OSIA - Operating Systems Intrusion Analysis

OSIA - Operating Systems Intrusion Analysis Course Description

Duration: 5.00 days (40 hours)

Price: $3,495.00

While the security industry and professionals continue to seek the silver bullet solution to all Intrusion Detection System pitfalls, the reality is there is no solution that eliminates human decision making as part of the analysis process. Too many companies forget this, investing heavily in the infrastructure without making a comparable investment in their analytical personnel. Even large companies make the mistake of relying on the machine rather than the analyst.

Discovering exactly how a hacker has infiltrated a system can be difficult without previous information about the system in question. This course teaches students how to correctly baseline an operatingsystem and save information that can be used later to confirm whether or not an intrusion has taken place. Additionally this course teaches the fundamental commands and tools that can be used to investigate common areas that reveal intrusions or lead to further analysis of the system. Both the Windows and Linux Operating Systems covered in the course.

Next Class Dates

Contact us to customize this class with your own dates, times and location. You can also call 1-888-563-8266 or chat live with a Learning Consultant.

Back to Top

Intended Audience for this OSIA - Operating Systems Intrusion Analysis Course

  • » Incident Responders who need to quickly address a security breach
  • » Forensic Investigators who need to identify malicious intrusions
  • » Exploitation Analysts needing operating system knowledge
  • » Malware Analysts requiring a thorough understanding of operating system instrusions

Back to Top

OSIA - Operating Systems Intrusion Analysis Course Objectives

  • » Proactive Auditing / Monitoring
  • » Establishing a Baseline
  • » Looking for Signs of Intrusions
  • » Evidence of Rootkits
  • » Examining Log Files
  • » Examining User and Group Accounts
  • » Auditing Services and Daemons
  • » MD5, SHA1 Hashing
  • » Digital Signature Verification

