System Forensics and Incident Handling [FOR]

Durée totale
Localisation
A cet endroit, En ligne
Date et lieu de début

System Forensics and Incident Handling [FOR]

Global Knowledge Belgium BV
Logo Global Knowledge Belgium BV
Note du fournisseur: starstarstar_halfstar_borderstar_border 4,5 Global Knowledge Belgium BV a une moyenne de 4,5 (basée sur 2 avis)

Astuce: besoin de plus d'informations sur la formation? Téléchargez la brochure!

Dates et lieux de début

computer En ligne: VIRTUAL TRAINING CENTER
31 oct. 2022 jusqu'au 4 nov. 2022

Description

Vrijwel iedere training die op een onze locaties worden getoond zijn ook te volgen vanaf huis via Virtual Classroom training. Dit kunt u bij uw inschrijving erbij vermelden dat u hiervoor kiest.

OVERVIEW

Forensics and Incident Handling are constantly evolving and are crucial topics in the area of cybersecurity. In order to stay on top of the attackers, the knowledge of the individuals and teams responsible for collecting digital evidences and handling the incidents has to be constantly enhanced and updated. This advanced training provides the necessary knowedge and skills required to find, collect and preserve data in a correct manner, analyze it and get to know as much about the incident as possible. This is an intense hands-on course covering the general approach to forensics and incident handling, network forensics, important aspects of Windows internals, memory and storage analy…

Lisez la description complète ici

Foire aux questions (FAQ)

Il n'y a pour le moment aucune question fréquente sur ce produit. Si vous avez besoin d'aide ou une question, contactez notre équipe support.

Vous n'avez pas trouvé ce que vous cherchiez ? Voir aussi : Sécurité informatique, CISSP, CompTIA, CISM et ISO 27001.

Vrijwel iedere training die op een onze locaties worden getoond zijn ook te volgen vanaf huis via Virtual Classroom training. Dit kunt u bij uw inschrijving erbij vermelden dat u hiervoor kiest.

OVERVIEW

Forensics and Incident Handling are constantly evolving and are crucial topics in the area of cybersecurity. In order to stay on top of the attackers, the knowledge of the individuals and teams responsible for collecting digital evidences and handling the incidents has to be constantly enhanced and updated. This advanced training provides the necessary knowedge and skills required to find, collect and preserve data in a correct manner, analyze it and get to know as much about the incident as possible. This is an intense hands-on course covering the general approach to forensics and incident handling, network forensics, important aspects of Windows internals, memory and storage analysis, detecting indicators of compromise and the correct ways of reporting.

OBJECTIVES

After completing this course you should be able to:

  • Understand the steps of the incident handling process
  • Detect malicious applications and network activity
  • Recognise common attack techniques that compromise hosts
  • Detect and analyze system and network vulnerabilities
  • Implement continuous process improvement by discovering the root cause of incidents

AUDIENCE

IT professionals, Forensics and Incident Handling Specialists, Security Consultants, Enterprise administrators, infrastructure architects, security professionals, systems engineers, network administrators, IT professionals, security consultants and other people responsible for implementing network and perimeter security.

CONTENT

Module 1: Introduction to Incident Handling

  • Types of Computer Security Incidents
  • Signs of an Incident
  • Incident Prioritization
  • Incident Response and Handling Steps
  • Procedures and Preparation

Module 2: Windows Internals

  • Introduction to Windows Internals
  • Fooling Windows Task Manager
  • Processes and threads
  • PID and TID
  • Information gathering from the running operating system
  • Obtaining Volatile Data
  • A deep dive to Autoruns
  • Effective permissions auditing
  • PowerShell get NTFS permissions
  • Obtaining permissions information with AccessChck
  • Unnecessary and malicious services
  • Detecting unnecessary services with PowerShell

Module 3: Memory Dumping and Analysis

  • Introduction to memory dumping and analysis
  • Creating memory dump - Belkasoft RAM Capturer and DumpIt
  • Utilizing Volatility to analyze Windows memory image
  • Analyzing Stuxnet memory dump with Volatility
  • Automatic memory analysis with Volatile

Module 4: Indicators of compromise

  • Yara rules language

Module 5: Storage Acquisition and Analysis

  • Introduction to storage acquisition and analysis
  • Drive Acquisition
  • Mounting Forensic Disk Images
  • Introduction to NTFS File System
  • Windows File System Analysis
  • Autopsy with other filesystems
  • Building timelines

Module 6: Reporting – Digital Evidence

This module covers the restrictions and important details about digital evidence gathering. Moreover, a proper structure of digital evidence report will be introduced.

Rester à jour sur les nouveaux avi

Pas encore d'avis.

Partagez vos avis

Avez-vous participé à cours? Partagez votre expérience et aider d'autres personnes à faire le bon choix. Pour vous remercier, nous donnerons 1,00 € à la fondation Stichting Edukans.

Il n'y a pour le moment aucune question fréquente sur ce produit. Si vous avez besoin d'aide ou une question, contactez notre équipe support.

Recevoir une brochure d'information (gratuit)

(optionnel)
(optionnel)
(optionnel)
(optionnel)
(optionnel)
(optionnel)

Vous avez des questions?

(optionnel)
Nous conservons vos données personnelles dans le but de vous accompagner par email ou téléphone.
Vous pouvez trouver plus d'informations sur : Politique de confidentialité.