FIRE-IR: Forensics and Incident Response Education

McAfee University Trainings 4 Tage

The Forensics and Incident Response Education (FIRE) course offered by Foundstone® Services is a defensive weapon to help you normalize your environment after a negative event has occurred. Hackers and disgruntled employees are using sophisticated tools and backdoor programs to steal your intellectual property and expose sensitive information - and they can cover their tracks in the process. In this course, we provide you with the forensic techniques to identify, respond to, and recover from both an insider and outsider attack.
This comprehensive, technically detailed course enables you to successfully respond to incidents and reinforces your security posture.

ACHTUNG: Die Kurssprache ist ausnahmsweise Englisch.


- System- und Netzwerk Administratoren
- Unternehmens-Sicherheitspersonal
- Wirtschaftsprüfer
- Strafverfolgungsbeamte
- Berater (Consultants) mit Verantwortung der Ermittlung von Netzwerkeinbrüchen.

Voraussetzungen für die Schulung

Grundlegendes Verständnis von Unix, Windows OS, Computer Forensiker und TCP/IP Netzwerk ist erforderlich, damit der Kurs vollumfänglich von Nutzen ist.



  • Overview of Course Content and Format
  • Principles of Forensics and IR


  • Data Collection Techniques
  • Forensic Hardware
  • Chain of Custody
  • Basic Incident Response Process
  • Pre-Incident Preparation
  • Documentation Requirements

Malware Strategies:

  • Common Approaches
  • Containment and Remediation Strategies
  • Malware Footprints

Windows Incident Response:

  • Data Volatility
  • Installed Software and Hotfixes
  • Persistence Mechanisms
  • Windows Audit Policies
  • Malware Analysis
  • Prefetch Analysis
  • The Windows Registry
  • Windows Event Log Analysis

File Carving and Email Analysis:

  • File Carving
  • Email Header Analysis
  • Determining File Headers
  • Extraction of Attachments
  • Extracting Specific File Types
  • Deleted Files and Recovery

Hash and Timeline Module:

  • Use of Hash Sets
  • Adding Hash Sets
  • Advantages of Timeline
  • Timeline Creation

Network-Based Monitoring:

  • Sources of Network Data
  • PCAP Analysis with Wireshark
  • Network Footprint

Memory Forensics:

  • Basics of Memory Acquisition and Analysis
  • Highlight Power of Memory

Unix and Linux Incident Response:

  • Live Response Best Practices and Order of Volatility
  • Following the Process Tree
  • Unix/Linux File Permissions
Ähnliche Seminare
5 Tage Präsenz oder Online
3.953,36 € zzgl. 19% USt.
4.704,50 € inkl. 19% USt.
3.162,69 € zzgl. 19% USt.
3.763,60 € inkl. 19% USt.
4 Tage Präsenz oder Online
3.162,69 € zzgl. 19% USt.
3.763,60 € inkl. 19% USt.
3.162,69 € zzgl. 19% USt.
3.763,60 € inkl. 19% USt.
3.162,69 € zzgl. 19% USt.
3.763,60 € inkl. 19% USt.

Termine für FIRE-IR: Forensics and Incident Response Education

Plätze verfügbar
Online 4 Tage
3.162,69 € zzgl. 19% USt.
3.763,60 € inkl. 19% USt.
Der passende Termin oder Standort ist nicht dabei? Gerne bieten wir Ihnen eine passende Lösung an.

Noch Fragen?

Rufen Sie mich an oder schreiben Sie mir eine E-Mail!

Frank Lewin
Frank Lewin