Digital Forensics & Incident Response
The 5-day Digital Forensics & Incident Response course introduces participants to DFIR concepts and transfers goal-oriented use techniques. Participants will learn how to investigate an incident, how to gather supportive forensic data, and how to handle it. This course features hands-on simulations provided by @Cywar – a gamified training and assessment platform by HackerU Solutions.
Description
Prerequisites:
-Hands-on experience with Linux and Windows systems
-A solid understanding of networking infrastructure
Module-1:
Introduction To DFIR
-Introduction to DFIR
-DF vs IR vs TH
-Incident Response planning
-Targeted artifacts
-DFIR use-cases
-DFIR Toolset
-SANS & NIST
Module-2:
Incident Response – Preparation
-Defining assets and values
-CIA
-Risk management
-Roles & Responsibilities
-4 & 6 stages of IR
-Creating IR plan
-DRP & BCP
-GRC
-ATT&CK
-Compliances- ISO, GDPR, HIPPA, PCI-DSS
Module-3:
Incident Response – Response
-SOC Operation & Lifecycle
-Identification & Scoping
-Containment
-Intelligence gathering
-Eradication
-Chain of custody
Module-4:
Data Acquisition
-Dead System Analysis
-Live System Analysis
-Drive Cloning
-Image Mounting
-Memory Dumping
-Evidence Documentation
Module-5:
Live Forensics
-Artifacts on a Windows computer
-Browser History
-USB History
-DNS Cache
-Prefetch
-MRU
-Nirsoft
Module-6:
Windows Forensics
-Windows DF Specifics
-NTFS
-ADS & MFT
-File Carving
-Registry Forensics
-Forensics using Powershell
Module-7:
Memory Analysis
-Memory structure
-Memory analysis tools
-Volatility Breakdown & Usage
-Process exploration
-DLL inspection
-Acquiring memory artifacts
Module-8:
Linux Forensics
-Linux Filesystems
-Network Configuration
-Login Information
-Bash History
-Identifying Persistence
-Logfile Analysis
Module-9:
File Upload
-Windows EventLog
-Timeline analysis
-DF Timeline
-Log2timeline
Module-10:
Threat Hunting – Consider Moving After Malware
-Threat Hunting
-Threat Intelligence
-Collecting IoC’s
-Malware Characteristics
-from DF to TH
-Common Hiding Mechanisms
Module-11:
Network Forensics
-Traffic interception & Network Evidence
-Reverse Proxy
-Wireshark
-DF using Wireshark
-Common Protocol Analysis
-Zeek NSM
Module-12:
DFIR Simulation
-DF Lab & Recap