We may earn an affiliate commission when you visit our partners.
Cristian Pascariu

Traditional forensic analysis on endpoints is outpaced by modern attack techniques. This course will teach you how to efficiently identify and investigate malicious activity by performing live system analysis on processes and files.

Read more

Traditional forensic analysis on endpoints is outpaced by modern attack techniques. This course will teach you how to efficiently identify and investigate malicious activity by performing live system analysis on processes and files.

Covert attack techniques coupled with the use of legitimate processes and utilities require more advanced detection and analysis techniques. In this course, Security Event Triage: Analyzing Live System Process and Files, you’ll learn how to leverage endpoint detection tools and techniques to detect attacks that bypass traditional signature and rule-based capabilities. First, you’ll explore how malware establishes persistence on disk or via the registry. Next, you’ll discover how to detect malware that injects itself into legitimate processes. Finally, you’ll learn how to correlate running processes with network connections to identify malicious processes but also C2 communication channels. When you’re finished with this course, you’ll have the skills and knowledge of live system analysis needed for Continuous monitoring and detection.

Enroll now

What's inside

Syllabus

Course Overview
Defining Live System Analysis
Analyzing Host-based Indicators
Analyzing Live Processes and Services
Read more
Leveraging Memory Analysis
Correlating Security Events

Good to know

Know what's good
, what to watch for
, and possible dealbreakers
Taught by Cristian Pascariu, who are recognized for their work in security analysis
Explores advanced detection and analysis techniques for identifying malicious activity
Develops skills in live system analysis, which is highly relevant for endpoint detection and response
Provides hands-on labs and interactive materials for practical application of concepts
Covers a comprehensive range of topics related to live system analysis, including process and file analysis
Requires learners to come in with some background knowledge in security analysis

Save this course

Save Security Event Triage: Analyzing Live System Process and Files to your list so you can find it easily later:
Save

Activities

Be better prepared before your course. Deepen your understanding during and after it. Supplement your coursework and achieve mastery of the topics covered in Security Event Triage: Analyzing Live System Process and Files with these activities:
Find a mentor who can provide guidance on live system analysis
Identify an experienced professional who can provide guidance and support as you develop your live system analysis skills. This could be someone in your workplace, a member of a professional organization, or a teacher or professor.
Show steps
  • Identify potential mentors who have experience in live system analysis.
  • Reach out to potential mentors and introduce yourself.
  • Ask if they would be willing to mentor you.
Practice local system analysis
Complete a lab from a previous course or watch videos that show local system analysis techniques provided by resources such as Pluralsight.
Show steps
  • Choose a lab or set of videos to complete.
  • Take notes on any new techniques or concepts you encounter.
  • Practice the techniques you learned in the lab or videos.
  • Test your understanding by completing a quiz or assessment.
Join a study group for live system analysis
Participate in a study group or online forum to discuss live system analysis techniques, share resources, and get help from peers.
Show steps
  • Find a study group or online forum that focuses on live system analysis.
  • Introduce yourself and share your experience with live system analysis.
  • Participate in discussions and ask questions about live system analysis techniques.
  • Share your own knowledge and experience with the group.
Seven other activities
Expand to see all activities and additional details
Show all ten activities
Complete live system analysis practice exercises
Work through practice exercises to reinforce your understanding of live system analysis concepts and techniques. You can find practice exercises online or in textbooks.
Show steps
  • Find practice exercises that cover the live system analysis concepts you are learning.
  • Complete the exercises and check your answers against the provided solutions.
  • Review your answers and identify any areas where you need to improve your understanding.
  • Repeat steps 1-3 until you are confident in your understanding of the concepts.
Find and complete tutorials on security analysis
Following and completing security tutorials will help you solidify knowledge of endpoints and how to analyze them.
Browse courses on Security Event Triage
Show steps
  • Identify relevant tutorials on your favorite learning platforms.
  • Follow the tutorial steps carefully.
  • Practice the techniques covered in the tutorial.
Develop a cheat sheet for live system analysis tools
Create a reference document that summarizes the key tools and techniques for live system analysis, tailored to your specific needs. Reference Pluralsight materials for the tools.
Show steps
  • Identify the most common live system analysis tasks you perform.
  • Research the tools and techniques available for each task.
  • Create a cheat sheet that includes the following information for each tool:
  • Test your cheat sheet by using it to complete a live system analysis task.
Write a blog post about a live system analysis technique you've used successfully
Share your knowledge and experience with others by writing a blog post about a live system analysis technique you've used successfully. This will help you solidify your understanding of the technique and help others learn from your experience.
Show steps
  • Choose a live system analysis technique that you've used successfully.
  • Write a blog post that explains the technique in detail, including how to use it and what benefits it offers.
  • Share your blog post with others and get feedback from your peers.
  • Update your blog post based on the feedback you receive.
Practice detecting malicious activity in live systems
Continuously testing your ability to identify malicious activity will enhance your effectiveness.
Browse courses on Malware Detection
Show steps
  • Find a dataset of live system logs.
  • Analyze the logs for suspicious activity.
  • Identify malicious patterns and techniques.
  • Write a report on your findings.
Start a project to build a live system analysis tool
Develop a tool that automates or simplifies a specific live system analysis task. This will give you a deep understanding of the inner workings of live system analysis and help you develop your programming skills.
Show steps
  • Identify a specific live system analysis task that you want to automate or simplify.
  • Research existing tools and techniques that can help you complete the task.
  • Design and implement your own tool.
  • Test and evaluate your tool.
  • Share your tool with others and get feedback.
Participate in security analysis competitions
Participating in competitions will challenge you to apply your skills and improve your ability to detect and respond to security incidents.
Browse courses on Security Analysis
Show steps
  • Find security analysis competitions online.
  • Register for the competition and prepare for the challenge.
  • Work on the competition tasks.
  • Attend the competition and present your findings.

