Home >> Training >> Cyber Crime Incident Response Training
Term description:

Syllabus: Detailed syllabus is available.

Real-World Scenario (Course Overview):

Ojehtrade & Co., Inc., a multi-billion dollar brokerage firm with $789 billion in assets, based in New York, NY, with offices throughout the USA has recently suffered a massive computer intrusion. The target systems involved are running on Unix, Windows, and Mac OS X systems. Ojehtrade knew about this intrusion because the cyber criminals sent a message to the firm's executives demanding $5 million dollars in "ransom" and have threatened to contact the media and publish the compromised data online if their demands aren't met within 72 hours.

Ojehtrade is surprised, given the heavy investment in corporate IT security measures, that they were hacked. Your firm, The Forensics Gurus LLC, has been hired by Turner Worten Fitzgerald LLP, a prestigious law firm representing Ojehtrade to handle this high-profile investigation at a bill rate of $450/hr. As the senior incident responder, you have been asked to interrupt your long-scheduled Mediterranean cruise to lead this high-profile incident response engagement. The client wants to know:

  • What, if any, is the extent of the damage/compromise?
  • What data has been lost or compromised?
  • Where did the hacker(s) come from?
  • What is the timeline of the hacking activities?
  • What can be done to prevent intrusions in the future?

Incident Response is a time-consuming effort that requires specialized expertise, procedures, tools, and real-world investigative skills. NetSecurity's Hands-On How-To® Incident Response course teaches students the step-by-step process of locating, acquiring, preserving, analyzing, and producing solid digital evidence. The Hands-On How-To® Lab Exercises (HOHTLEs) covered in the course incorporate significant real-world experience necessary for delivering legally admissible world-class results in the field.

NetSecurity Benefits:

Through years of real-world hands-on cyber security, digital forensics, and incident response experience, NetSecurity has supported Fortune 500 companies and federal agencies such as the IRS, DHS, VA, BBG, DOL, NSF, and DoD. The benefits of our Hands-On How-To® Incident Response course include:

  • Skills to establish and fortify an organization's security, forensics, and incident response capabilities
  • Customized private sessions, tailored towards organizations' unique environments
  • Detailed step-by-step and how-to instructions
  • Instructor-led and student-performed hands-on exercises
  • Real-world simulations of investigating a compromised network
  • Seasoned expert instructors with real-world hands-on consulting and training experience
  • Arsenal of take-aways (tools, templates, guides, and relevant forensics resources)
  • Up-to-date course content, addressing emerging incident response challenges
  • Small class sizes ensuring maximum student-instructor interaction
  • Vendor-neutral content, covering commercial and freeware tools
Target Audience:

The Incident Response course is targeted towards technical professionals, including:

  • Computer Forensics Investigators
  • Incident Responders
  • Malware Analysts
  • Law Enforcement Personnel
  • Information Security Professionals
  • Compliance Officers
  • Auditors
Course Format:
  • Interactive presentations by security, forensics, and incident response expert instructor
  • Hands-On How-To® Lab Exercises performing computer forensics and incident response

Course Duration: Three (3) Days

Course Cost: CALL

Course Objectives:

Upon successful completion of the Hands-On How-To® Incident Response course, each participant will be armed with the knowledge, tools, and processes required in conducting incident response and producing reports that withstand legal scrutiny. Specifically, students will possess relevant knowledge and real-world hands-on skills in:

  • Incident Response Process
  • Legal Considerations
  • Evidence Collection
  • Evidence Preservation
  • Preparing Incident Response Tools
  • Hackers' Methods of Maintaining Presence (Persistence Methods)
  • System Compromise Indicators (Quickly Detecting and Confirming Intrusions)
  • Advanced Malware
  • Malware Analysis
  • Building Incident Response Tool Suite
  • Windows Registry Analysis
  • Forensics
Course Topics:

NetSecurity’s Incident Response course includes in-depth coverage of real-world scenarios and HOHTLEs in the following areas:

Topics Discussion and HOHTLEs
  • Incident Response Process
  • Preparation
  • Incident Readiness Planning
  • Identification
  • Containment     
  • Eradication
  • Recovery
  • Lessons Learned
  • Legal Considerations
  • Internet Laws and Statutes
  • Legal Concerns and Privacy Issues
  • Court Admissibility of (Volatile) Evidence
  • Evidence Collection
  • Volatile Data Collection
    • Pros and Cons of System Shutdown
    • Order of Volatility (Memory, Process, Network, Registry)
  • Hard Drive Imaging
    • Physical Image
    • Logical Image
    • Full/Partial Drive Encryption Scenarios
  • Documenting the Cyber Crime Scene
  • Collecting Additional Storage Devices, Sticky Notes, etc.
  • Evidence Preservation
  • Securing the Evidence
  • Chain of Custody
  • Preparing Incident Response Tools
  • Statically Linked Binaries
  • Import Library
  • Incident Response Tools Selection
  • Hackers’ Methods of Maintaining Presence (Persistence Methods)
  • Surviving Reboots
  • Autoruns
  • Services
  • Service Host Services
  • Stubpath
  • Scheduled Tasks
  • Windows Firewall
  • System Compromise Indicators (Quickly Detecting and Confirming Intrusions)
  • Firewall, IDS, etc.
  • Temporary Internet Files
  • Anti-Virus Logs
  • Hosts File
  • DNS Cache
  • Running Services
  • Critical Log Files
  • Network Connections
  • Memory
  • Recycled Bin
  • Hidden and Protected Files
  • Volatile Data
  • Collection and Analysis on a Live System
  • Collection and Analysis of Physical and Process Memory
  • Volatile Evidence in Incident Response
  • Court Admissibility of Volatile Evidence
  • Memory Forensics
  • Physical Memory Acquisition
  • Extracting and Examining Processes
  • Network Connections
  • Extracting Crucial Artifacts
  • Windows Registry Analysis
  • User Activity Reconstruction
  • Windows Registry Analysis
  • Monitoring Registry Changes
  • System Information
  • Users Activities
  • Autostart Locations
  • Network Analysis
  • Capturing and analyzing network packets
  • Leveraging IDS/IPs rules and signatures to detect attacks
  • Analyzing malicious payload in network packets
  • Forensics
  • Timeline Analysis
  • File Signature Analysis
  • Hash Analysis
  • Malware Analysis
  • Malware Taxonomy
  • Malware Threats
  • Malware Analysis Methodologies
  • Identifying and Protecting against Malware
  • Memory-Resident Malware
  • Memory Imaging Tools/Techniques
  • Memory Analysis Tools
  • Static Analysis
  • Dynamic Analysis
  • Malicious Document Analysis
  • Malware Challenges
  • Cyber Threat Intelligence
  • Developing and leveraging threat intelligence to detect, respond, and defeat sophisticated attacks
  • Automating threat detection and response
  • Building Incident Response Tool Suite
  • Building Trusted Toolkits
  • Testing the Tools

Detailed syllabus is available.

Course Schedule and Registration:

Course schedule and registration information is available here.

Back to Top