What\\'s new on the FOR572 Horizon Stockholm and Beyond

  • Tuesday, 07 Mar 2017 11:00AM EST (07 Mar 2017 16:00 UTC)
  • Speaker: Philip Hagen

The forensic worlds moves quickly, and SANS classes are updated frequently to address a rapidly changing landscape. FOR572, Advanced Network Forensics and Analysis, had been freshly updated to include new tools and analytic processes.

The new courseware includes a heavy focus on the SOF-ELK platform for efficient and effective "big data" processing for log and NetFlow evidence. Students will also use the Moloch full-packet capture and analysis platform, providing a free and efficient method of loading existing pcap data or capturing live content.

Numerous additional tools have been updates within the SANS Linux SIFT Workstation, with custom modifications focused on network traffic analysis processes.

The course material also incorporates new protocol variants for HTTP, SMB, and more. Labs have been overhauled to leverage the new tooling and processes as well - helping you to get good findings faster.

In, this webcast, you'll learn what we've added as well as how FOR572 is continually evolving to meet the changing demands evident in your casework. Forensicators, security analysts, and investigators will all benefit. We're looking forward to you joining the webcast and hope to see you in class at Stockholm or another upcoming event as well.