Digital Forensics for Incident Response

Georgia Tech Professional Education

How long?

  • 3 days
  • online

What are the topics?

Georgia Tech Professional Education

Disclaimer

Coursalytics is an independent platform to find, compare, and book executive courses. Coursalytics is not endorsed by, sponsored by, or otherwise affiliated with any business school or university.

Full disclaimer.

Read more about Information Technology

Information technology is at the heart of any process connected to utilizing computers and communication systems. It is a quite broad term that is use...

Who should attend

This course is designed for new information security professionals or incident response personnel who are conducting internal investigations and seeking to gain a digital forensics capability. Law enforcement or commercial investigative personnel seeking to learn new tools will also benefit.

About the course

Designed as an introduction to digital forensics and incident response, this course explores forensic investigation using freely redistributable, open-source software tools. The course will focus on an analysis of equipment encountered in the enterprise as well as introductory recommendations for evidence acquisition and handling.

What You Will Learn

  • Activities and goals of Digital Forensics for Incident Response (DFIR)
  • Data acquisition processes and constraints
  • Evidence extraction and analysis
  • Live triage
  • Memory, networks, and dead disk forensics
  • Security information and event management

How You Will Benefit

  • Learn the fundamentals of digital forensics and incident response.
  • Understand how digital forensics and incident response fit into the overall security posture of the enterprise.
  • Discover how to operate a variety of available DFIR tools.
  • Develop practical skills through hands-on laboratory exercises.
  • Expertise to effectively respond to an incident.
  • Learn how to establish a new incident response program at an organization.

Content

OVERVIEW OF DFIR

  • Incident response
  • Digital forensics
  • Policy frameworks

APPLYING DF CONCEPTS TO IR

  • Data concepts
  • Data acquisition

DISK FORENSICS

  • Live triage
  • Disk imaging
  • Introduction to autopsy software
  • Data ingest

VOLATILE MEMORY FORENSICS

  • Memory forensics purpose and techniques
  • Introduction to volatility software
  • Introduction to memory capture acquisition

FILE CARVING

  • Introduction to file carving
  • Applications of file carving
  • File carving tools and techniques

NETWORK FORENSICS

  • Network forensics purpose and techniques
  • Introduction to network packet capture analysis in Wireshark

INTRODUCTION TO SECURITY INFORMATION AND EVENT MANAGEMENT (SIEM)

  • Introduction to SIEM
  • Where and how to implement SIEM
  • Overview of SIEM tools
  • Pivoting across multiple data sources and types

Digital Forensics for Incident Response at Georgia Tech Professional Education

From  $1,295

Something went wrong. We're trying to fix this error.

Thank you for your application

We will contact the provider to ensure that seats are available and, if there is an admissions process, that you satisfy any requirements or prerequisites.

We may ask you for additional information.

To finalize your enrollment we will be in touch shortly.

Disclaimer

Coursalytics is an independent platform to find, compare, and book executive courses. Coursalytics is not endorsed by, sponsored by, or otherwise affiliated with any business school or university.

Full disclaimer.

Read more about Information Technology

A large part of the courses provides basic information so the students are not required to have any IT qualifications before enrolling. Most of the IT learning programs are also broken down into specific areas of interest, such as systems analysis, a...

Because of COVID-19, many providers are cancelling or postponing in-person programs or providing online participation options.

We are happy to help you find a suitable online alternative.