This course is presented as
Live Virtual Training.
Click for more details.
The CyberSec First Responder™ Certificate Course is designed to equip the organisation's IT staff members with the capability and knowledge to be able to respond to an incident in an effective and timely manner. Knowing how to act promptly during an incident can significantly reduce the incident’s negative impact and ensure that an incident response investigation can be performed without delay.
The two-day training is a technical and hands on workshop that will introduce attendees to various open source and free tools that can be used to capture and analyse artifacts that are critical during an incident investigation.
Learning outcomes
This course is designed to:
- Ensure that staff members who are on the front lines of responding to incidents as they occur are well equipped to perform this critical role
- Provide front line staff members the knowledge on how to satisfactorily collect forensic evidence
Who should attend
This course is intended for:
- Technical staff members who are tasked to first respond to cyber security incidents. Typical roles include:
- Systems Engineer
- Systems Administrator
- Systems Analyst
- Network Engineer
- Network Administrator
- Network Analyst
- Helpdesk Level 1 & 2
- Security Analyst
- Threat Analyst
- Infrastructure Manager
- IT Manager
- Anyone involved in Governance or Risk and who needs to gain a better understanding of how an attacker thinks
Course contents
Phase 1: Introduction to Incident Response
- Common pitfalls
- Common pain points that organisation make with regards to incidents
- Prevalent threats/attacks
- Who are the threat actors
- What are the most common attack that are currently used
- What is an incident and how to prepare for it
- Incident life cycle
- Regulatory bodies and Law
- Evidence handling best practices
- Chain of custody discussion
- Forensics go kit
- War stories and scenarios
- Sharing of war stories and their root cause
- What could have been done better to prevent the incident
Phase 2: How Hackers Do It
- Introduction to malwares
- Type of malwares
- Common protection against malwares
- Common attack techniques and lifecycle
- Common attacker behavoiur
- Typical attack lifecycle
Phase 3: Data Collection (demo / hands on)
- Disk image gathering
- Introduction to tools used for disk image creation
- Demo and hands on workshop on creating disk images
- Memory image gathering
- Introduction to tools used for memory dump collection
- Demo and hands on workshop on memory dump collection
Phase 4: Introduction to Forensic Analysis
- Autopsy 101
- Introduction to forensic analysis tools
- Demo and hands on workshop on using the tool called Autopsy
- Basics of memory forensics
- Introduction to memory forensics analysis tools
- Demo and hands on workshop on using memory analysis tools
Phase 5: Cloud IR
- Triaging incidents in the cloud
- Conducting M365 incident response
Phase 6: Google-Fu (optional, if time permits)
- Using Open Source Intelligence (OSINT) in incident investigation
- How can public data be used during an incident investigation
Course fees
CyberSec First Responder™ Course (2 days) + Certificate Exam
Fee Includes:
- Comprehensive ALC course workbook
- CyberSec First Responder™ Exam
Additional Requirements:
Attendees should bring a Windows-based notebook to be used as a test machine for the hands-on part of the course.
Exam Information
The exam comprises:
- Multiple choice examination questions
- 40 questions
- 26 marks required to pass (out of 40 available) – 65%
- 60 minutes duration
- Closed book.
The exam will be held at the end of the course. For Face-to-Face classes it will be a paper-based exam and for Live Virtual classes it will be an online exam.
PRIVATE TRAINING FOR YOUR TEAM
The CyberSec First Responder™ workshop is ideal for private presentation just for your own team. The course can be fully customised and can be presented in full 2-day format or one-day condensed format. Please contact us for more details.
|