Who should attend
This course is designed for new information security professionals or incident response personnel who are conducting internal investigations and seeking to gain a digital forensics capability. Law enforcement or commercial investigative personnel seeking to learn new tools will also benefit.
About the course
Designed as an introduction to digital forensics and incident response, this course explores forensic investigation using freely redistributable, open-source software tools. The course will focus on an analysis of equipment encountered in the enterprise as well as introductory recommendations for evidence acquisition and handling.
What You Will Learn
- Activities and goals of Digital Forensics for Incident Response (DFIR)
- Data acquisition processes and constraints
- Evidence extraction and analysis
- Live triage
- Memory, networks, and dead disk forensics
- Security information and event management
How You Will Benefit
- Learn the fundamentals of digital forensics and incident response.
- Understand how digital forensics and incident response fit into the overall security posture of the enterprise.
- Discover how to operate a variety of available DFIR tools.
- Develop practical skills through hands-on laboratory exercises.
- Expertise to effectively respond to an incident.
- Learn how to establish a new incident response program at an organization.
OVERVIEW OF DFIR
- Incident response
- Digital forensics
- Policy frameworks
APPLYING DF CONCEPTS TO IR
- Data concepts
- Data acquisition
- Live triage
- Disk imaging
- Introduction to autopsy software
- Data ingest
VOLATILE MEMORY FORENSICS
- Memory forensics purpose and techniques
- Introduction to volatility software
- Introduction to memory capture acquisition
- Introduction to file carving
- Applications of file carving
- File carving tools and techniques
- Network forensics purpose and techniques
- Introduction to network packet capture analysis in Wireshark
INTRODUCTION TO SECURITY INFORMATION AND EVENT MANAGEMENT (SIEM)
- Introduction to SIEM
- Where and how to implement SIEM
- Overview of SIEM tools
- Pivoting across multiple data sources and types
Because of COVID-19, many providers are cancelling or postponing in-person programs or providing online participation options.
We are happy to help you find a suitable online alternative.