Digital Forensics for Incident Response

  • Overview
  • Course Content
Overview

Digital Forensics for Incident Response

Course Description

Designed as an introduction to digital forensics and incident response, this course explores forensic investigation using freely redistributable, open-source software tools. The course will focus on an analysis of equipment encountered in the enterprise as well as introductory recommendations for evidence acquisition and handling.

Course Content

OVERVIEW OF DFIR

  • Incident response
  • Digital forensics
  • Policy frameworks

APPLYING DF CONCEPTS TO IR

  • Data concepts
  • Data acquisition

DISK FORENSICS

  • Live triage
  • Disk imaging
  • Introduction to autopsy software
  • Data ingest

VOLATILE MEMORY FORENSICS

  • Memory forensics purpose and techniques
  • Introduction to volatility software
  • Introduction to memory capture acquisition

FILE CARVING

  • Introduction to file carving
  • Applications of file carving
  • File carving tools and techniques

NETWORK FORENSICS

  • Network forensics purpose and techniques
  • Introduction to network packet capture analysis in Wireshark

INTRODUCTION TO SECURITY INFORMATION AND EVENT MANAGEMENT (SIEM)

  • Introduction to SIEM
  • Where and how to implement SIEM
  • Overview of SIEM tools
  • Pivoting across multiple data sources and types

Session Details

  • Georgia Tech Research Institute (GTRI) employees are eligible to receive a discount.  If you are a GTRI employee, please go to the Organizational Development website and look for the coupon code under GT Professional Development. Review coupon instructions for more information.

Who Should Attend

This course is designed for new information security professionals or incident response personnel who are conducting internal investigations and seeking to gain a digital forensics capability. Law enforcement or commercial investigative personnel seeking to learn new tools will also benefit.

Coding boot camp professional working on laptop

What You Will Learn

  • Activities and goals of Digital Forensics for Incident Response (DFIR)
  • Data acquisition processes and constraints
  • Evidence extraction and analysis
  • Live triage
  • Memory, networks, and dead disk forensics
  • Security information and event management
Cybersecurity professional working on computer

How You Will Benefit

  • Learn the fundamentals of digital forensics and incident response.
  • Understand how digital forensics and incident response fit into the overall security posture of the enterprise.
  • Discover how to operate a variety of available DFIR tools.
  • Develop practical skills through hands-on laboratory exercises.
  • Expertise to effectively respond to an incident.
  • Learn how to establish a new incident response program at an organization.
  • Taught by Experts in the Field icon
    Taught by Experts in the Field
  • Grow Your Professional Network icon
    Grow Your Professional Network

The course schedule was well-structured with a mix of lectures, class discussions, and hands-on exercises led by knowledgeable and engaging instructors.

- Abe Kani
President

TRAIN AT YOUR LOCATION

We enable employers to provide specialized, on-location training on their own timetables. Our world-renowned experts can create unique content that meets your employees' specific needs. We also have the ability to deliver courses via web conferencing or on-demand online videos. For 15 or more students, it is more cost-effective for us to come to you.

  • Save Money
  • Flexible Schedule
  • Group Training
  • Customize Content
  • On-Site Training
  • Earn a Certificate
Learn More

Want to learn more about this course?