Techno Training Bootcamp.

Windows Log Analysis for Incident Responders training will take place March 3 - 4, 2008 in Charlotte, NC. Click here for additional venue and hotel information.

Clicking the link below will take you to the shopping cart for Forward Discovery. Please register with the site in order to make payment for the course.

Click to register for course

 

Windows Log Analysis for Incident Responders

So you’ve responded to an incident. You’ve identified impacted systems, collected forensic images, copied out all of the log files, and started a chain of custody to track all of the evidence. Congratulations! Now what?

This two-day seminar provides incident responders with the knowledge needed to analyze and understand the wealth of information recorded within a Windows-based network. Participants will learn to parse through Windows Event Logs and other Windows log files to ascertain the who, what, when, where and how of a network incident. Through a series of classroom lectures and interactive exercises, students will learn to:

• Track user activity throughout the network by correlating logs from different systems
• Identify password attacks and understand the vulnerabilities and poor security practices that permit them
• Determine access to files and other objects
• Locate evidence of common attack vectors within log files
• Explore the changes in log file formats and capabilities introduced in Windows Vista

This course promises to take your knowledge of incident response and network security monitoring to the next level, enabling you to not only respond to an incident, but to actually analyze, address, and mitigate the incident appropriately.

Participants must supply their own laptop capable of supporting VMWare Player. Recommended configuration is at least a Core Duo or comparable system with 1 - 2 GB of RAM, but less robust systems may also suffice.

This course is being offered as part of the Techno Training Bootcamp at the Charlotte, NC Convention Center on March 3 - 4, 2008. Cost of the two-day course is only $995 and includes free admission to Techno Security or Techno Forensics 2008.

About the Instructor

This course will be taught by Steve Anson, co-author of Mastering Windows Network Forensics and Investigation. Steve has been an instructor at the FBI Academy in the area of cybercrime and computer intrusion investigation. He has served as a special agent with the Department of Defense conducting international investigations into intrusions and cyber attacks against US military networks, and he previously founded and supervised a local police department computer crime and information services unit. Steve holds a Master of Computer Science degree, as well as the CISSP and MCSE certifications.