Overview
The course provides the participants key skills in network forensic techniques including how attackers attack servers in DMZ, how attackers attack client’s computers etc. which is based on simulation attack such as attack against servers in DMZ and APT attack In order to acquire these techniques, participants conduct multiple log analysis and deep packet analysis, and write detection rules (signature).
Target attendees
- SOC analyst in Incident response team,
- CSIRT technical engineer in Incident response team,
- Analyst of cybercrime and cyberattack,
- System security engineer and system manager
Target attendees
- Find traces of attacks from multiple logs and judge attack impact
- Find traces of attacks from network packets.
- Find traces of attacks using SIEM
- Make own countermeasures using IDS, WAF, Malware Detection Tool