Incident Response and Computer Forensics

Target, Anthem, OPM...just a few of many organizations that have been breached. Most organizations do not have a decent Incident Response plan in place. It is not a matter of if you will be breached, it is a matter of when. Recent studies have shown that the average medical record is worth over $350 on the black market. Stealing information is a lucrative business for cyber criminals.

This course prepares you for Incident Response so you can plan and respond appropriately, rather than play a victim of circumstance. The course also introduces you to digital forensics to aid in Incident Response planning and evidence acquisition and analysis. This course's primary objective is to provide an Incident Response framework that can be tailored for your environment. You will be compromised. Are you prepared?

Tools Include: Windows Forensics Toolchest (WFT), Incident Response Collection Report (IRCR2), First Responder’s Evidence Disk (FRED), First Responder Utility (FRU), Md5 Generator, File Recovery, Rootkit Revealer and many others.

Objectives

  • Understand the type of risks and best practices for preventing these risks
  • Learn how to monitor computer systems for evidence of malicious activity
  • Understand the steps involved in incident response process
  • Learn how to analyze data gathered during an investigation

Audience

This course is for system administrators, incident responders, cyber security professionals and anyone interested in both the technical and non-technical aspects of computer incident response and forensic analysis.

Prerequisites

IT Security Fundamentals or equivalent experience.

Outline

  • Introduction
    • Real-World Incidents
    • Incident Response Process
    • Preparing for Incident Response
    • Incident Response Detection
  • Data Collection
    • Live Collections
    • Forensic Duplication
    • Network-based Evidence
    • Evidence Handling
  • Data Analysis
    • Computer Storage Fundamentals
    • Data Analysis
    • Computer Investigations
    • Network Traffic Analysis
    • Hacker Tools
    • Forensic Reports

Duration

18 Hours (3 Days)

WebSanity Top Secret