Back to Top

OSIA - Operating Systems Intrusion Analysis Course Outline

      1. Windows Intrusion Analysis
      2. Understanding Disk Drives
      3. Track Sectors
      4. Geometric Sectors
      5. CHS Calculation
      6. Sector Zoning
      7. Microsoft File Structures
      8. FAT and NTFS
      9. Logical Partitions
      10. Partition Tables
      11. Disk Editors
      12. Master Boot Record
      13. NTFS Data Streams
      14. NTFS Encrypted File System
      15. Understanding the Boot Sequence
      16. Microsoft Windows Registry
      17. Files associated with the registry
      18. Registry Structure and Elements
      19. Registry use in boot process
      20. Registry Security
      21. Using Reg.exe
      22. Windows Intrusions
      23. Baselining a Windows System
      24. Finding Rootkits
      25. Log File Reviews
      26. User Account and Group Auditing
      27. Unauthorized User Rights
      28. Auto-Start Applications
      29. Registry Startup Keys
      30. Unauthorized Services
      31. Windows Management Information Console
      32. Legacy Files
      33. Hashing Files
      34. Digital Signatures
      35. Network Configuration Alteration
      36. Unauthorized Shares
      37. Unauthorized Scheduled Jobs & Processes
      38. Hidden / Unusual Files
      39. Altered Permissions on Files
      40. Memory Forensics
      41. Volatility Principle
      42. Locards Exchange Principle
      43. Order of Volatility
      44. Memory Analysis
      45. Virtual Address Descriptor
      46. VAD Tree
      47. Parsing the VAD
      48. Windows Memory Imaging Tools
      49. MDD
      50. WinDD
      51. Windows Memory Forensics Toolkit
      52. Linux Memory Imaging Tools
      53. DD
      54. Second Look
      55. Idetect
      56. Memory Analysis Tools
      57. Volatility
      58. Moonsols
      59. FTK
      60. Web Browser Forensics
      61. Web Browsing History
      62. Cookies
      63. Temporary Internet Files
      64. Open Source Tools
      65. Pasco
      66. Galleta
      67. Index.dat Files
      68. History Locations
      69. Linux Intrusion Analysis
      70. Linux O/S Fundamentals
      71. Linux Evolution
      72. Linux History
      73. Linux Boot Sequence
      74. BIOS
      75. Boot Loader
      76. Kernel Initialization
      77. Init Program
      78. Shell Startup
      79. Disk Imaging
      80. Using DD To Image Disks
      81. File System Identification
      82. Five Ways to Identify File Systems
      83. Mount Command
      84. File Command
      85. CAT Command
      86. FSCK Command
      87. DF Command
      88. Indentifying Files and Contents
      89. File Hashing
      90. Identifying File Contents
      91. Strings Command
      92. Hexdump Command
      93. Linux Baselining
      94. Gathering O/S Information
      95. Getting Physical Memory Dump
      96. Taking Inventory of Loaded Kernel Modules
      97. Taking Inventory of Active Processes
      98. Examining Suspicious Processes
      99. Verifying Accounts
      100. Log File Analysis
      101. Auditing System Resource Usage
      102. SUID Binaries
      103. File Size Auditing
      104. Hidden Files
      105. Day 4: Reserved for Student Lab Time
      106. Instructor Demonstrations
      107. Student Practical Labs
      108. Day 5: Student Practical Demonstration:
      109. Students are given a multi-environment intrusion scenario to investigate using the knowledge, skills, and abilities taught from the 4 days of class. This scenario will have challenges in both Windows and Linux
      110. Lab Outline
      111. Day 1
      112. Master File Table Lab
      113. Diskview Lab
      114. Alternate Data Streams Lab
      115. Mining Registry Data From The Command Line
      116. Day 2
      117. Baselining a Windows System Lab
      118. Windows Intrusion Lab #1
      119. Windows Intrusion Lab #2
      120. Windows Intrusion Lab #3
      121. Windows Intrusion Lab #4
      122. Day 3
      123. Windows Memory Forensics Lab
      124. Windows Memory Imaging Lab
      125. Windows Intrusion Lab #5
      126. Windows Intrusion Lab #6
      127. Windows Intrusion Lab #7
      128. Windows Intrusion Lab #8
      129. Day 4
      130. Baselining a Linux System Lab
      131. Linux Intrusion Lab #1
      132. Linux Intrusion Lab #2
      133. Linux Intrusion Lab #3
      134. Linux Intrusion Lab #4
      135. Linux Intrusion Lab #5
      136. Day 5
      137. Student Practical Demonstration:
      138. Students are given a multi-environment intrusion scenario to investigate using the knowledge, skills, and abilities taught from the 4 days of class. This scenario will have challenges in both Windows and Linux

Back to Top

Do you have the right background for OSIA - Operating Systems Intrusion Analysis?

Skills Assessment

We ensure your success by asking all students to take a FREE Skill Assessment test. These short, instructor-written tests are an objective measure of your current skills that help us determine whether or not you will be able to meet your goals by attending this course at your current skill level. If we determine that you need additional preparation or training in order to gain the most value from this course, we will recommend cost-effective solutions that you can use to get ready for the course.

Our required skill-assessments ensure that:

  1. All students in the class are at a comparable skill level, so the class can run smoothly without beginners slowing down the class for everyone else.
  2. NetCom students enjoy one of the industry's highest success rates, and pass rates when a certification exam is involved.
  3. We stay committed to providing you real value. Again, your success is paramount; we will register you only if you have the skills to succeed.
This assessment is for your benefit and best taken without any preparation or reference materials, so your skills can be objectively measured.

