Introduction to Digital Forensics & Incident Response

This 3-day workshop prepares students to expertly manage the aftermath of a security breach or cyberattack through a comprehensive exploration of Digital Forensics and Incident Response (DFIR).

Overview

This course is divided into two sections, one covering incidence response (IR) and the other covering digital forensics. 

In the IR portion, students are introduced to Incident Response Methodology, based on the National Institute of Standards and Technology (NIST) Computer Security Incident Handling Guide. Each of the four primary IR lifecycle phases (preparation; detection and analysis; containment, eradication, and recovery; and post-incident activity) is addressed in detail, using example incidents to facilitate class discussions.

Students transition to malware analysis and digital forensics, which are both part of IR, for the second portion of the course, where each major digital forensics phase (evidence acquisition; evidence analysis; reporting; and expert witness testimony) is addressed. 

Students receive opportunities to apply and practice concepts taught in the course through hands-on exercises, case studies, and challenges in a CTF (capture-the-flag) atmosphere.

Prerequisites

We recommend students have a general knowledge of computer, networking, and operating system fundamentals. Some exposure to file systems and network traffic analysis is also recommended.

Duration & Format

3 days (21 hours)

This course is conducted live, in person by Alpine Security. It can be delivered at your location or at their training facility in the St. Louis, Missouri, metro area.

Outline

  • Incident response overview
  • Incident response phases
  • Digital forensics overview
  • Digital forensics evidence acquisition
  • Digital forensics evidence analysis
  • Digital forensics reporting

Software and Tools Used

  • Wireshark
  • VMware
  • Network Miner
  • AccessData FTK Imager
  • Autopsy
  • Foremost
  • WinMD5Free
  • MoonSols DumpIt
  • Belkasoft Live RAM Capturer
  • Volatility Framework
  • JPHS

Professional Training for Modern Technology Teams

Sign up today for open enrollment technology training.

Open Enrollment Courses

Open enrollment courses are a great, cost-effective option for organizations that have an immediate need to train a small number of employees.

View Course Schedule

Customized technology training designed to meet your team's specific needs

Customized Training Programs

Customized training programs can be delivered on-site, in our training lab, or online to help organizations enhance the skills of their internal development teams.

Request More Information