Career center

Learners who complete Security Event Triage: Analyzing Live System Process and Files will develop knowledge and skills that may be useful to these careers:
Computer Security Analyst
Computer security analysts plan and implement security measures to protect computer systems and networks. The course's instruction on analyzing live system processes and files, can aid one in understanding how malicious parties attempt to infiltrate computer systems and networks, and to take measures to protect against such attempts.
Information Security Analyst
Information Security Analysts design and implement security measures to protect information systems and networks from unauthorized access, use, disclosure, disruption, modification, or destruction. Through the analysis of live system processes and files, one will be better able to ascertain and interpret how malicious parties may attempt to infiltrate an organization's systems and networks. This course teaches the skills and knowledge needed for continuous monitoring and detection.
Malware Analyst
Malware analysts investigate and analyze malware to understand how it works and how to protect against it. This course, by teaching how to analyze live system processes and files, may be useful for a malware analyst to understand how malware operates.
Incident Responder
Incident responders are responsible for responding to security incidents. Through the analysis of live system processes and files, one can enhance their understanding of how to identify and respond to various security incidents.
Digital Forensics Analyst
Digital forensics analysts investigate computer systems and networks to find evidence of crimes. By teaching how to analyze live system processes and files, this course may be useful for a digital forensics analyst to understand how malicious parties attempt to infiltrate systems and networks.
Forensic Investigator
Forensic investigators collect and analyze evidence from computer systems and networks to help solve crimes. The analysis of live system processes and files is an important aspect of computer forensics, and is covered by this course.
Penetration Tester
Penetration testers identify and exploit vulnerabilities in computer systems and networks to help organizations improve their security. This course helps one gain an understanding of how to analyze live system processes and files, a skillset critical to the penetration tester who must understand how malicious parties attempt to infiltrate systems and networks.
Security Engineer
Security engineers design, implement, and maintain security systems for organizations. This course may be useful for a security engineer to better understand how malicious parties attempt to infiltrate systems and networks. 
Security Researcher
Security researchers develop new methods and techniques to protect computer systems and networks from attack. This course, by fostering an understanding of how to analyze live system processes and files, may prove useful to the security researcher looking to develop cutting-edge security solutions.
Security Auditor
Security auditors assess the security of computer systems and networks. This course, by offering instruction on how to analyze live system processes and files, can help one develop the skills necessary to assess the security of an organization's infrastructure.
Cybersecurity Architect
Cybersecurity architects design and implement security architectures for organizations. This course may be useful for a cybersecurity architect to gain a deeper understanding of how malicious parties attempt to infiltrate systems and networks.
Security Consultant
Security consultants help organizations to identify and address security risks. This course, which instructs one on analyzing live system processes and files, may help a security consultant to better understand how malicious parties attempt to infiltrate systems and networks. 
Network Security Engineer
Network security engineers design, implement, and maintain security for computer networks. This course may be useful for a network security engineer to understand how malicious parties attempt to infiltrate networks.
Information Security Manager
Information security managers plan and implement security measures for organizations. They may find the course's emphasis on analyzing live system processes and files to be useful for understanding and managing security risks.
Systems Administrator
Systems administrators are responsible for managing and maintaining computer systems and networks. They may find the course's coverage of live system processes and file system analysis to be useful for troubleshooting and maintaining systems.

