Course Description
Short Course | 12 hours | 1.2 CEUs | $950
This course provides an overview of incident response & computer forensics. Topics include everything from establishing policies and procedures to hands-on experience collecting data from live Windows machines. Several hands-on exercises utilizing various Forensics tools will be incorporated into the course to allow you to perform live forensic analysis on the operating system. Tools include various forensic filesystem analysis methods, memory analysis tools, and network protocol analytics, as well as an opportunity to put what you've learned to the test in a simulated compromise.
SEC400 is the fourth course in the Cybersecurity Professional Certificate. To complete the certificate students will also enroll in SEC100, SEC200, SEC300, & SEC500. Click on each course link for more details and to add to cart.
Course Outline
- Introduction to Incident Response and Forensics
- Real-World Incidents
- Case Studies
- Attack Lifecycle Phases
- Incident Response Process
- Incident Response Policy
- What is an Incident?
- Incident Response Goals
- NIST Incident Response Process
- Preparing for an Incident
- Pre-Incident Activities
- Data Collection
- Live Data Collection
- Evidence Handling
- Evidence
- Chan of Custody
- Evidence Integrity
- Network Evidence
- Network-based Evidence
- Goals of Network Monitoring
- Types of Network Monitoring
- Wireshark and Other Tools
- Memory Evidence
- Memory Forensics
- Memory Acquisition
- Redline
- Memory Analysis to Find Evil
- Zeus
- Stuxnet
- Storm Worm Rootkit
- TDSS Rootkit
- Remediation
- Remediation Workflow
- Remediation Owner
- Remediation Actions
- Putting it All Together
Prerequisites
- SEC100 Information Security Essentials or equivalent experience
Duration
12 Hours | 2 Days or 4 Nights
*Academic Unit eligibility to be determined by college/university in which you are enrolled in a degree seeking program.