis results

8. Virtualisation Malware

a. Explain how hardware Hypervisor support allows for virtualisation malware
b. Define Type I, Type II and Type III malware

9. Simplifying Complex Evidence

a. Aiming the report at a subject knowledge level fitting the target audience
b. Discuss a sample report outline

Whether you are looking for general information or have a specific question, we want to help!

Request More Information

Print Friendly, PDF & Email