COURSE

Incident Response and Advanced Forensics

Course

Need some incident response training on your path to becoming a network engineer or cyber defense analyst? This course will introduce you to incident response and prepare you to conduct forensic collections. Learn how to develop protection plans, dive into insider and malware threats, and commence incident recovery.
Start Course
Start course for free
Full access included with 
Insider Pro
 and 
Teams

7

H

26

M
Time

advanced

i
Designed for learners who have no prior work experience in IT or Cybersecurity, but are interested in starting a career in this exciting field.
Designed for learners with prior cybersecurity work experience who are interested in advancing their career or expanding their skillset.
Designed for learners with a solid grasp of foundational IT and cybersecurity concepts who are interested in pursuing an entry-level security role.
Experience Level

7

i

Earn qualifying credits for certification renewal with completion certificates provided for submission.
CEU's

Enrollees

Learners at 96% of Fortune 1000 companies trust Cybrary

About this course

Read More

Skills you'll gain

Course Outline

1
Module 1 - Introduction to Incident Response
0
H
28
Min
1
Module 2 - Incident Response Policy
0
H
57
Min
1
Module 3 - Incident Handling
0
H
47
Min
1
Module 4 - Legal Aspects of Incident Response
0
H
44
Min
1
Module 5 - Forensics of Incident Response
2
H
28
Min
1
Module 6 - Insider Threat
1
H
14
Min
1
Module 7 - Malware
0
H
26
Min
1
Module 8 - Incident Recovery
0
H
22
Min
1
Course Assessment
0
H
30
Min

Part 1 - Malware incidents

Free

10m

Part 1- Incident Recovery

Free

14m

Part 1 - What is Insider Threat?

Free

11m

Part 1 - An Introduction to legal considerations of incident response

Free

8m

Part 1 - Forensics in Support of an Incident Response

Free

8m

Part 1 - An Introduction to Incident Handling

Free

10m

Part 1 - An Overall View of the Course

Free

8m

Part 1 - An Overview of Incident Response Policy

Free

8m

Part 2 - Setting up a Virtual Machine

Free

7m

Part 2 - Resiliency: The Answer to the Cyber Security Paradox

Free

8m

Part 2 - American Superconductor Case Study

Free

4m

Part 2 - The Phases of Investigation

Free

8m

Part 2 - Expectation of Privacy

Free

9m

Part 2 - CIRC Team Composition

Free

9m

Part 2 - The Elements of an Incident Response Policy

Free

11m

Part 2 - The Humans Behind Cyber Security Incidents

Free

10m

Part 3 - Dynamic Analysis

Free

10m

Part 3 - Indicators to identify an insider threat

Free

16m

Part 3 - Personally Identifiable Information (PII)

Free

10m

Part 3 - The Preservation Phase of Investigation

Free

10m

Part 3 - Incident Response Policies

Free

6m

Part 3 - The Role of Communication with Law Enforcement when it comes to security

Free

7m

Part 3 - The Sony Hack Case Study

Free

8m

Part 4 - Using Automated processes to look for indicators of in insider threats

Free

8m

Part 4 - Keys of Preservation

Free

9m

Part 4 - Giving notice to individuals

Free

10m

Part 4 - The REACT Principle

Free

8m

Part 4 - The Different Types of Incident Response Teams

Free

10m

Part 5 - Policy Enforcement

Free

8m

Part 5 - Volatile Data Considerations

Free

8m

Part 5 - Benefits of Information Sharing

Free

6m

Part 5 - Maintaining the Integrity of the Scene following an incident

Free

8m

Part 5 - Outsourcing Considerations

Free

8m

Part 6 - Policies and procedures

Free

9m

Part 6 - Capturing the data

Free

8m

Part 7 - The Respond Part of Incident Response

Free

7m

Part 6 - The Role of the Incident Response Manager

Free

9m

Part 7 - Policies and procedures (continued)

Free

10m

Part 7 - Imaging concepts

Free

11m

Part 7 - What does an Incident Response team do?