Reading list

We've selected 15 books that we think will supplement your learning. Use these to develop background knowledge, enrich your coursework, and gain a deeper understanding of the topics covered in Security Event Triage: Analyzing Live System Process and Files.
Provides an in-depth look at rootkits, which are malicious software that can subvert the Windows kernel. It valuable resource for understanding the techniques used by attackers to gain control of a system and for developing strategies to detect and prevent rootkits.
Provides a comprehensive guide to malware forensics, which is the process of analyzing malicious code to identify and investigate its purpose and origin. It valuable resource for learning how to use malware forensics tools and techniques to detect and investigate malware.
A comprehensive guide to computer forensics and incident response, providing a foundational understanding of the field.
Provides an in-depth and comprehensive overview of the Windows operating system's architecture, processes, and threads. It is an excellent resource for understanding the fundamentals of how Windows works, which is essential for effective live system analysis.
Provides a comprehensive guide to security monitoring and incident response, which are two essential components of a comprehensive security program. It valuable resource for learning how to identify, respond to, and recover from security incidents.
Provides a comprehensive guide to computer forensics and incident response, which are two essential components of a comprehensive security program. It valuable resource for learning how to identify, respond to, and recover from security incidents.
Provides a comprehensive guide to Windows forensics, which is the process of investigating digital crimes on Windows systems. It valuable resource for learning how to use Windows forensics tools and techniques to investigate digital crimes.
Covers incident response from end to end, from preparation through documentation and all the relevant steps in between.
A comprehensive guide to memory forensics, suitable for practitioners who need to analyze memory dumps.
Provides a comprehensive guide to network security assessment, which is the process of identifying and evaluating the security of a computer network. It valuable resource for learning how to identify and mitigate network security risks.
Provides hands-on instruction for analyzing malware and helps learners gain practical experience in the field.
Provides a comprehensive guide to forensic analysis, which is the process of collecting, analyzing, and interpreting digital evidence to support a legal investigation. It valuable resource for learning how to use forensic analysis tools and techniques to investigate digital crimes.
Comprehensive guide to digital forensics and investigation, which are two essential components of a comprehensive security program. It valuable resource for learning how to identify, respond to, and recover from security incidents.
Provides a comprehensive guide to Linux forensics, which is the process of investigating digital crimes on Linux systems. It valuable resource for learning how to use Linux forensics tools and techniques to investigate digital crimes.
Provides a hands-on guide to open source digital forensics tools, useful for practitioners and beginners alike.

Share

Help others find this course page by sharing it with your friends and followers:
Our mission

OpenCourser helps millions of learners each year. People visit us to learn workspace skills, ace their exams, and nurture their curiosity.

Our extensive catalog contains over 50,000 courses and twice as many books. Browse by search, by topic, or even by career interests. We'll match you to the right resources quickly.

Find this site helpful? Tell a friend about us.

Affiliate disclosure

We're supported by our community of learners. When you purchase or subscribe to courses and programs or purchase books, we may earn a commission from our partners.

Your purchases help us maintain our catalog and keep our servers humming without ads.

Thank you for supporting OpenCourser.

© 2016 - 2024 OpenCourser