Intro to Digital Forensics & Incident Response (DFIR01)

Intro to Digital Forensics & Incident Response (DFIR01)

Duration

3 Days

Formats Available

Live In-Person

Live Online

Job Target

Description

This eye-opening hands-on course provides a comprehensive overview of Digital Forensics and Incident Response (DFIR). The course starts with a review of recent incidents and how the IR and digital forensics were handled. Typical goals of IR and digital forensics are covered with an emphasis on defining what an “incident” is and the desired outcome of the incident response, based on risk and business objectives. Goals of DFIR range from placing a suspect behind a keyboard, to determining malware Indicators of Compromise (IOCs), or to merely recovering “as quickly as possible.”

The Incident Response Methodology, based on NIST (National Institute of Standards and Technology) Special Publication 800-61r2, Computer Security Incident Handling Guide, is investigated in the IR portion of this course. Each of the four primary IR Life Cycle Phases – (1) Preparation, (2) Detection & Analysis, (3) Containment, Eradication, & Recovery, and (4) Post-Incident Activity are addressed in detail, using sample incidents to facilitate class discussions. Part of Incident Response includes malware analysis and digital forensics.  Each major digital forensics phase – evidence acquisition, evidence analysis, reporting, and expert witness testimony is addressed. Numerous hands-on exercises, case studies, and challenges keep attendees engaged in a CTF (Capture the Flag) atmosphere. This hands-on environment provides ample opportunities for attendees to apply and practice concepts taught in the course.