Digital Forensics & Incident Response

Description

Prerequisites:
-Hands-on experience with Linux and Windows systems
-A solid understanding of networking infrastructure

Module-1:
Introduction To DFIR
-Introduction to DFIR
-DF vs IR vs TH
-Incident Response planning
-Targeted artifacts
-DFIR use-cases
-DFIR Toolset
-SANS & NIST

Module-2:
Incident Response – Preparation
-Defining assets and values
-CIA
-Risk management
-Roles & Responsibilities
-4 & 6 stages of IR
-Creating IR plan
-DRP & BCP
-GRC
-ATT&CK
-Compliances- ISO, GDPR, HIPPA, PCI-DSS

Module-3:
Incident Response – Response
-SOC Operation & Lifecycle
-Identification & Scoping
-Containment
-Intelligence gathering
-Eradication
-Chain of custody

Module-4:
Data Acquisition
-Dead System Analysis
-Live System Analysis
-Drive Cloning
-Image Mounting
-Memory Dumping
-Evidence Documentation

Module-5:
Live Forensics
-Artifacts on a Windows computer
-Browser History
-USB History
-DNS Cache
-Prefetch
-MRU
-Nirsoft

Module-6:
Windows Forensics
-Windows DF Specifics
-NTFS
-ADS & MFT
-File Carving
-Registry Forensics
-Forensics using Powershell

Module-7:
Memory Analysis
-Memory structure
-Memory analysis tools
-Volatility Breakdown & Usage
-Process exploration
-DLL inspection
-Acquiring memory artifacts

Module-8:
Linux Forensics
-Linux Filesystems
-Network Configuration
-Login Information
-Bash History
-Identifying Persistence
-Logfile Analysis

Module-9:
File Upload
-Windows EventLog
-Timeline analysis
-DF Timeline
-Log2timeline

Module-10:
Threat Hunting – Consider Moving After Malware
-Threat Hunting
-Threat Intelligence
-Collecting IoC’s
-Malware Characteristics
-from DF to TH
-Common Hiding Mechanisms

Module-11:
Network Forensics
-Traffic interception & Network Evidence
-Reverse Proxy
-Wireshark
-DF using Wireshark
-Common Protocol Analysis
-Zeek NSM

Module-12:
DFIR Simulation
-DF Lab & Recap

Datasheets

Video

Categories