• PA Consulting logo

Practical: Malware Analysis and Investigations

Put your malware knowledge into practice to improve your digital forensics skills with this practical course from PA Consulting.

A person analysing malware code on a computer
  • Duration

    5 weeks
  • Weekly study

    3 hours

Apply investigative methodology to malware

This five-week course will help you put your knowledge from the Digital Forensics and Incident Response (DFIR) Expert Track into practice.

You’ll learn to use investigation methodology in the context of malware to understand the practical steps to take to prevent a malware attack.

By exploring different analysis environments, you’ll learn how to set up the right kind of environment in order to extract the most information about the malicious software.

Learn how to detect network connections and collect network traffic

Malware is typically delivered over a network, so an understanding of network connections is vital in helping you prevent an attack.

You’ll explore practical methods to find malware connectivity, as well as the importance of collecting network traffic – the amount of data moving across a computer network.

Explore volatile vs static analysis

You’ll identify different types of malware analysis, such as volatile and static, to further your understanding of malware and the impact it can have on a system.

You’ll learn how to find suspect processes and files, and how to discover malware persistence mechanisms to help you remove malware as quickly and effectively as possible, should an attack occur.

By the end of the course, you’ll feel confident in applying your knowledge to practical situations to further your skills as a digital forensic investigator or cyber security incident responder.

Syllabus

  • Week 1

    Practical Malware Investigations

    • ExpertTrack Courses

      Introduction to ExpertTrack Learning

    • Welcome to the course

      Course welcome and instructor biography.

    • Week one introduction

      An introduction to the content of week one by the course author.

    • Quiz - Let's test your cyber knowledge

      Short quiz to understand the background knowledge required to become a competent malware investigator

    • Malware states

      A review of malware states

    • Analysis environments

      A look at analysis environments

    • Investigation methodology

      Malware investigation methodology

    • End of week test

      A short test to confirm week one learning points.

  • Week 2

    How to find malware connectivity

    • Week two introduction

      An introduction to the content of week two by the course author.

    • Ports (Malware connectivity)

      Malware connectivity

    • End of week two

      A short test to confirm week two learning points and a review of the week.

  • Week 3

    How to find suspect processes

    • Week three introduction

      An introduction to the content of week three by the course author.

    • Malicious processes

      Finding malicious processes

    • End of week three

      A short test to confirm week three learning points followed by a review of the week.

  • Week 4

    How to find suspect files

    • Week four introduction

      An introduction to the content of week four by the course author.

    • Finding suspect files

      Methods to find suspect files

    • End of week

      A short test to confirm week four learning points followed by review of the week.

  • Week 5

    How to find malware persistance

    • Week five introduction

      An introduction to the content of week five by the course author

    • Malware persistance

      Malware persistence

    • End of week five

      A short test to confirm week five learning points followed by a review of the week.

Learning on this course

On every step of the course you can meet other learners, share your ideas and join in with active discussions in the comments.

What will you achieve?

By the end of the course, you‘ll be able to...

  • Demonstrate an understanding of the different analysis environment types
  • Explore network connections and collect network traffic
  • Identify malicious processes
  • Develop processes and services to prevent malware persistence

Who is the course for?

This course is designed for anyone who has completed the Digital Forensics and Incident Response (DFIR) Expert Track.

It will help you gain an understanding of malware analysis to help protect your organisation from an attack.

Who will you learn with?

Steve is a incident response consultant who specializes in cyber and malware investigations. Steve also authors and delivers cyber technical training courses to both public and private sector clients.

Who developed the course?

PA Consulting

An independent firm of over 2,600 people, we operate globally from offices across the Americas, Europe, the Nordics, the Gulf and Asia Pacific.

Learning on FutureLearn

Your learning, your rules

  • Courses are split into weeks, activities, and steps to help you keep track of your learning
  • Learn through a mix of bite-sized videos, long- and short-form articles, audio, and practical activities
  • Stay motivated by using the Progress page to keep track of your step completion and assessment scores

Join a global classroom

  • Experience the power of social learning, and get inspired by an international network of learners
  • Share ideas with your peers and course educators on every step of the course
  • Join the conversation by reading, @ing, liking, bookmarking, and replying to comments from others

Map your progress

  • As you work through the course, use notifications and the Progress page to guide your learning
  • Whenever you’re ready, mark each step as complete, you’re in control
  • Complete 90% of course steps and all of the assessments to earn your certificate

Want to know more about learning on FutureLearn? Using FutureLearn