FOR572 Introductory Lab Workbook: Advanced Network Forensics: Threat Hunting, Analysis, and Incident Response
Copyright ©2023, Lewes Technology Consulting, LLC. All rights reserved.
Foreword
This demonstration instance of the FOR572 electronic workbook contains optional introductory lab materials from SANS FOR572, Advanced Network Forensics: Threat Hunting, Analysis, and Incident Response. The course's labs are designed to address a hands-on application of concepts covered in the corresponding courseware and help students achieve the learning objectives the course and lab authors have established.
This material is intended for FOR572 students, but is provided as a public resource so the DFIR community can see how the FOR572 course approaches lab materials even if they are not enrolled in a class. For non-students, we certainly welcome you to the material and hope you find it useful! However, no support is provided for this material.
If you like this kind of hands-on guided lab material, take a look at SANS FOR572: Advanced Network Forensics: Threat Hunting, Analysis, and Incident Response, where we have 30+ hours of lab material, including an all-day Capstone lab with a massive amount of realistic evidence from a carefully executed attack that simulates a state-level adversary.
Not sure where to even start? Take a look at this video content that provides a convenient "on-ramp" to how FOR572 is written.
While FOR572 students are provided with a custom build of the Linux SANS SIFT Workstation virtual machine build specifically for their course, non-students are welcome to download the free Community Edition of the SANS SIFT Workstation virtual machine. Instructions that differ for the Community Edition will be annotated in the lab instructions below.
Enjoy!
Phil Hagen, Lewes Technology Consulting, LLC
SANS Faculty Fellow and FOR572 Course Author
Trademarks
- ©2023 Lewes Technology Consulting, LLC. All rights reserved.
- SOF-ELK® is a registered trademark of Lewes Technology Consulting, LLC. All rights reserved.