Linux Forensics w/ Hal Pomeranz

Instructor: Hal Pomeranz
Course Length: 16-Hours
Format: Live Online or On-Demand

DESCRIPTION

Linux is everywhere– running in the cloud, on cell phones, and in embedded devices that make up the “Internet of Things”. Often neglected by their owners, vulnerable Linux systems are low-hanging fruit for attackers wishing to create powerful botnets or mine cryptocurrencies. Ransomware type attacks may target Linux-based database systems and other important infrastructure.

As attacks against Linux become more and more common, there is an increasing demand for skilled Linux investigators. But even experienced forensics professionals may lack sufficient background to properly conduct Linux investigations. Linux is its own particular religion and requires dedicated study and practice to become comfortable.

This 16-hour, hands-on course is a quick start into the world of Linux forensics. Learn how to use memory forensics to rapidly triage systems and spot attacker malware and rootkits. Learn where the most critical on-disk artifacts live and how they can help further an investigation. Rapidly process Linux logs and build a clearer picture of what happened on the system.

KEY TAKEAWAYS

• Acquiring and analyzing Linux memory
• Accessing complex Linux disk geometries
• Rapid triage for key Linux artifacts
• Linux log analysis

WHO SHOULD TAKE THIS COURSE

• Experienced forensic professionals wanting to expand their Linux knowledge
• SOC analysts needing a stronger grounding in Linux
• Administrators/developers defending Linux infrastructures

AUDIENCE SKILL LEVEL

This course is an introduction to Linux forensics, but not an introduction to forensics. The course assumes at least some knowledge of digital forensic methods, such as evidence acquisition. This course is heavily command-line driven, so basic familiarity with the Linux command-line is helpful.

STUDENT REQUIREMENTS

• High-speed Internet access
• A BitTorrent client for downloading course materials (e.g., Transmission https://transmissionbt.com/download/)
• A computer with at least 150GB of free space and capable of running a 64-bit VMware virtual machine using 4GB of RAM

WHAT EACH STUDENT SHOULD BRING

A properly configured computer and natural curiosity!

Live Online

Learn via live stream from instructors that are in the field utilizing the techniques they teach. Classes are split into four training days that are each four hours long. Live Online training includes six months access to dedicated class channels in the Antisyphon Discord server, six months access to live class recordings, a certificate of participation, and 12 months complimentary access to the Antisyphon Cyber Range.

On-Demand

Learn at your own pace with access to course content, lectures, and demos in the Antisyphon On-demand learning platform. Most courses are offered with lifetime access to the course and content updates. All On-demand courses include content update alerts, access to dedicated support channels in the Antisyphon Discord server, a certificate of participation, and 12 months complimentary access to the Antisyphon Cyber Range.

Live Online w/ On-Demand Bundle

This is the best of both worlds! Attend the live online class at its next scheduled interval and gain access to the online training modules in the Antisyphon On-demand training platform. Bundle also includes six months access to dedicated class channels in the Antisyphon Discord server, six months access to live class recordings, a certificate of participation, and 12 months complimentary access to the Antisyphon Cyber Range.

TRAINER & AUTHOR

Hal Pomeranz is an independent digital forensic investigator who has consulted on cases ranging from intellectual property theft, to employee sabotage, to organized cybercrime and malicious software infrastructures. He has spent more than thirty years providing pragmatic Information Technology and Security solutions for some of the world’s largest commercial, government, and academic institutions.

LIVE ONLINE CLASS SCHEDULE