MINISTRY OF DEFENCE FUNDING

	Enhanced Learning Credits Administration Service (ELCAS)
7Safe provides Level 7 (of 8) nationally recognised qualifications on the National Qualifications Framework.

The course

On this 3 day practical training course, extend your knowledge beyond conventional static computer forensics analysis. You will be guided through the process of conducting malware analysis, from the principles surrounding the different analysis environments and 7Safe's malware investigation methodology to investigating network activity stemming from malicious software infection. Delegates who successfully complete the exam included at the end of the training course will be awarded the Certified Malware Investigator (CMI) qualification.

Course Content

Analysis Environments
1. Identify and define the five analysis environments
2. Identify situations in which each of the investigation environments could be used effectively
3. Identify their respective levels of risk both to the original data as well as other systems
Malicious Software
1. Define the term "malicious software"
2. Identify and define different types of malicious software
3. Identify similarities and differences between different types of malicious software
Malware Investigation
1. Identify the stages of malware investigation
2. Critically assess the capabilities and limitations of anti-malware tools
3. Identify the different means of running software at system start-up
Methods of Deception
1. Identify mechanisms of malware delivery
2. Identify mechanisms of disguise
3. Identify client security circumvention
Mounted Analysis
1. Mounting forensic images as logical drives
2. Using malware scanners against the mounted image
3. Documenting the results of malware scans
4. Using online scanners for further clarification
Booted Analysis
1. Identify approaches to creating a booted analysis environment
2. Experiment with making a Virtual Machine
3. Identifying password implications
4. Identifying and explaining the potential differences between mounted and booted analysis results
Network Analysis
1. Identify key reasons for network analysis
2. Methods of building a network for analysis
3. Explaining network communication protocols
4. Using traffic analysis tools for network analysis
5. External Port Analysis
6. Identifying and explaining the potential differences between network and other analysis results
Virtualisation Malware
1. Explain how hardware Hypervisor support allows for virtualisation malware
2. Define Type I, Type II and Type III malware
Simplifying Complex Evidence
1. Aiming the report at a subject knowledge level fitting the target audience
2. Discuss a sample report outline

Highlights

CMI Malware Investigation course outline PDF
Download
PDF

Course outline

Read the Malware Investigation: Hands-On course outline to find out more about the many topics covered in CMI Malware Investigation Training

Frequently Asked Questions (FAQ)

Delegate Testimonials

"An excellent course delivered by an experienced and knowledgeable trainer"
IT Technical Specialist
UK building society

"An excellent, well-structured course delivered by an expert. The trainer was obviously well-versed in his discipline and imparted knowledge in a really user-friendly way."
IT Manager
UK university