Days three and four are were PACKED. We learned about masking bits and doing some real forensics on some pcap files. I am combining the two days together because there is too much to walk through in detail. There are almost 300 slides! I had to cut out for over an hour both days as graduations were taking place.
The class culminated in the forensic work we did on a pcap file. I don’t want to ruin the ending for anyone who might take this class, but it was pretty difficult. Chris had us work through it on our own, then he would give hints, then we would work through it some more, and so on. In the end he stepped us through the story the packets were telling about a bad actor and intrusion. It’s both amazing and mind blowing. I know enough to be dangerous, enough to be confident to try, but not practiced enough to do this without some more time and experience. That’s the part of all this that’s difficult. I don’t do this in my day job, and it’s a use it or lose it kind of thing. I would like to find a way to use it daily so I improve. I’ll need to be creative.
I am so glad I took this class and I am going to sign up for some more.