• Classroom
  • Online, Instructor-Led
  • Online, Self-Paced
Course Description

This course takes two enormously challenging areas facing IT security professionals today: incidence response and virtualization and attempts to meld these together. Forensics is at the heart of incidence response, and therefore this training will focus on how to gather evidence relating to an incident - the what, when, where, who and why of an incident - within today's common virtual environments. Additionally, the course will take a deep dive into the virtual infrastructure, and contrast the various virtual entities against their physical counterparts. This will allow a clear demonstration of the forensically-relevant differences between the virtual and physical environments. The course uses a lab-centric, scenario-based approach to demonstrate how to forensically examine relevant components of a virtual infrastructure for specific use cases.

Learning Objectives

Participants will be able to apply forensically-sound best practice techniques against virtual infrastructure entities in the following use case scenarios:

  • Identifying direct evidence of a crime
  • Attributing evidence to specific suspects
  • Confirming (or negating) suspect alibis
  • Confirming (or negating) suspect statements
  • Determining (or negating) suspect intent
  • Identifying sources
  • Authenticating documents

Framework Connections