Compare courses
Register

Georgia Tech Professional Education

Digital Forensics for Incident Response

Available dates

Jun 2—3, 2020
2 days
Atlanta, Georgia, United States
USD 1295
USD 647 per day

Disclaimer

Coursalytics is an independent platform to find, compare, and book executive courses. Coursalytics is not endorsed by, sponsored by, or otherwise affiliated with Georgia Tech Professional Education.

Full disclaimer.

About the course

Designed as an introduction to digital forensics and incident response, this course explores forensic investigation using freely redistributable, open-source software tools. The course will focus on an analysis of equipment encountered in the enterprise as well as introductory recommendations for evidence acquisition and handling.

What You Will Learn

  • Activities and goals of Digital Forensics for Incident Response (DFIR)
  • Data acquisition processes and constraints
  • Evidence extraction and analysis
  • Live triage
  • Memory, networks, and dead disk forensics
  • Security information and event management

How You Will Benefit

  • Learn the fundamentals of digital forensics and incident response.
  • Understand how digital forensics and incident response fit into the overall security posture of the enterprise.
  • Discover how to operate a variety of available DFIR tools.
  • Develop practical skills through hands-on laboratory exercises.
  • Expertise to effectively respond to an incident.
  • Learn how to establish a new incident response program at an organization.

Content

OVERVIEW OF DFIR

  • Incident response
  • Digital forensics
  • Policy frameworks

APPLYING DF CONCEPTS TO IR

  • Data concepts
  • Data acquisition

DISK FORENSICS

  • Live triage
  • Disk imaging
  • Introduction to autopsy software
  • Data ingest

VOLATILE MEMORY FORENSICS

  • Memory forensics purpose and techniques
  • Introduction to volatility software
  • Introduction to memory capture acquisition

FILE CARVING

  • Introduction to file carving
  • Applications of file carving
  • File carving tools and techniques

NETWORK FORENSICS

  • Network forensics purpose and techniques
  • Introduction to network packet capture analysis in Wireshark

INTRODUCTION TO SECURITY INFORMATION AND EVENT MANAGEMENT (SIEM)

  • Introduction to SIEM
  • Where and how to implement SIEM
  • Overview of SIEM tools
  • Pivoting across multiple data sources and types

Who should attend

This course is designed for new information security professionals or incident response personnel who are conducting internal investigations and seeking to gain a digital forensics capability. Law enforcement or commercial investigative personnel seeking to learn new tools will also benefit.

Course reviews