fbpx

InfoSec Incident Response and Network Forensics boot camp course

Advance your career in the field of cybersecurity by learning how to respond to cyber security incidents. 

InfoSec Incident Response and Network Forensics boot camp course provides the essentials needed to properly detect, contain and mitigate cybersecurity incidents in an organisation.  Course cover hand-ons on cyber range exercises.

Get Certified

› Course objectives:

Infosec’s Incident Response and Network Forensics Boot Camp covers the essential information you need to properly detect, contain and mitigate security incidents.

This boot camp course focues on teaching you the 5 key incident response steps;

› Plan – Preparing the right process, people and technology enables organizations to effectively respond to security incidents

› Identify – Scoping the extent of the incident and determining which networks and systems have been compromised; includes assessing the extent to which systems have been compromised

› Contain – Prevent the incident from further escalating using information gathered in the previous stage

› Eradicate – Remove intruder access to internal and external company resources

› Recover – Restore fully operational system capability and close out incident

Contact us for course brochure.

The skills learnt help with following cybersecurity job roles;

» Incident response professionals
» Network and system administrators
» Computer security incident response team (CSIRT) members
» Anyone interested in improving their network forensics and incident management skills

» The incident response process
» Building an incident response kit
» Event/incident detection
» Categorizing and prioritizing events
» Sources of network evidence
» TCP reconstruction
» Flow analysis
» NIDS/NIPS
» Vulnerability analysis
» Log analysis
» Firewall log investigation
» Log aggregation
» Network artifact discovery
» Identifying rogue processes
» DNS forensics and artifacts
» NTP forensics and artifacts
» HTTP forensics and artifacts
» HTTPS and SSL analysis
» FTP and SSH forensics
» Email protocol artifacts
» Wireless network forensics
» Defensive review
» Secure credential changing
» Reporting and coordinating incidents

» 100% Satisfaction Guarantee
» Five days live, expert instruction (live online or in-person)
» Immediate access to Infosec Skills from the minute you enroll to 90 days after your boot camp
» Learn by doing with 100s of additional hands-on courses and labs
» 90-day access to all boot camp video replays and materials
» Knowledge Transfer Guarantee

Pre-requisites:

» Firm understanding of the Windows Operating System
» Exposure to the Linux Operating System or other Unix-based operating system
» Grasp of the TCP/IP protocols

» One or more years of experience in incident handling or equivalent information security experience is recommended.

We recommend taking out Cybersecurity Foundation Course, 30 days before starting cybersecurity bootcamp course.

The course is available in 3 delivery methods;

  1. Online
  2. In person
  3. Team Onsite (for North America, Canada/USA only)

Infosec instructors have at least 10 years of industry training experience and are professionals with active roles in the
industry.

Come learn from industry experienced instructors!

› OPTION #1: Online bootcamp dates: 

Feb 21 – Feb 25

› Contact us for seat availability for selected date

› Custom course: We will mutually discuss a custom course schedule to fit your business required dates.

› Custom delivery: Virtual class room. In-person class is available. Travel costs will be extra.

Contact us for details.

› OPTION #1: Online bootcamp dates: 

Jul 11 – Jul 15

› Contact us for seat availability for selected date

› Custom course: We will mutually discuss a custom course schedule to fit your business required dates.

› Custom delivery: Virtual class room. In-person class is available. Travel costs will be extra.

Contact us for details.

› OPTION #1: Online bootcamp dates: 

Aug 15 – Aug 19

› Contact us for seat availability for selected date

› Custom course: We will mutually discuss a custom course schedule to fit your business required dates.

› Custom delivery: Virtual class room. In-person class is available. Travel costs will be extra.

Contact us for details.

› OPTION #1: Online bootcamp dates: 

Nov 28 – Dec 2

› Contact us for seat availability for selected date

› Custom course: We will mutually discuss a custom course schedule to fit your business required dates.

› Custom delivery: Virtual class room. In-person class is available. Travel costs will be extra.

Contact us for details.

Corporate:

If you have a larger team needing training, please contact us for a custom quote.

Custom schedule dates are available.

Contact us for details.

Individuals:

  1. Live instructor online bootcamp – $4500 usd

Contact us to Enroll

Achieving the Incident Response Certification Credential

Contact Us for details

Incident Response and Network Forensic boot camp course – Key Features

› InfoSec skills bootcamp course: Immediate access to Infosec Skills from the minute you enroll to 90 days after your boot camp

› Live Incident Response training: Five days of expert, live instructor Incident Response training

› Course material: 90-day extended access to all boot camp video replays and materials

› 100% Satisfaction Guarantee 

Practice your skills with hands-on labs

Perform vulnerability analysis and identify rogue processes

Conduct triage, improve systems, report on findings and more!

