• Classroom
  • Online, Instructor-Led
  • Online, Self-Paced
Course Description

This hands-on course will assists organizations in establishing computer security incident response capabilities and handling incidents efficiently and effectively. Students will learn incident handling, particularly for analyzing incident-related data and determining the appropriate response. Students will gain an understanding of security tools and technologies available for incident response and network forensics through hands-on lab work.

Learning Objectives

  • Preparation
  • Limiting The Number Of Incidents
  • Creating A Foundation For Incident Response
  • Network Time Protocol
  • Policies Specific to Incident Response
  • Central Logging Capability
  • Identity and User Account Management
  • Least Privilege
  • System Service
  • Account Management
  • Jump Kit
  • Communications
  • Initial Incident Reporting Structure
  • Incident Response T
  • EAM Issues
  • Operational Security
  • Circumstantial Information
  • Identification Attack Vectors
  • Identification Levels
  • Identification Challenges
  • Incident Analysis
  • Challenging Incident Documentation
  • Gathering Initial Information
  • Incident Prioritization
  • Functional Impact Categories
  • Information Impact Categories
  • Recoverability Effort Categories
  • Notification
  • Investigative Notes
  • Repository
  • Network Packet Analysis
  • Exploit Kits
  • Containment
  • Characterize The Incident
  • Choosing A Containment Strategy
  • Immediate Action Backups
  • Volatile Information
  • Legal Considerations
  • Warrantless Searches
  • Evidence Gathering and Handling
  • Data File Naming Structure
  • Forensic Images
  • Evidence Verification
  • Analysis of Incident Artifacts
  • Internal vs. External Network
  • Consistency Check
  • Identifying the Attacking Host
  • Eradication
  • Goal of Eradication
  • Combinations of Eradication
  • When to Rebuild Electronic and Digital Evidence
  • Crime Scene Integrity
  • Crime Scene Logo
  • Photo Logo
  • Field Sketch
  • Evidence Logo
  • Documenting the Device State
  • Cracking Passwords
  • Password Attacks?
  • Rainbow Tables?
  • Brute Force
  • Digital Forensics Considerations
  • Root Cause Identification
  • Social Engineering
  • Insider Threat
  • Characteristics Behavioral Indicators
  • Recovery / Hardening Aspects of Recovery From Malware Incidents
  • Recovery Considerations
  • Recommended Mitigations
  • Implementing
  • Monitoring Specific Insider Threat
  • Deterrence Methods
  • Follow-up Lessons Learned
  • Analysis
  • Security Policy Changes
  • Changes to Awareness Programs Software
  • Reconfiguration
  • Malware Detection Software
  • Deployment
  • Reporting
  • Using Collected Incident Data
  • Number of Incidents
  • Time Per Incident
  • Objective Assessment of Incidents
  • Subjective Assessment of Incidents
  • Incident Response Team
  • Audits
  • Evidence Retention
  • Anti-Forensics
  • Time Sensitive Data
  • Tails The Rubber Ducky

Framework Connections