Windows System Analysis Training
Windows System Analysis Training: Many organizations rely on technology to perform anomaly detection and investigation. But when it comes to identifying and investigating abnormal behavior on a system, there is no substitute for a well-trained analyst. Windows System Analysis teaches students how to identify abnormal activity and investigate a running system that may have been compromised.
In this Windows System Analysis Training course, students will learn the most useful commands, tools, and techniques that can be employed during an investigation to reveal significant indicators of infiltration and how to create a system baseline for future analysis. This Windows System Analysis course is primarily focused on the Windows 10 operating system, but includes many tools and techniques that also apply to Windows 7 and more recent versions of the Windows Server.
The practical assessment for this Windows System Analysis course is an investigation scenario that will require students to use all of the knowledge, skills and abilities acquired during class to remotely analyze a network of systems, identify compromised machines, and remediate as appropriate.
Duration: 5 days
RESOURCES
- Windows System Analysis Training – https://www.wiley.com/
- Windows System Analysis Training – https://www.packtpub.com/
- Windows System Analysis – https://store.logicaloperations.com/
- Windows System Analysis Training – https://us.artechhouse.com/
- Windows System Analysis Training – https://www.amazon.com/
RELATED COURSES
CUSTOMIZE It
- We can adapt this Windows System Analysis course to your group’s background and work requirements at little to no added cost.
- If you are familiar with some aspects of this Windows System Analysis course, we can omit or shorten their discussion.
- We can adjust the emphasis placed on the various topics or build the Windows System Analysis Course around the mix of technologies of interest to you (including technologies other than those included in this outline).
- If your background is nontechnical, we can exclude the more technical topics, include the topics that may be of special interest to you (e.g., as a manager or policy-maker), and present the Windows System Analysis course in manner understandable to lay audiences.
AUDIENCE/TARGET GROUP
The target audience for this Windows System Analysis course:
- Novice Malware Analysts
- Incident Response Team Members
- Network Security Professionals
- Forensic Analysts
CLASS PREREQUISITES
The knowledge and skills that a learner must have before attending this Windows System Analysis course are:
- Windows 10 Training (MD-100)
- TCP/IP Networking Training Overview
- This is an introductory course ideal for those seeking a career in malware analysis, incident response, or digital forensics.
- Students should be familiar with the general use of Windows systems, including the command line interface, and have at least a basic understanding of TCP/IP networking
Windows System Analysis Training - OBJECTIVES
Upon completing this Windows System Analysis course, learners will be able to meet these objectives:
- Identify the core components of the Windows operating system and ascertain their current state using built-in or other trusted tools
- Analyze a running system and detect abnormal behavior relating to processes, DLLs, network connections, the registry and Windows services
- Use event log analysis to verify and correlate the artifacts of anomalous behavior, and determine the scope of an intrusion
- Use PowerShell to interact with the operating system and build scripts to automate repetitive analytic tasks
- Create and use a system baseline to identify unexpected items such as rogue accounts or configuration changes
- Conduct remote investigations of potentially compromised Windows workstations and servers
Windows System Analysis Training - COURSE SYLLABUS
- OS Overview
- Processes
- Dynamic Linked Libraries (DLLs)
- Network Connections
- The Registry
- Services
- Logs and Timelines
- PowerShell Basics
- Querying the Operating System
- Scripting with PowerShell
- Baselining with PowerShell
- Remote Administration
Labs:
- OS Familiarization
- Process Explorer Familiarization
- Process Scenario
- Inspecting DLLs
- Memory Mapping
- Process Injection
- TCPView and Netstat
- Registry Familiarization
- Registry Analysis
- Analyzing Services
Windows System Analysis Training Course Wrap-Up
Whether you are looking for general information or have a specific question, we want to help.
Request More Information