Free

5m

Part 8 - Policies and procedures (continued)

Free

8m

Part 8 - Volatile Memory Capture

Free

13m

Part 9 - Forensics in Support of Incident Response

Free

11m

Part 10 - Formatting a disk for Incident Response

Free

10m

Part 11 - Using the FTK Imaging Software

Free

9m

Part 12 - The Forensic Acquisition of Data from a PC

Free

8m

Part 13 - Navigating the H Drive

Free

11m

Part 14 - Obtaining the Windows Bitlocker Encryption Keys

Free

6m

Part 15 - Obtaining the Windows Bitlocker Encryption Keys (continued)

Free

5m

Part 16 - The Autopsy Program

Free

13m

Module 1 - Introduction to Incident Response
Heading
Module 1: Introduction
1
Hr
5
Min
Module 2 - Incident Response Policy
Heading
Module 1: Introduction
1
Hr
5
Min
Module 3 - Incident Handling
Heading
Module 1: Introduction
1
Hr
5
Min
Module 4 - Legal Aspects of Incident Response
Heading
Module 1: Introduction
1
Hr
5
Min
Module 5 - Forensics of Incident Response
Heading
Module 1: Introduction
1
Hr
5
Min
Module 6 - Insider Threat
Heading
Module 1: Introduction
1
Hr
5
Min
Module 7 - Malware
Heading
Module 1: Introduction
1
Hr
5
Min
Module 8 - Incident Recovery
Heading
Module 1: Introduction
1
Hr
5
Min
Course Assessment
Heading
Module 1: Introduction
1
Hr
5
Min
Part 1 - Malware incidents

10m

Module 7 - Malware
Part 1- Incident Recovery

14m

Module 8 - Incident Recovery
Part 1 - What is Insider Threat?

11m

Module 6 - Insider Threat
Part 1 - An Introduction to legal considerations of incident response

8m

Module 4 - Legal Aspects of Incident Response
Part 1 - Forensics in Support of an Incident Response

8m

Module 5 - Forensics of Incident Response
Part 1 - An Introduction to Incident Handling

10m

Module 3 - Incident Handling
Part 1 - An Overall View of the Course

8m

Module 1 - Introduction to Incident Response
Part 1 - An Overview of Incident Response Policy

8m

Module 2 - Incident Response Policy
Part 2 - Setting up a Virtual Machine

7m

Module 7 - Malware
Part 2 - Resiliency: The Answer to the Cyber Security Paradox

8m

Module 8 - Incident Recovery
Part 2 - American Superconductor Case Study

4m

Module 6 - Insider Threat
Part 2 - The Phases of Investigation

8m

Module 5 - Forensics of Incident Response
Part 2 - Expectation of Privacy

9m

Module 4 - Legal Aspects of Incident Response
Part 2 - CIRC Team Composition

9m

Module 3 - Incident Handling
Part 2 - The Elements of an Incident Response Policy

11m

Module 2 - Incident Response Policy
Part 2 - The Humans Behind Cyber Security Incidents

10m

Module 1 - Introduction to Incident Response
Part 3 - Dynamic Analysis

10m

Module 7 - Malware
Part 3 - Indicators to identify an insider threat

16m

Module 6 - Insider Threat
Part 3 - Personally Identifiable Information (PII)

10m

Module 4 - Legal Aspects of Incident Response
Part 3 - The Preservation Phase of Investigation

10m

Module 5 - Forensics of Incident Response
Part 3 - Incident Response Policies

6m

Module 3 - Incident Handling
Part 3 - The Role of Communication with Law Enforcement when it comes to security

7m

Module 2 - Incident Response Policy
Part 3 - The Sony Hack Case Study

8m

Module 1 - Introduction to Incident Response
Part 4 - Using Automated processes to look for indicators of in insider threats

8m

Module 6 - Insider Threat
Part 4 - Keys of Preservation

9m

Module 5 - Forensics of Incident Response
Course Description

In the Incident Response training course, students will be introduced to incident response, how to create and implement protection plans, how to investigate incidents forensically, insider and malware threats, and incident recovery.

What is Incident Response Training?

Incidence response refers to the strategized approach and processes that take place after an organization suffers some sort of security incident. The approach focuses on trying to minimize the negative impact of the cyberattack, as well as recovering any affected data and systems in the quickest and most effective way possible. Incident response usually also includes consideration for recovery costs.

What Does the Incident Response and Handling Course Cover?

In the Incident Response and Handling training course, students will focus on learning how to properly design, develop, and deploy security incident response plans. The course is designed to give all students a deep dive into incident response plans, with a skillset that they can take back to help their organizations immediately.

This is a self-paced course that will train students to make carefully considered, smart decisions after an incident has occurred. Students will learn about three important aspects of incident response: a business impact analysis, business continuity plan, and a disaster recovery plan. Upon completing the course, students should have an idea of how to become prepared for incidents and how to begin the mitigation process following them.

The Incident Response training is ideal for professionals working on an incident response team, system and network administrators, and anyone else who is interested in improving their incident management and network forensics skills.

