Abstract
Course: ISIN 409 (Network Forensics and Analysis)
Student analysts create a Security Onion VM and configure it to replay and analyze malicious packet captures. This network activity generates alerts inside Security Onion tools that are used as the basis of an investigation.
An alert is selected from the queue for closer inspection, and an investigation is performed based on the assumption that the event occurred within a business environment. Students prepare a presentation that simplifies investigation findings and summarizes any recommendations for an executive-level target audience.
Preview
/
[pdf]