Course Description
This course provides a comprehensive overview of incident response & computer forensics. Topics include everything from establishing policies and procedures to collecting data from live Windows and Unix machines. Several hands-on exercises utilizing the HELIX Forensics CD will be incorporated into the course to allow you to perform live forensic analysis on the operating system. Tools Include: Windows Forensics Toolchest (WFT), Incident Response Collection Report (IRCR2), First Responder’s Evidence Disk (FRED), First Responder Utility (FRU), Md5 Generator, File Recovery, Rootkit Revealer and many others.
SEC300 is the forth course in the Cybersecurity Professional Certificate. To complete the certificate students will also enroll in SEC100, SEC200, SEC300, & SEC500. Click on each course link for more details and to add to cart.
Course Outline
· Introduction to Incident Response and Forensics o
o Real-World Incidents o
o Case Studies
o Attack Lifecycle Phases
· Incident Response Process
o Incident Response Policy
o What is an Incident?
o Incident Response Goals
o NIST Incident Response Process
· Preparing for an Incident
o Pre-Incident Activities
· Data Collection
o Live Data Collection
· Evidence Handling o Evidence
o Chan of Custody
o Evidence Integrity
· Network Evidence
o Network-based Evidence
o Goals of Network Monitoring
o Types of Network Monitoring o Wireshark and OtherTools
· Memory Evidence
o Memory Forensics
o Memory Acquisition
o Redline
o Memory Analysis to Find Evil
§ Zeus
§ Stuxnet
§ Storm Worm Rootkit
§ TDSS Rootkit
· Remediation o Remediation Workflow
o Remediation Owner
o Remediation Actions
· Putting it All Together
Prerequisites
SEC100 Information Security Essentials or equivalent experience
Duration
12 Hours | 2 Days or 4 Nights
Applies Towards the Following Certificates
*Academic Unit eligibility to be determined by college/university in which you are enrolled in a degree seeking program.