Forensics and Incident Handling - FOR


Forensics and Incident Handling are constantly evolving and crucial topics in the area of cybersecurity.In order to stay on top of the attackers, the knowledge of Individuals and Teams responsible for collecting digital evidences and handling the incidents has to be constantly enhanced and updated. This advanced training providesskills necessary to find, collect and preserve data in a correct manner, analyze it and get to know as much about the incident as possible. This is an intense hands-on course covering the general approach to forensics and incident handling, network forensics, importantaspects of Windows internals, memory and storage analysis, detecting indicators of compromise and a proper way of reporting.

error_outline Wichtige Information

Dieses Seminar wird in ENGLISCH gehalten!

expand_more chevron_right Zielgruppe

  • IT professionals
  • Forensics and Incident Handling Specialists
  • Security Consultants
  • Enterprise Administrators
  • Infrastructure Architects
  • Security Professionals
  • Systems Engineers
  • Network Administrators
  • other people responsible for implementing network and perimeter security

    expand_more chevron_right Vorkenntnisse

    • To attend this training, you should have a good hands-on experience in administering Windows infrastructure
    • At least 8 years in the field is recommended

    expand_more chevron_right Detail-Inhalte

    Introduction to Incident Handling
    • Types and Examples of Cybersecurity Incidents
    • Signs of an Incident
    • Incident Prioritization
    • Incident Response and Handling Steps
    • Procedures and Preparation

    IncidentResponse and Handling Steps
    • How to Identify an Incident
    • Handling Incidents Techniques
    • Incident Response Team Services
    • Defining the Relationship between Incident Response, Incident Handling, and Incident Management
    • Incident Response Best Practices
    • Incident Response Policy
    • Incident Response Plan Checklist
    • Incident Handling Preparation
    • Incident Prevention
    • Following the Containment Strategy to Stop Unauthorized Access
    • Eradication and Recovery
    • Detecting the Inappropriate Usage Incidents
    • Multiple Component Incidents
    • Containment Strategy to Stop Multiple Component Incidents

    Windows Internals
    • Introduction to Windows Internals
    • Fooling Windows Task Manager
    • Processes and threads
    • PID and TID
    • Information gathering from the running operating system
    • Obtaining Volatile Data
    • A deep dive to Autoruns
    • Effective permissions auditing
    • PowerShell get NTFS permissions
    • Obtaining permissions information with AccessChck
    • Unnecessary and malicious services
    • Detecting unnecessary services with PowerShell

    Handling Malicious Code Incidents
    • Count of Malware Samples
    • Virus, Worms, Trojans and Spywares
    • Incident Handling Preparation
    • Incident Prevention
    • Detection of Malicious Code
    • Containment Strategy
    • Evidence Gathering and Handling
    • Eradication and Recovery

    Network Forensics and Monitoring
    • Types and approaches to network monitoring
    • Network evidence acquisition
    • Network protocols andLogs
    • LAB: Detecting Data Thievery
    • LAB: Detecting WebShells
    • Gathering data from network security appliances
    • Detecting intrusion patterns and attack indicators
    • Data correlation
    • Hunting malware in network traffic
    • Encoding and Encryption
    • Denial-of-Service Incidents
    • Distributed Denial-of-Service Attack
    • Detecting DoS Attack
    • Incident Handling Preparation for DoS
    • DoS Response and Preventing Strategies

    Securing Monitoring Operationsand Evidence Gathering
    • Industry Best Practices
    • Objectives of Forensics Analysis
    • Role of Forensics Analysis in Incident Response
    • Forensic Readiness And Business Continuity
    • Types of Computer Forensics
    • Computer Forensic Investigator
    • Computer Forensics Process
    • Collecting Electronic Evidence
    • Challenging Aspects of Digital Evidence
    • Forensics in the Information System Life Cycle
    • Forensic Analysis Guidelines
    • Forensics Analysis Tools
    • Memory acquisition techniques

    Memory:Dumping and Analysis
    • Introduction to memory dumping and analysis
    • Creating memory dump -Belkasoft RAM Capturer and DumpIt
    • Utilizing Volatility to analyze Windows memory image
    • Analyzing Stuxnet memory dump with Volatility
    • Automatic memory analysis with Volatile

    Memory: Indicators of compromise
    • Yara rules language
    • Malware detonation
    • Introduction to reverse engineering

    Disk: Storage Acquisition and Analysis
    • Introduction to storage acquisition and analysis
    • Drive Acquisition
    • Mounting Forensic Disk Images
    • Virtual disk images
    • Signature vs. file carving
    • Introduction to NTFS File System
    • Windows File System Analysis
    • Autopsy with other filesystems
    • External device usage data extraction (USB usage etc.)
    • Reviving the account usage
    • Extracting data relate with the recent use of application, file etc.
    • Recovering data after deleting partitions
    • Extracting delete file and file related information
    • Extracting data from file artifacts like $STANDARD_INFORMATION etc.
    • Password recovery
    • Extracting Windows Indexing Servicedata
    • Deep-dive into Automatic Destinations
    • Detailed analysis of Windows Prefetch
    • Extracting information about program execution (UserAssist, RecentApps, Shimcache, appcompatcache etc.)
    • Extracting information about browser usage (web browsing history, cache, cookies etc.)
    • Communicator apps data extraction
    • Extracting information about network activity
    • Building timelines

    Reporting –Digital Evidence
    This module covers the restrictions and important details about digital evidence gathering. Moreover, a proper structure of digital evidence report will be introduced
    • expand_more chevron_right event_available 12.06.-16.06.2023 12.06.2023 Seminarzeitentimer5 Tage roomVirtual-Training (VILT)
      • expand_more chevron_right Virtual Classroom 3.500,00
        • Live Online Training im virtuellen Klassenraum
        • Live Vortrag inkl. Interaktion mit dem/der Trainer*in
        • Seminarunterlagen, Teamwork, Labs
        • Keine hohen Hardware Anforderungen, dennoch Zugriff auf die gewohnte professionelle Übungsumgebung
        • keine Anfahrt ins Seminarzentrum notwendig

    Ähnliche Seminare