This course has a total of 8 hours and 6 minutes of clock time, for which students earn 7 CEU/CPE. Students will receive a Certificate of Completion for the course.

Why is Incident Response and Handling Important?

Every organization needs professionals with incident response training because even the very best defenses can be breached. Organizations need a team of cybersecurity professionals who are up to date on the most current cyber threats and attacks, as well as security techniques. The proper training in incident response is the best way for organizations to achieve this. Severe attacks are occurring more frequently, and they are causing increasing amounts of damage. It is vital to be prepared, now more than ever before.

Not having an incident responder team in place can be extremely detrimental to an organization. Damage can range from loss of sensitive information, interrupted operations, costly fines, to a tarnished reputation and loss of customer trust. It’s important to remember that without training, new threats can strike, and no one will know what they are or how to defend against them.

The reality is, most cyberthreats can be mitigated when organizations employ an effective team of IT professionals. One of the most important parts of that team is incident response.

What Does and Incident Response Analyst Do?

An Incident Response Analyst can vary depending on the specific organization, its location, and size. However, there are some general duties that are usually assigned, including:

* Investigating and reporting on cybersecurity trends and issues. * Conducting forensic collections, intrusion correlation, threat analysis, and tracking direct system remediation as incidents happen. * Providing consistent examination of potential threats and incidents, and train employees and shareholders. * Evaluating incidents in terms of priority, including potential and possible threats and impacts. * Employing incident data to identify exposures and suggest mitigation approaches. * Evaluating logs for tracing and remediating any likely security risks. * Act as a technical liaison with law enforcement when necessary.

The above are simply general duties. Depending on the organization, Incident Response Analysts may be responsible for more or fewer duties.

How is it Best to Learn about Incident Response and Handling?

Students who are interested in learning about incident response, the applicable concepts and skills, should enroll in a training course like Cybrary’s Incident Response and Handling course. All of our courses are online and self-paced. Students can take as long as they need to fully understand the course material and concepts. Even students with a busy schedule can take this course, as they are able to access it at the times that work best for them.

If you are interested in starting this course, enroll by clicking the Register button at the top of this screen.

Train Your Team

Cybrary’s expert-led cybersecurity courses help your team remediate skill gaps and get up-to-date on certifications. Utilize Cybrary to stay ahead of emerging threats and provide team members with clarity on how to learn, grow, and advance their careers within your organization.

Cybrary For Business

Included in a Path

Included Cert Path

Instructors

Max Alexander
VP, Cybersecurity Incident Response Planning at JPMorgan
Read Full Bio
Learn

Learn core concepts and get hands-on with key skills.

Practice

Exercise your problem-solving and creative thinking skills with security-centric puzzles

Prove

Assess your knowledge and skills to identify areas for improvement and measure your growth

Get Hands-on Learning

Put your skills to the test in virtual labs, challenges, and simulated environments.

Measure Your Progress

Track your skills development from lesson to lesson using the Cybrary Skills Tracker.

Connect with the Community

Connect with peers and mentors through our supportive community of cybersecurity professionals.

Success from Our Learners

"Cybrary really helped me get up to speed and acquire a baseline level of technical knowledge. It offers a far more comprehensive approach than just learning from a book. It actually shows you how to apply cybersecurity processes in a hands-on way"

Don Gates

Principal Systems Engineer/SAIC

"Cybrary’s SOC Analyst career path was the difference maker, and was instrumental in me landing my new job. I was able to show the employer that I had the right knowledge and the hands-on skills to execute the role."

Cory

Cybersecurity analyst/

"I was able to earn my CISSP certification within 60 days of signing up for Cybrary Insider Pro and got hired as a Security Analyst conducting security assessments and penetration testing within 120 days. This certainly wouldn’t have been possible without the support of the Cybrary mentor community."

Mike

Security Engineer and Pentester/

"Cybrary really helped me get up to speed and acquire a baseline level of technical knowledge. It offers a far more comprehensive approach than just learning from a book. It actually shows you how to apply cybersecurity processes in a hands-on way"

Don Gates

Principal Systems Engineer/SAIC

"Cybrary’s SOC Analyst career path was the difference maker, and was instrumental in me landing my new job. I was able to show the employer that I had the right knowledge and the hands-on skills to execute the role."

Cory

Cybersecurity analyst/

"I was able to earn my CISSP certification within 60 days of signing up for Cybrary Insider Pro and got hired as a Security Analyst conducting security assessments and penetration testing within 120 days. This certainly wouldn’t have been possible without the support of the Cybrary mentor community."

