Overview
This course is in collaboration with
NECAsia Pacific and
LAC.
In recent years, many network forensics techniques and processes have been developed in the cyber security world to investigate the ever-increasing number of security threats. Network forensics techniques allow the finding and tracking of internal and external network attacks and suspicious situations by focusing on inherent network vulnerabilities and communication protocols. Network forensics experts need to be capable of capturing, recording, and analysing network events in order to discover indications of/sources of security attacks through network communications analysis.
This four-day training course offers skills and techniques for future forensic investigator or analyst in a Security Operations Centre (SOC). Participants can equip themselves with a wide range of skills starting from basic skills of log and packet analysis, methods to identify attacks, methods to identify malware traces and basic techniques of correlational analysis.
Participants can then adopt these skills and techniques to use on daily security operations. This can help to identify cybersecurity threats more effectively and more accurately than before.
What You’ll Learn
This course is based on field knowledge by NEC APAC/LAC who run SOC and offer incident response and VA/PT services. In this Network Forensic course, the major base of skills and technique come from real field experience of SOC.
Basic knowledge for analysis
Participants will learn how to analyse packets and find the original sources of packets in a communication network or in special proxy network environment and understand cipher and character encoding.
Attack packet analysis
Participants will learn the known common attack methods and techniques against Networks, Operating Systems (OS), Middleware and Web Applications. Techniques such as SQL injection and Password cracking are covered too. Participants will learn the differences in logs between normal access and unauthorized accesses to make reasonable judgement calls whether the suspicious activities are false positives or otherwise.
Malware analysis
Participants will acquire knowledge of surface and dynamic analysis methods and acquire the skills to conduct a quick malware analysis to detect common malware e.g., Worm, Ransomware, Banking Malware and RAT etc. For hands-on exercise, participants execute real malware in the lab and analyse them from which they will achieve a deeper understanding of the techniques learnt. They can then apply these knowledge and techniques back at their work place.
System log analysis
Participants will learn techniques to find traces of attacks and intrusions in the logs of products other than security devices, such as proxy servers, web servers, Windows, and DNS servers.
Deep Analysis (basic)
Participants will learn the key points and practical examples of detecting threats based on correlation. Furthermore, participants will learn to analyse a large amount of packet data efficiently and extract unauthorized transactions when an incident occurs.
Who Should Attend
• Those who aspire to be forensic investigator
• Those who aspire to be an analyst in a Security Operation Centre (SOC)
Prerequisites
- Working knowledge for TCP/IP, Windows OS, Linux and security devices.
- Knowledge of current threats and trends present in the Information Security and Technology field.
SITizens Learning Credits (SLC) - Eligible Course
This course is SITizens Learning Credits (SLC) eligible. Please refer to the
user guide how to register for courses utilising your SLC.
Find out more about
SITizens Learning Credits (SLC).
Certificate and Assessment
A Certificate of Participation will be issued to participants who:
- Attend at least 75% of the course
- Undertake non-credit bearing assessment during the course
Frequently Asked Questions
What is hands-on training system?
Hands-on training system is the exercise lab for participants to conduct exercises. This system is comprised of attacker server, victim server (Linux and Windows) and client terminal (windows) and necessary tools for attack, analysis, investigation, and protection e.g., Metasploit, Wireshark, Process monitor, firewall and Suricata IDS are preinstalled.
What can I learn by using hands-on training system?
Participants can learn how to do analysis and protect from attack in the hands-on training system. For an example, in one of exercise, participants will execute real malware e.g., credential stealer Pony and analyse its behaviour which leads participants to think about protection.
How do I access to hands-on training system?
RDP is required to access to hands-on training system.
Will I share the hands-on training system with other?
No. one set of hands-on training system is allocated individually.
What is prerequisite of this course?
Basic knowledge for TCP/IP, windows OS, Linux and security devices. Knowledge of current threats and trends present in the Information Security and Technology field. We expect at least three years’ experience.
Is this course online or onsite?
It is online course. We use online conference tool, LMS (learning management system) and hands-on training system on cloud.