Incident Response and Network Forensic – course topics

Day 1

Plan
» Incident response planning fundamentals
» Building an incident response kit
» Incident response team components
» IR toolkits and appropriate implementation
» Threat Intelligence
» Cyber Kill Chain
» Agent-based IR
Identify
» Indications of an incident
» Triage
» Critical first steps
» Understanding chain of custody
Contain
» Documentation
» Written documentation and supporting media evidence
» Identification methods
» Isolation technical procedure best practices
» Containment
» Quarantine considerations for business continuity
Eradicate
» Eradication testing and the QA role
» Incremental backup compromise detection
» Operating system rebuilds
Recover
» Stakeholder identification in recovery process
» Post incident heightened monitoring tasks
» Special actions for specific incident types
» Incident record keeping
» Lessons learned
Constructing your live incident response toolkit
» Trusted command shells – Windows/Linux
» Remote shells
» PsExec vs PowerShell

Day 2

Event/incident detection
» Develop an incident response strategy and plan
» Limit incident effect and repair incident damage
» Perform real-time incident response tasks
» Determine the risk of continuing operations
» Spearphishing and APT attacks
Sources of network evidence
» 3 evidence collection modalities
» Persistence checks
» Sensors
» Evidence acquisition
» Forensically sound collection of images
TCP reconstruction
» TCP session reconstruction
» Payload reconstruction
» Encapsulation methods
» tcpdump/Wireshark
» Working with pcap files
» Wireshark filtering
» Identify missing data
» Identify sources of information and artifacts
» Packet analysis
Flow analysis
» nfcapd and nfdump
» nfsen
» SiLK
» Flow record export protocols
» Network file carving
» Encrypted flow analysis
» Anomalous behavior analysis
» Flow data points
NIDS/NIPS
» Snort
» Snort rule configuration
» Collect incident data and intrusion artifacts
Log analysis
» Syslog server
» Syslog protocol format
» Event investigation
» Microsoft event log
» Event viewer
» Modeling analysis formats
» HTTP server logs
» Apache vs IIS
» Header analysis and attack reconstruction
Firewall log investigation
» Log formats
» iptables and packet flow
Log aggregation
» SIEM tools
» Splunk architecture

Day 3

Triage & analysis
» Categorizing events
» Developing standard category definitions
» Perform correlation analysis on event reports
» Event affinity
» Prioritize events
» Determining scope, urgency, and potential impact
» Assign events for further analysis, response, or disposition/closure.
» Determine cause and symptoms of the incident
Network artifact discovery
» Network forensics with Xplico
DNS forensics and artifacts
» DNS tunneling
» Fast flux forensics
NTP forensics and artifacts
» Understanding NTP architecture
» NTP analysis
» NTP usage in timeline analysis and log monitoring
» Protocol inspection
HTTP forensics and artifacts
» Artifact discovery
» Request/response architecture
» HTTP field analysis
» HTTP web services
» AJAX
» Web services
HTTPS and SSL analysis
» Artifact from secure negotiation process
» Other non HTTPS SSL analysis
FTP and SSH forensics
» Capture and inspection
» SFTP considerations
Email protocol artifacts
» SMTP vs POP vs IMAP artifacts
» Adaptations and extensions
» Microsoft Protocols
» Architecture and capture
» Exchange considerations
» SMB considerations
» Cloud email forensics
Wireless network forensics
» Wireless monitoring and capture methodologies
» Understanding Wi-Fi common attacks
» WEP vs WPA vs WPA2
» Wi-Fi security compromise analysis
Perform vulnerability analysis
» Determine the risk, threat level or business impact of a confirmed incident.

Day 4

Timeline analysis
» Timeline reconstruction
» Benefits of structured timeline analysis
» Required pre-knowledge
» Pivot point analysis
» Contexting with incomplete data
» Enter information into an operations log or record of daily operational activity.
» Filesystem considerations
» Time rules
» Using Sleuthkit and fls
» Program execution file knowledge
» File opening and file deletion
» log2timeline
» log2timeline input and output modules
» Using l2t_process for filtering
Volatile data sources and collection
» System memory acquisitions from Windows systems
» 64 bit Windows memory considerations
» Page File analysis
» Hibernation file analysis
» Identify rogue processes
» DLL analysis
» Handle discovery and analysis
» Code injection artifacts Rootkit indicators
» Correlation with network artifacts
» Volatility walk-through
» Redline analysis
» Volatility basics
» Volatility case study
» Advanced malware hunting with Volatility
» Examine Windows registry in memory
» Investigate windows services
» Cached files in RAM
» Credential recovery in RAM

Day 5

Incident response
» Defensive review and recommendations
» Improving defenses
» Secure credential changing process and monitoring
» Increased monitoring period – when and how long
» Validate the system.
» Identify relevant stakeholders that need to be contacted
» Communications about an organizational incident
» Appropriate communications protocols and channels
» Coordinate, integrate and lead team responses with other internal groups
» Provide notification service to other constituents
» Enable constituents to protect their assets and/or detect similar incidents.
» Report and coordinate incidents with appropriate external organizations
» Liaison with law enforcement personnel
» Track and document incidents from initial detection through final resolution.
» Assign and label data according to the appropriate class or category of sensitivity
» Collect and retain information on all events/incidents in support of future analytical efforts and situational awareness
» Perform risk assessments on incident management systems and networks
» Run vulnerability scanning tools on incident management systems and networks

Incident Response and Network Forensics boot camp course enrollment

Learning Method: Self paced online, In-person, Team on-site

$4500 USD

Where do you from here?

You’re on a great start with Ethical Hacking and Pentest+ certification. Where do you go from here?

Next in the training path are specialization courses that are available FREE to you;

» Ethical Hacking and PenTest+ boot camp (CEH and PenTest+ certification)

» Advanced Ethical Hacking boot camp (CPENT certification)

» Advanced Pentests 10-day training

» Cloud Penetration Testing boot camp

» Cyber Threat Hunting bootcamp

InfoSec Accredited Training Partner

We’re and Authorised and Accredited InfoSec Training Partner. We specialize in providing InfoSec cybersecurity skills development and InfoSec Security Awareness Training for Corporations and Individuals




    Nuformat would like to keep you informed about our Services.
    Please check the option below to receive occasional updates via

    Email