Mike

Security Engineer and Pentester/

"Becoming a Cybrary Insider Pro was a total game changer. Cybrary was instrumental in helping me break into cybersecurity, despite having no prior IT experience or security-related degree. Their career paths gave me clear direction, the instructors had real-world experience, and the virtual labs let me gain hands-on skills I could confidently put on my resume and speak to in interviews."

Cassandra

Information Security Analyst/Cisco Systems

"I was able to earn both my Security+ and CySA+ in two months. I give all the credit to Cybrary. I’m also proud to announce I recently accepted a job as a Cyber Systems Engineer at BDO... I always try to debunk the idea that you can't get a job without experience or a degree."

Casey

Cyber Systems Engineer/BDO

"Cybrary has helped me improve my hands-on skills and pass my toughest certification exams, enabling me to achieve 13 advanced certifications and successfully launch my own business. I love the practice tests for certification exams, especially, and appreciate the wide-ranging training options that let me find the best fit for my goals"

Angel

Founder,/ IntellChromatics.

courses

Incident Response and Advanced Forensics

Need some incident response training on your path to becoming a network engineer or cyber defense analyst? This course will introduce you to incident response and prepare you to conduct forensic collections. Learn how to develop protection plans, dive into insider and malware threats, and commence incident recovery.
3
Share
Start CourseSubscribe for UpdatesNeed to train your team? Learn more
Start Course for FreeNeed to train your team? Learn more
7
26
M
Time
advanced
difficulty
7
ceu/cpe

Course Content

Course Description

In the Incident Response training course, students will be introduced to incident response, how to create and implement protection plans, how to investigate incidents forensically, insider and malware threats, and incident recovery.

What is Incident Response Training?

Incidence response refers to the strategized approach and processes that take place after an organization suffers some sort of security incident. The approach focuses on trying to minimize the negative impact of the cyberattack, as well as recovering any affected data and systems in the quickest and most effective way possible. Incident response usually also includes consideration for recovery costs.

What Does the Incident Response and Handling Course Cover?

In the Incident Response and Handling training course, students will focus on learning how to properly design, develop, and deploy security incident response plans. The course is designed to give all students a deep dive into incident response plans, with a skillset that they can take back to help their organizations immediately.

This is a self-paced course that will train students to make carefully considered, smart decisions after an incident has occurred. Students will learn about three important aspects of incident response: a business impact analysis, business continuity plan, and a disaster recovery plan. Upon completing the course, students should have an idea of how to become prepared for incidents and how to begin the mitigation process following them.

The Incident Response training is ideal for professionals working on an incident response team, system and network administrators, and anyone else who is interested in improving their incident management and network forensics skills.

This course has a total of 8 hours and 6 minutes of clock time, for which students earn 7 CEU/CPE. Students will receive a Certificate of Completion for the course.

Why is Incident Response and Handling Important?

Every organization needs professionals with incident response training because even the very best defenses can be breached. Organizations need a team of cybersecurity professionals who are up to date on the most current cyber threats and attacks, as well as security techniques. The proper training in incident response is the best way for organizations to achieve this. Severe attacks are occurring more frequently, and they are causing increasing amounts of damage. It is vital to be prepared, now more than ever before.

Not having an incident responder team in place can be extremely detrimental to an organization. Damage can range from loss of sensitive information, interrupted operations, costly fines, to a tarnished reputation and loss of customer trust. It’s important to remember that without training, new threats can strike, and no one will know what they are or how to defend against them.

The reality is, most cyberthreats can be mitigated when organizations employ an effective team of IT professionals. One of the most important parts of that team is incident response.

What Does and Incident Response Analyst Do?

An Incident Response Analyst can vary depending on the specific organization, its location, and size. However, there are some general duties that are usually assigned, including:

* Investigating and reporting on cybersecurity trends and issues. * Conducting forensic collections, intrusion correlation, threat analysis, and tracking direct system remediation as incidents happen. * Providing consistent examination of potential threats and incidents, and train employees and shareholders. * Evaluating incidents in terms of priority, including potential and possible threats and impacts. * Employing incident data to identify exposures and suggest mitigation approaches. * Evaluating logs for tracing and remediating any likely security risks. * Act as a technical liaison with law enforcement when necessary.

The above are simply general duties. Depending on the organization, Incident Response Analysts may be responsible for more or fewer duties.

How is it Best to Learn about Incident Response and Handling?

