• Academy Courses
• Contact Information
• Cyber Crime Conference
• Conference Opening Video
• DC3 in the News
• Academic Excellence Program
• Digital Forensic Challenge
• Dispatch News Feed
• Earn College Credit
• Employment at DC3
• Research & Testing Forms
• Speaker Request
• Submit a Case

IT250, Forensics and Intrusions in a Solaris Environment (FISE)

Who Should Attend:
Training is available to DoD and federal law enforcement intrusion analysts.

Prerequisites:
TT110 (INCH), RT120 (CIRC), and FT210 (WFE-E) or applicable Test outs

Duration:
10 Days

Course Description:
FISE is a scenario-based course that teaches students how to conduct detailed Solaris-based data analysis in a laboratory environment. Students conduct forensic media and log file analysis to determine the specifics of a Solaris-based intrusion. Topics also include hacking methodologies that are key to understanding an attack, case preparation, and management.

Objectives:

• Use tools and analysis techniques to analyze network traffic of an intruder and correlate the findings with forensic evidence found on a Solaris victim machine
• Prepare a forensic examination system running the Solaris operating environment
• Analyze a compromised system running the Solaris operating environment through the analysis of system and log files
• Complete a detailed intrusion analysis report

Topics Covered:

Network Server Security Practices

• Network Server Security Overview, Policy, and Procedures
• Operating System, Application, and Network Security

Identifying an Intrusion

• What is an Intrusion? Definition, Methods and Intruder Profiles
• Passive Reconnaissance
• Probing, Attacks, Advancement, Entrenchment, Infiltration and Extraction

System and Case Preparation

• Installation of Autopsy, The Coroner’s Toolkit, Ethereal and jpcap
• How to Access Digital Evidence
• Investigative considerations of the Case Jacket

System Analysis

• Identify Key Solaris Directories
• Unix File System
• Analyzing First Responder Data
• Beginning a Case with Autopsy
• Identifying System Information
• MAC Time and Hash Analysis
• Keyword Searching
• Searching for and Recovering Deleted Files with Autopsy and Lazarus
• Extracting and viewing System Logs with Autopsy

Log Analysis

• Understanding Network Traffic and the Fundamentals of Network Log Analysis
• Network Traffic Visualization
• Event Analysis
• Binary Log Analysis with Wireshark