Skip to main content

Live System Analysis

While there is undoubtedly a need for deep forensic analysis in the investigation of malware and operating system intrusions, an investigator must first know that there has been an intrusion before that activity can begin. Many organizations rely on technology to perform this task for them but there is no substitute for a well-trained analyst when it comes to identifying and investigating abnormal behavior on a system.

Live System Analysis teaches students how to identify abnormal activity and investigate a running system that may have been compromised. In this course, students will learn sound methodology coupled with the most useful commands and tools that can be employed during investigation to reveal significant indicators of infiltration, as well as how to create a system baseline to be used for future analysis. Both the Windows and Linux operating systems are covered in this course. Please note, there is significant overlap between this course and the Windows-only course "Windows System Analysis."

Request Course Details

Attending Students Will Learn

 After successfully completing this course, students will be able to:

  • Identify the core components of the operating system (OS) and ascertain their current state using built-in or other trusted tools
  • Analyze a running system and detect abnormal behavior relating to OS objects such as processes, handles, and network connections
  • Use event log analysis to verify and correlate the artifacts of anomalous behavior, and determine the scope of an intrusion
  • Use PowerShell to interact with the operating system and build scripts to automate repetitive analytic tasks
  • Create and use a system baseline to identify unexpected items such as rogue accounts or configuration changes

Who should attend

  • Incident Responders who need to quickly identify a security breach
  • Forensic Investigators needing to analyze the state of a running system
  • Malware Analysts requiring a thorough understanding of operating system intrusions


  • Familiarity with the use of desktop operating systems, including command-line experience in Windows and/or Linux
  • Working knowledge of TCP/IP networking

Courses That Follow

Request More Info About This Course


tweets by @FocalPointDR

Loading Tweets...