Trellix FIRE-IR: Forensics and Incident Response Education
Trellix (McAfee) University Trainings 4 Tage
- Termin
- Inhouse
- Individuell
The Forensics and Incident Response Education (FIRE) course offered by Foundstone® Services is a defensive weapon to help you normalize your environment after a negative event has occurred. Hackers and disgruntled employees are using sophisticated tools and backdoor programs to steal your intellectual property and expose sensitive information - and they can cover their tracks in the process. In this course, we provide you with the forensic techniques to identify, respond to, and recover from both an insider and outsider attack. This comprehensive, technically detailed course enables you to successfully respond to incidents and reinforces your security posture.
ACHTUNG: Die Kurssprache ist ausnahmsweise Englisch.
Zielgruppe
- System- und Netzwerk Administratoren
- Unternehmens-Sicherheitspersonal
- Wirtschaftsprüfer
- Strafverfolgungsbeamte
- Berater (Consultants) mit Verantwortung der Ermittlung von Netzwerkeinbrüchen.
Voraussetzungen für die Schulung
Grundlegendes Verständnis von Linux, Windows, Computer Forensik und TCP/IP ist erforderlich, damit der Kurs vollumfänglich von Nutzen ist.
7.485,10 € inkl. 19% USt.
940,10 € inkl. 19% USt.
1.654,10 € inkl. 19% USt.
2.558,50 € inkl. 19% USt.
Kursinhalte
Introduction:
- Overview of Course Content and Format
- Principles of Forensics and IR
Preparation:
- Data Collection Techniques
- Forensic Hardware
- Chain of Custody
- Basic Incident Response Process
- Pre-Incident Preparation
- Documentation Requirements
Malware Strategies:
- Common Approaches
- Containment and Remediation Strategies
- Malware Footprints
Windows Incident Response:
- Data Volatility
- Installed Software and Hotfixes
- Persistence Mechanisms
- Windows Audit Policies
- Malware Analysis
- Prefetch Analysis
- The Windows Registry
- Windows Event Log Analysis
File Carving and Email Analysis:
- File Carving
- Email Header Analysis
- Determining File Headers
- Extraction of Attachments
- Extracting Specific File Types
- Deleted Files and Recovery
Hash and Timeline Module:
- Use of Hash Sets
- Adding Hash Sets
- Advantages of Timeline
- Timeline Creation
Network-Based Monitoring:
- Sources of Network Data
- PCAP Analysis with Wireshark
- Network Footprint
Memory Forensics:
- Basics of Memory Acquisition and Analysis
- Highlight Power of Memory
Unix and Linux Incident Response:
- Live Response Best Practices and Order of Volatility
- Following the Process Tree
- Unix/Linux File Permissions
Lernen von Experten
Zertifizierte und praxiserfahrene TrainerInnen
Durchführungs-Garantie
Unsere Schulungen finden ab der 1. Buchung statt.
Inklusive
Mittagessen, Unterlagen, Zertifikat, WLAN, Getränke uvm.
Gruppengröße
Minimal 1, Maximal 8 TeilnehmerInnen
Passende Unterlage
Inklusive Fachbuch zur Schulung.
Sprache
Deutsch (Englisch auf Wunsch)
Förderungen
Bis zu 100% Kostenübernahme!
Ähnliche Schulungen
6.115,86 € inkl. 19% USt.
3.669,52 € inkl. 19% USt.
4.892,68 € inkl. 19% USt.
4.892,68 € inkl. 19% USt.
4.892,68 € inkl. 19% USt.
