The SANS Institute will offer its first Middle East session of its highly regarded Forensics 558: Network Forensics at SANS Gulf Region in Dubai this October. The course, which has proved popular at events in the EU and the US, is a response to the growing targeting of organisations across the region by well-organised criminals.
“Enterprises all over the globe are compromised remotely by malicious hackers each day. Big names, including some prominent ones in the security, financial and military industry, have been compromised in the last few months with a huge impact for customers all around the globe. In this context, Network Forensics is playing a key role in detecting the incidents, determining the root causes, mitigating its impact and collecting and preserving evidence in a manner that can be presented in Court” comments Jess Garcia, SANS Certified Instructor for the 5 day course, “Credit card numbers, proprietary information, account usernames and passwords, and a wealth of other valuable data are surreptitiously transferred across the network. Now we have the opportunity to do something to detect it and stop it in time using Network Forensics techniques.”
Even though well-placed insider attacks may leverage cutting-edge covert tunnelling techniques to export data from highly secured environments, “Attackers' fingerprints remain throughout the network, in firewall logs, IDS/IPS, web proxies and traffic captures. Our Network Forensics course will teach students how to follow the attacker's footprints and analyze evidence from the network environment.”
Jess, a well-known name in the area of Computer Forensics, has worked for the last 6 years with top global organizations in Europe, USA, Latin America and the Middle East in a myriad of sensitive investigations and security projects. in areas such as Incident Response, Computer Forensics, Intrusion Detection and Malware Analysis, as well as some other areas of Information Security. Previously, Jess worked for 10 years as a systems, network and security engineer in the Spanish Space Agency, where he collaborated as a security advisor with the European Space Agency, NASA, and other international organizations.
The course is heavily oriented towards providing an intense hands-on program, with lots of exercises based on real world scenarios using tools such as tcpdump, snort, ngrep, tcpxtract, and Wireshark to understand attacks and trace suspect activity. Each student will be given a virtual network to analyze, and will have the opportunity to conduct forensic analysis on a variety of devices. To help students during and after the course, each attendee will receive a VMware SNIFT Virtualized Workstation, which is a fully-loaded, portable forensics virtual workstation, designed by network forensics experts and distributed exclusively to Forensics 558: Network Forensics students.
“The Middle East is going through a period of political change but it is essential that the public and private sector continue to function and provide confidence to partners and customers that critical IT systems are safe,” explains Garcia, “Network Forensics is an area that is growing consistently around the world and expanding the course into the Gulf region is a response to demand and feedback we have had from previous SANS attendees and corporate clients across the region.”