FIRE: Forensics and Incident Response Education

The Forensics and Incident Response Education (FIRE) course offered by Foundstone® Services is a defensive weapon to help you normalize your environment after a negative event has occurred. Hackers and disgruntled employees are using sophisticated tools and backdoor programs to steal your intellectual property and expose sensitive information - and they can cover their tracks in the process. In this course, we provide you with the forensic techniques to identify, respond to, and recover from both an insider and outsider attack.
This comprehensive, technically detailed course enables you to successfully respond to incidents and reinforces your security posture.

ACHTUNG: Die Kurssprache ist ausnahmsweise Englisch.

Zielgruppe

• System- und Netzwerk Administratoren

• Unternehmens-Sicherheitspersonal

• Wirtschaftsprüfer

• Strafverfolgungsbeamte

• Berater (Consultants) mit Verantwortung der Ermittlung von Netzwerkeinbrüchen.

Voraussetzungen

Grundlegendes Verständnis von Unix, Windows OS, Computer Forensiker und TCP/IP Netzwerk ist erforderlich, damit der Kurs vollumfänglich von Nutzen ist.

Trainingsinhalte

Introduction:

• Overview of Course Content and Format

• Principles of Forensics and IR

Preparation:

• Data Collection Techniques

• Forensic Hardware

• Chain of Custody

• Basic Incident Response Process

• Pre-Incident Preparation

• Documentation Requirements

Malware Strategies:

• Common Approaches

• Containment and Remediation Strategies

• Malware Footprints

Windows Incident Response:

• Data Volatility

• Installed Software and Hotfixes

• Persistence Mechanisms

• Windows Audit Policies

• Malware Analysis

• Prefetch Analysis

• The Windows Registry

• Windows Event Log Analysis

File Carving and Email Analysis:

• File Carving

• Email Header Analysis

• Determining File Headers

• Extraction of Attachments

• Extracting Specific File Types

• Deleted Files and Recovery

Hash and Timeline Module:

• Use of Hash Sets

• Adding Hash Sets

• Advantages of Timeline

• Timeline Creation

Network-Based Monitoring:

• Sources of Network Data

• PCAP Analysis with Wireshark

• Network Footprint

Memory Forensics:

• Basics of Memory Acquisition and Analysis

• Highlight Power of Memory

Unix and Linux Incident Response:

• Live Response Best Practices and Order of Volatility

• Following the Process Tree

• Unix/Linux File Permissions

Seminarzeiten

• Dauer: 4 Tage
• 1. Tag: 09:30 Uhr bis 17:00 Uhr
• Weitere Tage: 09:00 Uhr bis 17:00 Uhr
• Letzter Tag: 09:00 Uhr bis 17:00 Uhr

Preis pro Person