Take your FREE Skill Assessment test »

Back to Top

Award winning, world-class Instructors

Carmille A.
- Highly-skilled in graphics and web software including Adobe CS3, CS4 & CS5 Photoshop, Dreamweaver, Illustrator, InDesign, Captivate, Acrobat and Quark; - Expert in Microsoft Office, including Excel, Word and PowerPoint. Licensed Application Instructor and Microsoft Certified Trainer since 2000. - Over 20 years of experience as Creative Director for multinational corporations such as McCann Erickson, Lintas, and Publicis. Bio: Carmille has been a Licensed Application Instructor and Microsoft Certified Trainer for years. She specializes in web development, business productivity and digital media applications such as SharePoint, Quark and the Adobe Creative Suite as well as numerous programming languages including XML, XHMTL, HTML and CSS. Carmille is passionate about educating and has a unique talent for making complex design and development principals seem "easy" to students from all levels of expertise. She currently teaches Adobe Graphic and Web Designer, Microsoft Office Specialist, SharePoint End User and the acclaimed Website Development Professional courses at NetCom Learning. Her 20+ years of experience as Creative Director for multinational corporations bring a special and innovative approach to her classes at NetCom Learning.
Charles W.
- Expert in Microsoft Office applications such as Excel, Word, PowerPoint, Outlook, Project, Visio, and Access as well as Adobe Graphic and Web Designer (InDesign, Acrobat, Photoshop, Illustrator, Dreamweaver and Flash Catalyst)
- Holds an A.A.S in Graphic Design as well as various Awards and Affiliations, including MCT, MCP, MCAS, and Office 2007 Master.
- Senior Lead Trainer for over 10 years.

Bio:

Charles is a Technical Trainer & Instructional Designer for over 10 years. He is a Microsoft Certified Trainer and dedicates himself to Microsoft Office applications such as Excel, Word, PowerPoint, Outlook, Project, Visio, and Access. He is also an Adobe specialist and holds a degree in Graphic Design.

Charles is well known for his high evaluation scores, achieving 8.75 out of 9 on a regular basis, teaching in one-on-one, instructor-led, and web-based environments; one of the reasons for his high evaluation is his expertise in increasing personnel performance by developing and implementing programs constructed from the job task analysis process. Charles currently teaches Adobe Graphic and Web Designer, and Microsoft Office Specialist courses at NetCom Learning.
Donna H.
- High-skilled trainer and speaker. Delivered presentations in Dubai, Tokyo, London, New York, and China.
- ITIL V3 Expert, teaching ITIL courses since 2005. More than 99% of her students have passed their ITIL Certification exams.
- Process Improvement Expert with more than 15 years of experience in the Support Center industry as a practitioner, consultant and certified trainer.

Bio:

Donna is an expert in project management and Process Improvement. Her amazing presentation skills have taken her around the world, giving arrangements in Dubai, Tokyo, London, New York and China to name a few. "The Donna", as she is known in the industry, has more than 15 years of experience in the Support Center industry as a practitioner, consultant and certified trainer.

Donna holds ITIL V3 Expert Certification and offers training and consulting services through NetCom Learning on Process Improvement framework as well as the ITIL practitioner level suite of Lifecycle and Capability Stream certification courses. She began presenting ITIL classes in 2005, and 99% of her students have passed their ITIL Certification exams. Along with ITIL courses, she promotes best practices in the support center industry, focusing on customer service skills training, individual and support center certification, training and consulting, and process infrastructure improvement.
Ginger M.
- Bachelor's Degree in Accounting and a Masters of Business Administration from Rutgers University.
- Over 9 years of experience as a Master Certified Trainer. Expert in MS Dynamics GP Financials, Installation, HR/Payroll, Project Accounting, Inventory and Integration Manager.
- Project Manager to various MS Dynamics Great Plains implementations.

Bio:

Ginger holds a Bachelor's Degree in Accounting and a Masters of Business Administration from Rutgers University. Her career started as an Auditor for Deloitte & Touch and over the years she developed her passion for Microsoft Dynamics, implementing Dynamics GP and Project Cost in the Professional Services, Commercial Real Estate and Medical Facilities vertical markets.

