Digital Forensics & Incident Response

CB110


5 Days

Download Full Syllabus Request a Quote
All Our Courses Now Also LIVE

Course Outline

The 5-day Digital Forensics & Incident Response course introduces participants to DFIR concepts and transfers goal-oriented use techniques. Participants will learn how to investigate an incident, how to gather supportive forensic data, and how to handle it. This course features hands-on simulations provided by @Cywar – a gamified training and assessment platform by HackerU Solutions.

Upcoming Meetings

Modules

Introduction to DFIR
  • Introduction to DFIR
  • DF vs IR vs TH
  • Incident Response planning
  • Targeted artifacts
  • DFIR use-cases
  • DFIR Toolset
  • SANS & NIST
Incident Response - Preparation
  • Defining assets & values
  • CIA
  • Risk management
  • Roles & Responsibilities
  • 4 & 6 stages of IR
  • Creating IR Plan
  • DRP & BCP
  • GRC
  • ATT&CK
  • Compliances – ISO, GDPR, HIPPA, PCI-DSS
Incident Response - Response
  • SOC Operation & Lifecycle
  • Identification & Scoping
  • Containment
  • Intelligence gathering
  • Eradication
  • Chain of custody
Data Acquisition
  • Dead System Analysis
  • Live System Analysis
  • Drive Cloning
  • Image Mounting
  • Memory Dumping
  • Evidence Documentation
Live Forensics
  • Artifacts on a Windows computer
  • Browser History
  • USB History
  • DNS Cache
  • Prefetch
  • MRU
  • Nirsoft
Windows Forensics
  • Windows DF Specifics
  • NTFS
  • ADS & MFT
  • File Carving
  • Registry Forensics
  • Forensics using powershell
Memory Analysis
  • Memory structure
  • Memory analysis tools
  • Volatility Breakdown & Usage
  • Process exploration
  • DLL inspection
  • Acquiring memory artifacts
Linux Forensics
  • Linux Filesystems
  • Network configuration
  • Login information
  • Bash history
  • Identifying Persistence
  • Logfile Analysis
File Upload
  • Windows EventLog
  • PowerShell logs
  • Timeline analysis
  • DF Timeline
  • Log2timeline
Threat Hunting – consider moving after Malware
  • Threat Hunting
  • Threat intelligence
  • Collecting IoCs
  • Malware characteristics
  • from DF to TH
  • Common Hiding Mechanisms
Network Forensics
  • Traffic interception & Network Evidence
  • Reverse Proxy
  • Wireshark
  • DF using Wireshark
  • Common Protocol Analysis
  • Zeek NSM
DFIR Simulation
  • DF lab & Recap

Prerequisites

  • Hands-on experience with Linux and Windows systems
  • A solid understanding of networking infrastructure

Upcoming Meetings

Participants will learn how to investigate an incident, how to gather supportive forensic data, and how to handle it.”
Download Full Syllabus

Target Audience

    • Israel
    • Poland
    • USA
    • Russia
    • India
    Skip to content