Digital Forensics for Incident Response

Course Description

Designed as an introduction to digital forensics and incident response, this course explores forensic investigation using freely redistributable, open-source software tools. The course will focus on an analysis of equipment encountered in the enterprise as well as introductory recommendations for evidence acquisition and handling.

Course ID: DEF 4611P
Course Format: Classroom

Available Classroom Sections

There are no available sections for this course. Please check back later.

View previous sections
View Previous Sections
CRN Start date End date Format Location Cost
15846 Dec 1, 2015 Dec 2, 2015 Classroom Atlanta, Georgia $1,195
16283 Aug 9, 2016 Aug 10, 2016 Classroom Atlanta, Georgia $995
17026 May 16, 2017 May 17, 2017 Classroom Atlanta, Georgia $1,295
18268 May 15, 2018 May 16, 2018 Classroom Atlanta, Georgia $1,295

Special Discounts

GTRI employees are eligible for a discount on this course.  If you are a GTRI employee, please go to https://webwise.gtri.gatech.edu/talent-management/organizational-development and look under “GT Professional Development” for a coupon code to use when checking out.

Note: Coupon codes must be applied during checkout and cannot be redeemed after your checkout is complete. Only one coupon code can be used per shopping cart.

Who Should Attend

This course is designed for new information security professionals or incident response personnel who are conducting internal investigations and seeking to gain a digital forensics capability. Law enforcement or commercial investigative personnel seeking to learn new tools will also benefit.

How You Will Benefit

  • Learn the fundamentals of digital forensics and incident response.
  • Understand how digital forensics and incident response fit into the overall security posture of the enterprise.
  • Discover how to operate a variety of available DFIR tools.
  • Develop practical skills through hands-on laboratory exercises.
  • Expertise to effectively respond to an incident.
  • Learn how to establish a new incident response program at an organization.

Content

OVERVIEW OF DFIR

  • Incident response
  • Digital forensics
  • Policy frameworks

APPLYING DF CONCEPTS TO IR DISK FORENSICS

  • Data concepts
  • Data acquisition
  • Live triage
  • Disk imaging
  • Introduction to autopsy software
  • Data ingest

VOLATILE MEMORY FORENSICS

  • Memory forensics purpose and techniques
  • Introduction to volatility software
  • Introduction to memory capture acquisition

FILE CARVING

  • Introduction to file carving
  • Applications of file carving
  • File carving tools and techniques

NETWORK FORENSICS

  • Network forensics purpose and techniques
  • Introduction to network packet capture analysis in Wireshark

INTRODUCTION TO SECURITY INFORMATION AND EVENT MANAGEMENT (SIEM)

  • Introduction to SIEM
  • Where and how to implement SIEM
  • Overview of SIEM tools
  • Pivoting across multiple data sources and types

For Course-Related Questions

Please contact the course administrator: Renita Folds

Instructors