|Classroom Live||Online Live||Onsite Training||Self-Paced|
Incident Response and Network Forensics Training Course Hands-on
Enosecurity offers this hands-on Incident Response and Network Forensics Training course that covers the essential information you need to know in order to properly detect, contain and mitigate security incidents. Security incidents are a way of life in the modern world, and how organizations respond to them makes a massive difference in how much damage is ultimately done. In this 5 day Incident Response and Network Forensics Training course, you learn the ins and outs of incident response, as well as the tools of the trade used by incident responders on a daily basis.
This Incident Response and Network Forensics Training course from Enosecurity helps you fully understand how systems are compromised and what traces are left behind by attackers on the network, on disk, and in volatile memory. The Incident Response and Network Forensics training course addresses cutting edge attack vectors as well as tried and true methods for compromise. You leave the 5 day course with the knowledge of how to prevent incidents and the skills to defend against a security incident if it does happen.
● If you are familiar with some aspects of this course, we can omit or shorten their discussion.
● We can adjust the emphasis placed on the various topics or build the course around the mix of technologies of interest to you (including technologies other than those included in this outline).
● If your background is nontechnical, we can exclude the more technical topics, include the topics that may be of special interest to you (e.g., as a manager or policy-maker), and present the course in manner understandable to lay audiences.
Duration: 5 days
Audience / Target Group:
• Incident responders needing to quickly address system security breaches
• Threat operations analysts seeking a better understanding of network based malware and attacks
• Forensic investigators who need to identify malicious network attacks
• Those individuals who want to learn what malicious network activity looks like and how to identify it
• The Incident Response Process
• Event/Incident Detection
• Sources of Network Evidence
• TCP Reconstruction
• Flow Analysis
• Log Analysis
• Firewall log Investigation
• Log Aggregation
• Network Artifact Discovery
• DNS Forensics and Artifacts
• NTP Forensics and Artifacts
• HTTP Forensics and Artifacts
• HTTPS and SSL Analysis
• FTP and SSH Forensics
• Email Protocol Artifacts
• Wireless Network Forensics
• Constructing your Live Incident Response Toolkit
• Perform Vulnerability Analysis
• The Incident Management Knowledgebase
• Timeline Analysis
• Triage & Analysis
• Volatile Data Sources and Collection
• Identify Rogue Processes
• Volatility Walkthrough
• Defensive review and recommendations
• Improving defenses
• Secure credential changing process and monitoring
• Increased monitoring period – when and how long
• Validate the system.
• Enable constituents to protect their assets and/or detect similar incidents.
• Report and coordinate incidents with appropriate external organizations
• CSIH Domains
Whether you are looking for general information or have a specific question, we want to help