Students who are interested in learning about incident response, the applicable concepts and skills, should enroll in a training course like Cybrary’s Incident Response and Handling course. All of our courses are online and self-paced. Students can take as long as they need to fully understand the course material and concepts. Even students with a busy schedule can take this course, as they are able to access it at the times that work best for them.

If you are interested in starting this course, enroll by clicking the Register button at the top of this screen.

This course is part of a Career Path:
Become a SOC Analyst - Level 2
This Career Path is for a Security Operations Center Analyst (SOC Analyst). This particular Career Path covers a more intermediate-level SOC role. As a SOC Analyst, your primary duty is to ensure that the organization’s digital assets are secure and protected from unauthorized access. That means that you are responsible for protecting both online and on-premise infrastructures, monitoring data to identify suspicious activity, and identifying and mitigating risks before there is a breach. In the event that a breach does occur, a SOC analyst will be on the front line, working to counter the attack. This career path is aligned to the Cyber Defense Incident Responder NICE/NIST Work Role.

Instructed by

Provider
Cybrary Logo
Certification Body
Certificate of Completion

Complete this entire course to earn a Incident Response and Advanced Forensics Certificate of Completion

Coming mid-July
Cybrary Reimagined.
Level up with structured, role-aligned career paths.
ALL NEW!
Cybrary Reimagined.
Celebrate Cybersecurity Awareness Month with our buy 2, get 1 offer!
Level up with structured, role-aligned career paths.
Valid until October 31. Elevate your skills today!
Start Now
This is the default text value
career-paths
career-path

Heading

Heading 1

Heading 2

Heading 3

Heading 4

Heading 5
Heading 6

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur.

Block quote

Ordered list

  1. Item 1
  2. Item 2
  3. Item 3

Unordered list

  • Item A
  • Item B
  • Item C

Text link

Bold text

Emphasis

Superscript

Subscript

Start CourseNeed to train your team? Learn More
Start Path for FreeNeed to train your team? Learn More
This is some text inside of a div block.
Share

Purpose Statement

Cybrary Career Paths are comprehensive training programs designed to prepare you for the most in-demand roles in the cybersecurity workforce. Each path follows a Learn, Practice, Prove model and includes different activity types aligned to key topics within the path’s security domain. As you progress through the path, your progress will be measured in real time using Experience Points (XP) that serve as a comprehensive capability score for each topic. Upon completing all of the requirements for a path, you will be rewarded with a shareable digital badge via Credly.
This is some text inside of a div block.
This is some text inside of a div block.
M
Time
This is some text inside of a div block.
difficulty
This is some text inside of a div block.
ceu/cpe

Overview

Heading 1

Heading 2

Heading 3

Heading 4

Heading 5
Heading 6

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur.

Block quote

Ordered list

  1. Item 1
  2. Item 2
  3. Item 3

Unordered list

  • Item A
  • Item B
  • Item C

Text link

Bold text

Emphasis

Superscript

Subscript

Frequently Asked Questions
No items found.
What Will I Learn?
Foundations
Focused on the core IT competencies that cybersecurity professionals need to succeed in any career path.
Defensive Security
Focused on trying to find the bad guys. Topics such as threat intelligence, threat hunting, network monitoring, incident response. Defensive security is a reactive measure taken once a vulnerability is found through prevention, detection, and response.
Engineering and Operations
Focused on building and operating information systems.
Governance, Risk, and Compliance
Focused on the core IT competencies that cybersecurity professionals need to succeed in any career path.
Leadership and Management
Focused on program design and oversight. Covers project and program management.
Offensive Security
Focused on validating security controls by trying to break them (i.e. penetration testing or ethical hacking). Topics such as Kali Linux, metasploit, scanning, and privilege escalation. Offensive security seeks out the problem or vulnerability through ethical hacking and finds a solution to disable the operation.
Offensive Security
Focused on the core IT competencies that cybersecurity professionals need to succeed in any career path.
Path Outline

Heading 1

Heading 2

Heading 3

Heading 4

Heading 5
Heading 6

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur.

Block quote

Ordered list

  1. Item 1
  2. Item 2
  3. Item 3

Unordered list

  • Item A
  • Item B
  • Item C

Text link

Bold text

Emphasis

Superscript

Subscript

Course Outline

What Our Learners Are Saying

Join 3 million+ users, including 96% of Fortune 1000 companies who use our platform to upskill their teams. See what the buzz is about - start learning for free!

No items found.
This is some text inside of a div block.
threat-actor-campaigns
threat-actor-campaigns