Ginger's experience with Microsoft Dynamics is unparalleled. As a Certified Master Dynamics trainer, she stays abreast of the latest Dynamics modules and shares experience with a very hands-on training technique at NetCom Learning.
Hisham S.
- Masters Degree in Computer Science and several academic projects published over the years.
- Over 20 years of experience as a professor in local and foreign universities, and as a trainer focusing on Web Development.
- In-depth knowledge of programming, including MySQL, PHP, and AJAX.

Bio:

Hisham holds a Masters Degree in Computer Science, in addition to having more than 20 years of experience as a professor and a trainer. His proven expertise, including a position as a Professor of the Department of Computer Science at Minia University Egypt, and a Professor of the Department of Computer Science at City University of New York, in MySQL, PHP, and AJAX is beyond comparison.

As a NetCom Learning instructor, Hisham stays up to date with the latest news in Advanced Website Development. He shares his knowledge and experience in a very focused and clear way, which students find very enticing.
J Tom K.
- Software Developer and sought-after Microsoft Certified Trainer (MCT) with over 30 years of hands-on experience.
- Expert in Microsoft technologies: .NET Framework, C#, VB .NET, ASP .NET, XML Web Services, ADO .NET, SQL Server, SharePoint Portal Server, Content Management Server, Commerce Server, BizTalk, MSMQ, COM+, COM Migration to .NET and PocketPC development.
- Extremely knowledgeable and rated as excellent by NetCom Learning students.


Bio:

Tom Kinser is an accomplished Software Developer and sought-after Microsoft Certified Trainer (MCT). Tom is also an expert in successfully designing software, managing and training programmers for over 30 years.

Tom specializes in helping businesses, enterprises, and government agencies apply current technologies to solve their unique business problems. He accomplishes this via hands-on training in cutting-edge programming and database design techniques. Tom consistently delivers successful training engagements in both classroom and live-online settings and is rated as excellent by NetCom Learning students.
Joseph D.
- Highly-skilled Autodesk Certified Instructor; working with Autodesk Softwares since 1993.
- Expert in AutoCAD, Autodesk 3DS, Autodesk Revit, Mechanical Desktop, Inventor, and Architectural Desktop.
- Authored course materials for numerous Autodesk courses.

Bio:

Joseph is an Autodesk Certified Instructor specializing in developing and teaching Autodesk courses, with a working knowledge of such products as AutoCAD, Autodesk 3DS, Autodesk Revit, Mechanical Desktop, Inventor, and Architectural Desktop.

In addition to teaching and developing courses for the past 10 years, Joseph has authored course materials for many AutoDesk courses. He is also well versed in Inventor 8 and 9.

Joseph demonstrates a straightforward, down-to-earth teaching style in order to reach students at widely differing levels of expertise. His extensive product knowledge and exuberant teaching style makes Joseph a consistently highly rated instructor at NetCom Learning.
Michael G.
- Over 22 years of professional experience in the IT field, including more than a decade as a Certified Trainer.
- An expert in Cisco's Routing, Switching, Security, Voice and Wireless areas, as well as select Microsoft, Novell, CompTIA, Sun and CWNP courses.
- High-skilled and acclaimed instructor. Has trained over 900 students at Netcom Learning.

Bio:

Michael has over 22 years of professional experience in the IT field, including more than a decade as a Certified Trainer. An expert in Cisco's Routing, Switching, Security, Voice and Wireless areas, Michael also teaches select Microsoft, Novell, CompTIA, Sun and CWNP courses.

Michael's dedication and passion for teaching is unmatched. He has trained over 900 students at Netcom Learning since 2006 and his evaluation scores average 8.7 out of 9.
Paul B.
- Microsoft Office Specialist with over 14 years of training experience.
- Expert in the IT industry, working in the IT field since 1986.
- Highly rated instructor with an all-time average evaluation score of 8.7 out of 9.

Bio:

Paul is Subject Matter Expert specializing in the Microsoft Office Suite and SharePoint end-user technologies with more than 25 years of practical experience in the IT industry. He is also a Microsoft Certified Trainer (MCT) with over 14 years of training experience.

