Digital Forensics and Incident Response

(DIG-FORNSC-IR.AJ1) / ISBN : 978-1-64459-471-1
This course includes
Lessons
TestPrep
Hands-On Labs
AI Tutor (Add-on)
Get A Free Trial

About This Course

Explore the complexities of digital forensics, mastering the techniques of investigating cyber incidents, scrutinizing digital evidence, and effectively responding to cybersecurity threats. From grasping the essentials of cybercrime investigations to navigating advanced forensic analysis and incident response strategies, this course provides a comprehensive skill set. Dive into practical learning with the latest tools, analyze real-life examples, and develop the skills needed to strengthen digital environments.

Skills You’ll Get

Get the support you need. Enroll in our Instructor-Led Course.

Lessons

20+ Lessons | 148+ Exercises | 60+ Quizzes | 94+ Flashcards | 94+ Glossary of terms

TestPrep

55+ Pre Assessment Questions | 55+ Post Assessment Questions |

Hands-On Labs

29+ LiveLab | 29+ Video tutorials | 49+ Minutes

1

Preface

  • Who this course is for
  • What this course covers
  • To get the most out of this course
2

Understanding Incident Response

  • The IR process
  • The IR framework
  • The IR plan
  • The IR playbook/handbook
  • Testing the IR framework
  • Summary
  • Further reading
3

Managing Cyber Incidents

  • Engaging the incident response team
  • SOAR
  • Incorporating crisis communications
  • Incorporating containment strategies
  • Getting back to normal – eradication, recovery, and post-incident activity
  • Summary
  • Further reading
4

Fundamentals of Digital Forensics

  • An overview of forensic science
  • Locard’s exchange principle
  • Legal issues in digital forensics
  • Forensic procedures in incident response
  • Summary
  • Further reading
5

Investigation Methodology

  • An intrusion analysis case study: The Cuckoo’s Egg
  • Types of incident investigation analysis
  • Functional digital forensic investigation methodology
  • The cyber kill chain
  • The diamond model of intrusion analysis
  • Summary
6

Collecting Network Evidence

  • An overview of network evidence
  • Firewalls and proxy logs
  • NetFlow
  • Packet capture
  • Wireshark
  • Evidence collection
  • Summary
  • Further reading
7

Acquiring Host-Based Evidence

  • Preparation
  • Order of volatility
  • Evidence acquisition
  • Acquiring volatile memory
  • Acquiring non-volatile evidence
  • Summary
  • Further reading
8

Remote Evidence Collection

  • Enterprise incident response challenges
  • Endpoint detection and response
  • Velociraptor overview and deployment
  • Velociraptor scenarios
  • Summary
9

Forensic Imaging

  • Understanding forensic imaging
  • Tools for imaging
  • Preparing a staging drive
  • Using write blockers
  • Imaging techniques
  • Summary
  • Further reading
10

Analyzing Network Evidence

  • Network evidence overview
  • Analyzing firewall and proxy logs
  • Analyzing NetFlow
  • Analyzing packet captures
  • Summary
  • Further reading
11

Analyzing System Memory

  • Memory analysis overview
  • Memory analysis methodology
  • Memory analysis tools
  • Memory analysis with Strings
  • Summary
  • Further reading
12

Analyzing System Storage

  • Forensic platforms
  • Autopsy
  • Master File Table analysis
  • Prefetch analysis
  • Registry analysis
  • Summary
  • Further reading
13

Analyzing Log Files

  • Logs and log management
  • Working with SIEMs
  • Windows Logs
  • Analyzing Windows Event Logs
  • Summary
  • Further reading
14

Writing the Incident Report

  • Documentation overview
  • Executive summary
  • Incident investigation report
  • Forensic report
  • Preparing the incident and forensic report
  • Summary
  • Further reading
15

Ransomware Preparation and Response

  • History of ransomware
  • Conti ransomware case study
  • Proper ransomware preparation
  • Eradication and recovery
  • Summary
  • Further reading
16

Ransomware Investigations

  • Ransomware initial access and execution
  • Discovering credential access and theft
  • Investigating post-exploitation frameworks
  • Command and Control
  • Investigating lateral movement techniques
  • Summary
  • Further reading
17

Malware Analysis for Incident Response

  • Malware analysis overview
  • Setting up a malware sandbox
  • Static analysis
  • Dynamic analysis
  • ClamAV
  • YARA
  • Summary
  • Further reading
18

Leveraging Threat Intelligence

  • Threat intelligence overview
  • Sourcing threat intelligence
  • The MITRE ATT&CK framework
  • Working with IOCs and IOAs
  • Threat intelligence and incident response
  • Summary
  • Further reading
19

Threat Hunting

  • Threat hunting overview
  • Crafting a hypothesis
  • Planning a hunt
  • Digital forensic techniques for threat hunting
  • EDR for threat hunting
  • Summary
  • Further reading

Appendix

3

Fundamentals of Digital Forensics

  • Completing the Chain of Custody
4

Investigation Methodology

  • Performing Reconnaissance on a Network
5

Collecting Network Evidence

  • Installing a DHCP Server
  • Performing a Proxy Server Operation
  • Creating a Firewall Rule
  • Capturing Packet Using RawCap
  • Using tcpdump to Capture Packets
6

Acquiring Host-Based Evidence

  • Using WinPmem for Memory Acquisition
  • Using FTK Imager
  • Using FTK Imager for Obtaining Protected Files
7

Remote Evidence Collection

  • Using the Velociraptor Server
8

Forensic Imaging

  • Preparing a Staging Drive
  • Using EnCase Imager
9

Analyzing Network Evidence

  • Working with NetworkMiner
  • Capturing a Packet Using Wireshark
10

Analyzing System Memory

  • Analyzing Malicious Activity in Memory Using Volatility
  • Working with Strings in Linux
11

Analyzing System Storage

  • Analyzing Forensic Case with Autopsy
  • Viewing the Windows File Registry
12

Analyzing Log Files

  • Creating an Event Log View
  • Examining Windows Event Logs Using DeepBlueCLI
14

Ransomware Preparation and Response

  • Understanding LPE
15

Ransomware Investigations

  • Using Social Engineering Techniques to Plan an Attack
  • Passing the Hash Using Mimikatz
16

Malware Analysis for Incident Response

  • Analyzing Malware Using VirusTotal
  • Using Process Explorer
  • Handling Potential Malware Using ClamAV
17

Leveraging Threat Intelligence

  • Examining MITRE ATT&CK
  • Using Maltego to Gather Information

Related Courses

All Course
scroll to top