Does this course have an exam?
Yes. We have online quiz (multiple choice type) in each topic.
Schedule
Day 1: 14 Apr 2022
| Welcome and Registration |
| Introduction |
Basic knowledge for analysis
- Knowledge Regarding Packet Analysis and Exercise with Wireshark |
| Tea Break |
Basic knowledge for analysis
- Knowledge Regarding Packet Analysis and Exercise with tcpdump and TCPSlice |
| Lunch |
Basic knowledge for analysis
- Knowledge for Analyzing Sources |
| Tea Break |
Basic knowledge for analysis
- Knowledge Regarding Special Network Environments |
Basic knowledge for analysis
- Knowledge Regarding Cipher |
| End of Day |
Day 2: 15 Apr 2022
| Welcome and Registration |
Basic knowledge for analysis
- Knowledge Regarding Character Encoding |
Attack packet analysis
- Knowledge Regarding Packet Analysis |
| Tea Break |
Attack packet analysis
- Knowledge Regarding Packet Analysis Exercise (Port scanning, Heartbleed, SQL Injection) |
| Lunch |
Attack packet analysis
- Knowledge for Identifying Attacks Exercise (XSS, Password cracking, OS command Injection) |
| Tea Break |
Attack packet analysis
- Knowledge for Identifying Attacks Exercise (Path Traversal, Shellshock) |
| Extra Lab Time |
| End of Day |
Day 3: 21 Apr 2022
| Welcome and Registration |
Malware analysis
- Knowledge Regarding Representative Malware Communication |
| Tea Break |
Malware analysis
- Knowledge Regarding Representative Malware Communication and Exercise (Banking Malware, RAT) |
| Lunch |
Malware analysis
- Knowledge Regarding Representative Malware Communication and Exercise (Credential Stealer, Packet Forwarding) |
| Tea Break |
Malware analysis
- Knowledge Regarding Representative Malware Communication and Exercise (Worm) |
| Extra Lab Time |
| End of Day |
Day 4: 22 Apr 2022
| Welcome and Registration |
System log analysis
- Knowledge for Analyzing the Logs of Non-security Products and Exercise (Proxy log, Web server log) |
| Tea Break |
Deep Analysis (basic)
- Knowledge for Identifying Correlation Between Logs |
| Lunch |
Deep Analysis (basic)
- Knowledge for Performing Deep Inspections |
| Tea Break |
Deep Analysis (basic)
- Knowledge for Performing Deep Inspections and Exercise (large volume of packet) |
| Extra Lab Time |
| Closing and Feedback |
| End of Day |
Fees
| Category |
Full Fee |
After SF Funding |
| Singapore Citizen (Below 40) / Singapore PR |
$3,852.00 |
$1,155.60 |
| Singapore Citizen (40 & above) |
$3,852.00 |
$435.60 |
| Non-Singaporeans |
$3,852.00 |
Not Eligible |
Note:
- All figures include GST. GST applies to individuals and Singapore-registered companies.
- You can opt for either SkillsFuture Funding or Mid-Career Enhanced Subsidy. Both cannot be combined.
»
Learn more about funding types available
Terms & Conditions:
SkillsFuture Funding
To be eligible for the 70% training grant awarded, applicants (and/or their sponsoring organisations where applicable) must:
- Be a Singaporean Citizen or Singapore Permanent Resident
- Not receive any other funding from government sources in respect of the actual grant disbursed for the programme
SkillsFuture Mid-Career Enhanced Subsidy
To be eligible for the 90% enhanced subsidy awarded, applicants (and/or their sponsoring organisations where applicable) must:
- Be a Singaporean Citizen
- Be at least 40 years old
- Not receive any other funding from government sources in respect of the actual grant disbursed for the programme
SIT reserves the right to collect the balance of the programme fees (i.e. the potential grant amount) directly from the applicants (and/or their sponsoring organisations where applicable) should the above requirements not be fulfilled.
SIT reserves the right to make changes to published course information, including dates, times, venues, fees and instructors without prior notice.
