Incident Response & Advanced Forensics

.banner-container.gbi--135500427-NcVfDXJybvShBN4AfRTKu:before { opacity: 1; background-image: url('//images.ctfassets.net/kvf8rpi09wgk/7uW2v6ixmTucwageODbFqR/c2285dfb0b5c94e76e8c0bd243215e0d/Incident_Response___Advanced_Forensics.jpg?w=800&q=70'); }

Create Free Account

NEED TO TRAIN YOUR TEAM? LEARN MORE

Time

8 hours 6 minutes

Difficulty

Intermediate

CEU/CPE

Incident response is an organized approach to addressing and managing the aftermath of a security breach or attack. Why do I need this certification? As a part of the Incident Response process, ...

Create Free Account

NEED TO TRAIN YOUR TEAM? LEARN MORE

Already have an account? Sign In »

Part 1 - An Overall View of the Course

10m

Part 2 - The Humans Behind Cyber Security Incidents

Part 3 - The Sony Hack Case Study

2.1An Overview of Incident Response Policy

10m

2.2The Elements of an Incident Response Policy

2.3The Role of Communication with Law Enforcement when it comes to security

2.4The Different Types of Incident Response Teams

2.5Outsourcing Considerations

2.6The Role of the Incident Response Manager

2.7What does an Incident Response team do?

3.1An Introduction to Incident Handling

3.2CIRC Team Composition

3.3Incident Response Policies

3.4The REACT Principle

3.5Maintaining the Integrity of the Scene following an incident

10m

3.6The Content of Notice

3.7The Respond Part of Incident Response

4.1An Introduction to legal considerations of incident response

4.2Expectation of Privacy

4.3Personally Identifiable Information (PII)

10m

4.4Giving notice to individuals

4.5Benefits of Information Sharing

4.6Forensics in Support of an Incident Response

5.1The Phases of Investigation

10m

5.2The Preservation Phase of Investigation

5.3Keys of Preservation

5.4Volatile Data Considerations

5.5Capturing the data

10m

5.6Imaging concepts

12m

5.7Volatile Memory Capture

10m

5.8Forensics in Support of Incident Response

5.9Formatting a disk for Incident Response

5.10Using the FTK Imaging Software

5.11The Forensic Acquisition of Data from a PC

10m

5.12Navigating the H Drive

5.13Obtaining the Windows Bitlocker Encryption Keys

5.14Obtaining the Windows Bitlocker Encryption Keys (continued)

13m

5.15The Autopsy Program

10m

6.1What is Insider Threat?

6.2American Superconductor Case Study

15m

6.3Indicators to identify an insider threat

6.4Using Automated processes to look for indicators of in insider threats

6.5Policy Enforcement

6.6Policies and procedures

6.7Policies and procedures (continued)

6.8Policies and procedures (continued)

6.9Malware incidents

6.10Setting up a Virtual Machine

6.11Dynamic Analysis

14m

6.12Incident Recovery

6.13Resiliency: The Answer to the Cyber Security Paradox

10m

7.1Introduction to SIEM

Reading Exercise

10m

8.1Responding to Cyber Security Incidents

Reading Exercise

10m

8.2Mastering Cyber Attribution

Reading Exercise

8.3Incident Response & Advanced Forensics

Assessment

What is Incident Response? Incident response is an organized approach to addressing and managing the aftermath of a security breach or attack. Why do I need this certification? As a part of the Incident Response process, professionals will need to establish a formal response process, along with how to capture, record and track incidents and understand what that data can reveal. What will I learn? The primary goal of this course is to prepare professionals for common knowledge of CIRT practices. Get your Incident Response and Advanced Forensics Certification Today: The Incident Response Micro Certification is developed to teach the best practices in identifying a security incident, as well as how to respond. Computer security incident activity can be defined as network or host activity that potentially threatens the security of computer systems. Generally speaking, most organizations have a Computer Incident Response Team (CIRT) in place to handle such incident, but regardless if of their existence in your organization or not, each company will need to define what a computer security incident is specific to their site. As a part of the Incident Response process, professionals will need to establish a formal response process, along with how to capture, record and track incidents and understand what that data can reveal. Likewise, you?ll learn how incident reporting contributes to improved training, improved security practices and what types of adverse impacts not having a sound incident response and reporting system would produce. The primary goal of this course is to prepare professionals for common knowledge of CIRT practices.