Incident Response & Advanced Forensics

Cybrary

MicroCourse

Incident response is an organized approach to addressing and managing the aftermath of a security breach or attack. Why do I need this certification? As a part of the Incident Response process, ...

Time

8 hours 6 minutes

Difficulty

Intermediate

CEU/CPE

NEED TO TRAIN YOUR TEAM? LEARN MORE

Join over 3 million cybersecurity professionals advancing their career

Facebook

Google

Already have an account? Sign In »

MicroCourse Content

Module 1: Introduction

Part 1 - An Overall View of the Course

Part 2 - The Humans Behind Cyber Security Incidents

10m

Part 3 - The Sony Hack Case Study

Module 2: Incident Response Policy

2.1An Overview of Incident Response Policy

2.2The Elements of an Incident Response Policy

10m

2.3The Role of Communication with Law Enforcement when it comes to security

2.4The Different Types of Incident Response Teams

2.5Outsourcing Considerations

2.6The Role of the Incident Response Manager

2.7What does an Incident Response team do?

Module 3: Incident Handling

3.1An Introduction to Incident Handling

3.2CIRC Team Composition

3.3Incident Response Policies

3.4The REACT Principle

3.5Maintaining the Integrity of the Scene following an incident

3.6The Content of Notice

10m

3.7The Respond Part of Incident Response

Module 4: Legal Aspects of Incident Handling

4.1An Introduction to legal considerations of incident response

4.2Expectation of Privacy

4.3Personally Identifiable Information (PII)

4.4Giving notice to individuals

10m

4.5Benefits of Information Sharing

4.6Forensics in Support of an Incident Response

Module 5: Incident Forensics

5.1The Phases of Investigation

5.2The Preservation Phase of Investigation

10m

5.3Keys of Preservation

5.4Volatile Data Considerations

5.5Capturing the data

5.6Imaging concepts

10m

5.7Volatile Memory Capture

12m

5.8Forensics in Support of Incident Response

10m

5.9Formatting a disk for Incident Response

5.10Using the FTK Imaging Software

5.11The Forensic Acquisition of Data from a PC

5.12Navigating the H Drive

10m

5.13Obtaining the Windows Bitlocker Encryption Keys

5.14Obtaining the Windows Bitlocker Encryption Keys (continued)

5.15The Autopsy Program

13m

Module 6: Insider Threat

6.1What is Insider Threat?

10m

6.2American Superconductor Case Study

6.3Indicators to identify an insider threat

15m

6.4Using Automated processes to look for indicators of in insider threats

6.5Policy Enforcement

6.6Policies and procedures

6.7Policies and procedures (continued)

6.8Policies and procedures (continued)

6.9Malware incidents

6.10Setting up a Virtual Machine

6.11Dynamic Analysis

6.12Incident Recovery

14m

6.13Resiliency: The Answer to the Cyber Security Paradox

Module 7: 0P3N

7.1Introduction to SIEM

Reading Exercise

10m

Module 8: CH4NN3LS

8.1Responding to Cyber Security Incidents

Reading Exercise

10m

8.2Mastering Cyber Attribution

Reading Exercise

10m

8.3Incident Response & Advanced Forensics

Assessment

MicroCourse Description

What is Incident Response? Incident response is an organized approach to addressing and managing the aftermath of a security breach or attack. Why do I need this certification? As a part of the Incident Response process, professionals will need to establish a formal response process, along with how to capture, record and track incidents and understand what that data can reveal. What will I learn? The primary goal of this course is to prepare professionals for common knowledge of CIRT practices. Get your Incident Response and Advanced Forensics Certification Today: The Incident Response Micro Certification is developed to teach the best practices in identifying a security incident, as well as how to respond. Computer security incident activity can be defined as network or host activity that potentially threatens the security of computer systems. Generally speaking, most organizations have a Computer Incident Response Team (CIRT) in place to handle such incident, but regardless if of their existence in your organization or not, each company will need to define what a computer security incident is specific to their site. As a part of the Incident Response process, professionals will need to establish a formal response process, along with how to capture, record and track incidents and understand what that data can reveal. Likewise, you?ll learn how incident reporting contributes to improved training, improved security practices and what types of adverse impacts not having a sound incident response and reporting system would produce. The primary goal of this course is to prepare professionals for common knowledge of CIRT practices.

Instructed By

Max Alexander

VP, Cybersecurity Incident Response Planning at JPMorgan

Instructor

Provider

Course Components

On Demand Videos to learn from industry leaders

Assessments to gauge understanding and comprehension

Certificate of Completion

Complete this entire course to earn a Incident Response & Advanced Forensics Certificate of Completion