A sought-after instructor and eternal favorite among students, his instructor feedback scores are among the industry's highest at 8.7 out of 9.0. As a trainer, his knowledge and passion for the subject matter as well as his personable nature, excellent communications skills and sense of humor are implicit in every class. NetCom Learning is proud to have Paul on our roster of IT geniuses.
Ramesh P.
Ramesh holds a Masters Degree in Computer Science with specialization in Information Security and is pursuing his Doctoral degree in IT from the University of South Australia (UniSA). He is a one of a kind trainer - he has been working in the IT field since 1995 and is an expert in C#, VB.NET, ASP.NET, Java/J2EE, PL/SQL, VB, ASP, and XML technologies. Ramesh also has extensive experience developing and implementing BizTalk and SharePoint in large corporations, as well as more than 10 years experience working with Oracle and SQL server/Sybase databases. With more than 19 certifications, Ramesh is an IT guru and trainer with worldwide experience, which includes presentations and trainings across US, Asia, and Middle East. He is a full time instructor at NetCom Learning and we couldn't be happier in having him as one of our Subject Matter Experts.
Richard L.
- Over 20 years experience in the IT industry.
- CEH and Microsoft training for many government agencies, including the United States Department of Homeland Security, and the Federal Bureau of Investigation.
- CEH and Microsoft training for Fortune corporations such as Merrill Lynch and ADP.

Bio:

Richard is a premier Microsoft Certified Trainer and Certified EC-Council Instructor. He has over 20 years of experience as a network administrator, security consultant, vulnerability assessor, and penetration tester for assorted Fortune companies.

Richard??s knowledge on the development and implementation of policies and procedures concerning the security of network data is unsurpassed. He has conducted successful CEH and Microsoft training classes for many government agencies including the United States Department of Homeland Security, the Department of Justice and the Federal Bureau of Investigation, as well as Fortune enterprises such as Merrill Lynch and ADP.
Sam P.
- Team leader for the first undergraduate team to win the Duke Startup Challenge.
- Over 15 years of experience in the IT industry.
- NetCom Learning Instructor of the Year 2011.

Bio:

Sam Polsky has spent his entire career in entrepreneurial pursuits, including such fields as biotechnology, software development, data management, and business process management. He began in entrepreneurship as team leader for the first undergraduate team to win the Duke Startup Challenge, a business development competition geared towards Duke Universitys various graduate schools.

Sam Polsky has since co-founded a consulting firm where he has been involved in software architecture, development and implementation. On top of that, Sam has been delivering acclaimed solutions in software architecture, development and implementation for over 15 years. He is a much-admired Subject Matter Expert and Trainer at NetCom Learning and was voted NetCom Learning Instructor of the Year 2011
Jose P.
Jose Marcial Portilla has a BS and MS in Mechanical Engineering from Santa Clara University. He has a great skill set in analyzing data, specifically using Python and a variety of modules and libraries. He hopes to use his experience in teaching and data science to help other people learn the power of the Python programming language and its ability to analyze data, as well as present the data in clear and beautiful visualizations. He is the creator of some of most popular Python Udemy courses including "Learning Python for Data Analysis and Visualization" and "The Complete Python Bootcamp". With almost 30,000 enrollments Jose has been able to teach Python and its Data Science libraries to thousands of students. Jose is also a published author, having recently written "NumPy Succintly" for Syncfusion's series of e-books.

See more...   See more instructors...

Back to Top

Recent Client Testimonials & Reviews

The instructor did a great job keeping us on track. We covered a lot of material.

- Tony P.

Course(s) Taken

» Data Analytics with R Language

Very impressed with the instructor. I would take a course from him again.

- Lenny M.

Course(s) Taken

» Docker Administration and Operations Combo

The classroom environment was very good. The instructor was excellent.

- Bob D.

Course(s) Taken

» Docker Administration and Operations Combo

  More testimonials »  

Back to Top

Ways to contact us

Back to Top