Course Overview
Forensics and Incident Handling are constantly evolving and crucial topics in the area of cybersecurity. In order to stay on top of the attackers, the knowledge of Individuals and Teams responsible for collecting digital evidences and handling the incidents has to be constantly enhanced and updated.
This course is based on practical knowledge from tons of successful projects, many years of real-world experience and no mercy for misconfigurations or insecure solutions! Examples of tools, software and examples used during the course include Belkasoft RAM Capturer, Wireshark and Volatility.
Who should attend
IT professionals, Forensics and Incident Handling Specialists, Security Consultants, Enterprise Administrators, Infrastructure Architects, Security Professionals, Systems Engineers, Network Administrators and other people responsible for implementing network and perimeter security.
Course Objectives
This advanced training provides skills necessary to find, collect and preserve data in a correct manner, analyze it and get to know as much about the incident as possible. This is an intense hands-on course covering the general approach to forensics and incident handling, network forensics, important aspects of Windows internals, memory and storage analysis, detecting indicators of compromise and a proper way of reporting.
Course Content
- Introduction to Windows Internals
- Securing Monitoring Operations & Threat Hunting
- Handling Malicious Code Incidents
- Static Malware Analysis
- Behavioural Malware Analysis and Threat Hunting
- Network Forensics and Monitoring
- Memory: Dumping and Analysis
- Memory: Indicators of compromise
- Disk: Storage Acquisition and Analysis
- Malicious Non-Exe Files