This course covers the fundamentals of live analysis forensics and
investigation for endpoints.
Hands-on activities span the entire forensics process, beginning
with a FireEye-generated alert, leading to discovery and analysis of
the host for evidence of malware and other unwanted intrusion.
Analysis of computer systems will be performed using FireEye products
and freely available tools.
For FireEye Endpoint Security customers, activities focus on
investigation techniques using features such as the Triage Summary and
Audit Viewer. Optionally, students can work with the API to automate
actions and explore integrating FireEye Endpoint Security with other systems.
After completing this course, learners should be able to:
- Describe methods of live analysis
- Use core analyst
features of Endpoint Security such as alerting, enterprise search,
and containing endpoints
- Demonstrate the ability to plan,
execute and report on digital forensic examination
- Investigate a Redline triage package using a defined
- Validate and provide further context for FireEye
- Identify malicious activity hidden among common
Who Should Attend
Network security professionals and incident responders who must use
FireEye Endpoint Security to investigate, identify and stop cyber threats.
A working understanding of networking and network security, the
Windows operating system, file system, registry and regular
expressions, and experience scripting in Python.
Endpoint Security Deployment eLearning