Incident Response & Advanced Forensics

MicroCourse
Time
8 hours 6 minutes
Difficulty
Intermediate
CEU/CPE
4
Create Free Account

Video Description

This lesson covers how to capture the data in order to preserve evidence. Investigators need to be able to capture on screen data such as open files, task bar, open windows, system tray as well as gadgets and sidebars, system time and date. Collecting information following an incident needs to be thought of as a triage: know what information is being sought, what are the requirements and what will answer them and what techniques are needed to obtain the information? After the triage process, the data is imaged.

Up Next

10:36
Part 7 - Imaging concepts
12:37
Part 8 - Volatile Memory Capture
10:41
Part 9 - Forensics in Support of Incident Response
09:27
Part 10 - Formatting a disk for Incident Response
09:01
Part 11 - Using the FTK Imaging Software

Incident Response & Advanced Forensics

Incident response is an organized approach to addressing and managing the aftermath of a security breach or attack. Why do I need this certification? As a part of the Incident Response process, ...

Instructed By

Instructor Profile Image
Max Alexander
VP, Cybersecurity Incident Response Planning at JPMorgan
Instructor