Incident Response and Investigation

During this 5-day course you will learn to investigate and evaluate evidence in the same way that NSA analysts do it – starting with a critical thinking, criminology and data analysis, moving through crime scene intelligence and only then proceeding to the technical side of things. We turn security experts into advanced analysts and investigators.

Incident Response and Investigation is about helping decision makers make the right decision. That is what analysts do. They don’t just dive technically into evidence – they need to extract the right information, avoid different kinds of mental traps in coming to conclusions by thinking critically and then be able to present the evidence in a clear, concise and correct way to enable decision makers to make the right move.

Learning Objectives

  • Transition from a technical expert to a security analyst and investigator.
  • Learn how to collect, handle, analyze and report on evidence.
  • Learn how to analyze disk, logs, memory and network artifacts.
  • Learn to detect and avoid analysis pitfalls.
  • Learn how to investigate people.
  • Learn how to analyze malicious files – static and dynamic analysis of malware.

What is the target audience?

  • Law enforcement agencies – cyber crime investigation departments, prosecutors, investigators and analysts.
  • Corporate defense teams – SOC analysts, digital forensics and incident response teams (when developing a new team or when training new team members).
  • Individuals who want to transition from technical experts to computer crime investigation analysts.

This 5-day course has everything to get one started in the science of Digital Forensics and Incident Response.

Course Contents

During this 5-day course you will learn to investigate and evaluate evidence in the same way that NSA analysts do it – starting with critical thinking, criminology and data analysis, moving through crime scene intelligence and only then proceeding to the technical side of things. We turn security experts into advanced analysts and investigators.

Day 1

1
Intelligence Essentials
2
Sensemaking
3
Crime Scene Intelligence
4
Critical Thinking and Intelligence Analysis
5
Investigating People

Day 2

1
Common Terms
2
Necessary Tools and Documents
3
Ticketing System Management
4
Evidence Collection
5
Triage
6
On-Call Preparation

Day 3

1
Computer Forensics Tools
2
Evidence Collection
3
Log Analysis
4
Disk Forensics

Day 4

1
Network Forensics
2
Memory Forensics
3
Malware Analysis

Day 5

1
Preparing an Incident Presentation
2
Writing an Incident Report
3
Building relationships with partner organizations
No, but a prior knowledge and experience in computers and cyber security is required to understand and make best use of this course.
A regular, modern computer capable of running 2 Virtual Machines at once is enough. 16 GB of RAM, Core i5/i7 CPU or newer is recommended.

Discounts for volume orders

— 28 February 2018

  1. We offer discounts for high volume orders If you represent a law enforcement agency and want to train larger number of people in digital forensics and incident response, contact us, we will have a special offer prepared for you.


Be the first to add a review.

Please, login to leave a review
Add to Wishlist
Enrolled: 34 students
Duration: 40 hours
Lectures: 21
Video: 25 hours
Level: Advanced

Archive

Working hours

Monday 9:30 am - 6.00 pm
Tuesday 9:30 am - 6.00 pm
Wednesday 9:30 am - 6.00 pm
Thursday 9:30 am - 6.00 pm
Friday 9:30 am - 5.00 pm
Saturday Closed
Sunday Closed