Incident Response and Investigation

Category:

During this 5-day course you will learn to investigate and evaluate evidence in the same way that NSA analysts do it – starting with a critical thinking, criminology and data analysis, moving through crime scene intelligence and only then proceeding to the technical side of things. We turn security experts into advanced analysts and investigators.

Incident Response and Investigation is about helping decision makers make the right decision. That is what analysts do. They don’t just dive technically into evidence – they need to extract the right information, avoid different kinds of mental traps in coming to conclusions by thinking critically and then be able to present the evidence in a clear, concise and correct way to enable decision makers to make the right move.

Learning Objectives

Transition from a technical expert to a security analyst and investigator.
Learn how to collect, handle, analyze and report on evidence.
Learn how to analyze disk, logs, memory and network artifacts.

Learn to detect and avoid analysis pitfalls.
Learn how to investigate people.
Learn how to analyze malicious files – static and dynamic analysis of malware.

What is the target audience?

Law enforcement agencies – cyber crime investigation departments, prosecutors, investigators and analysts.
Corporate defense teams – SOC analysts, digital forensics and incident response teams (when developing a new team or when training new team members).
Individuals who want to transition from technical experts to computer crime investigation analysts.

This 5-day course has everything to get one started in the science of Digital Forensics and Incident Response.

Course Contents

During this 5-day course you will learn to investigate and evaluate evidence in the same way that NSA analysts do it – starting with critical thinking, criminology and data analysis, moving through crime scene intelligence and only then proceeding to the technical side of things. We turn security experts into advanced analysts and investigators.

Day 1

Intelligence Essentials

Sensemaking

Crime Scene Intelligence

Critical Thinking and Intelligence Analysis

Investigating People

Day 2

Common Terms

Necessary Tools and Documents

Ticketing System Management

Evidence Collection

Triage

On-Call Preparation

Day 3

Computer Forensics Tools

Evidence Collection

Log Analysis

Disk Forensics

Day 4

Network Forensics

Memory Forensics

Malware Analysis

Day 5

Preparing an Incident Presentation

Writing an Incident Report

Building relationships with partner organizations

Is prior investigation experience required?

No, but a prior knowledge and experience in computers and cyber security is required to understand and make best use of this course.

What kind of equipment does the student need to study this course?

A regular, modern computer capable of running 2 Virtual Machines at once is enough. 16 GB of RAM, Core i5/i7 CPU or newer is recommended.

Discounts for volume orders

— 28 February 2018

We offer discounts for high volume orders If you represent a law enforcement agency and want to train larger number of people in digital forensics and incident response, contact us, we will have a special offer prepared for you.

Be the first to add a review.

Please, login to leave a review

Add to Wishlist

Get course

$6,200

One Time Payment Available in "Single Course" plan Available in "Three Courses" plan

Enrolled: 34 students

Duration: 40 hours

Lectures: 21

Video: 25 hours

Level: Advanced

Monday	9:30 am - 6.00 pm
Tuesday	9:30 am - 6.00 pm
Wednesday	9:30 am - 6.00 pm
Thursday	9:30 am - 6.00 pm
Friday	9:30 am - 5.00 pm
Saturday	Closed
Sunday	Closed