Five essential tools for Security Operation Centers (SOC)
Cyberattacks are on the rise. The companies are eager to build a Security Operation Center where the SOC Team will be responsible for monitoring and detecting security incidents. The Security Operation Center is in high demand for SOC Analysts (L1) and Sr. SOC analysts (L2). SOC analysts are responsible for monitoring the company’s infrastructure and responding to cyberattacks. Infosec Train offers training programs for SOC analysts in L1, L2, or L3. This SOC training course will teach you about devices, protocols and ports, as well as different types of SOC tools.
Below are some of the tools from SOC tools that you will learn in the SOC Analyst training program:
1) FTK: FTK stands to for forensic toolkit. It is a data-research and imaging tool that can be used to acquire data forensically, but create copies of the data without making any changes to the original evidence files. FTK imager features include the ability to create forensic images from local hard drives, preview the contents of images stored locally, and exporting files or folders from forensic file. FTK imager has an inbuilt checking function that creates a hash report to help verify the hash of evidence before and after creating the original Evidence image. FTK Imager can be downloaded by clicking the link below.
Clicking on the link above will take you to the following page. Once you click on the download button, it will allow you to download the file.
What are the benefits of FTK Imager
Process faster and more efficiently
FTK provides advanced memory and volatile analysis to aid
Forensic investigators and incident responders
FTK is the only solution for computer forensics that can be fully leveraged
Multithreaded, multicore computers
This toolkit allows you to recover passwords.
How to use FTK Imager Tool?
FTK imager can be used to create a forensic image
1) Click File and then create a disk picture.
2) Select the source to be used for an image and click Next.
3.) If you choose a Logical drive, choose a CD to be the source. Click on the drive you wish to use or browse to the image source. Then, click the Finish button.
4) Click add in the Create Image dialog.
5) Choose the type of image that you wish to create, and click “Next.”
6) In the “Evidence Item Info” Window, enter important information such as Case Number/Evidence number and Examiner’s full name. Click “Next.”
7) Type the location path to save the image file in the image destination field. Or click the browser to locate the desired location. The program will create one 1-gigabyte file if the “Image Fragment Size” of 1500 is used. This is evident because the drive being imaged is only 1 gigabyte. Once you’re done, click “Finish”.
8) Click Finish to return to the create an image dialog. Make sure that you check the option “Verify Images After They Are Created”. This will establish a hash of the resulting image.
9) To create our image file, click on “Start.”
10) Once the image has been successfully created, click on the view image summary to see the complete file information, including MD5 or SHA1 checksums.
2) Wireshark: Wireshark analyzes network packets. It was originally called Ethereal. It captures packets in the network and converts them to readable form. Wireshark offers features such as color coding, filters and many others that allow us to dig down to the roots and inspect individual packets. It is an open-source tool that can be used to develop and learn protocols. Its primary purpose is to inform people about how packets in the network are extracted.