FOR572: Always Updating, Never at Rest

  • Webcast Aired Tuesday, 24 Mar 2020 3:30PM EDT (24 Mar 2020 19:30 UTC)
  • Speaker: Philip Hagen

FOR572, Advanced Network Forensics and Analysis, has recently been updated to reflect the latest investigative tools, techniques, and procedures available. In this webcast, Phil Hagen, the lead author of FOR572, will discuss the latest additions to the course. The latest lab advancements include a new lab to perform DNS profiling and anomaly detection from over 600,000 DNS log records, and TLS client profiling from over 200,000 records. These realistic datasets will give you the tools and workflows to address those collected in real-world environments. Other lab updates include new versions of the SIFT, SOF-ELK(R), and Moloch platforms, and an all-new electronic workbook embedded in the SIFT VM itself. In all, the class has 14 hands-on labs and an all-day comprehensive, team-based capstone investigation covering nearly half of the class.

Newly explored topics in the course include tool-independent means of distinguishing a conversation between systems, identifying Unicode (and Emoji!) encoding in domain names, parsing JSON logs from Zeek and other platforms using the \jq" utility, and more.

Please join us for this look into the new version of FOR572, which will be at all scheduled course events!