Course Description

The Incident Response course is designed to equip participants with the skills and knowledge necessary to effectively respond to and manage cybersecurity incidents within an enterprise environment. The course covers a comprehensive incident response framework, focusing on preparation and detection phases. Through a combination of theoretical knowledge and hands-on lab exercises, participants will learn how to identify and analyze security threats, ensuring the resilience and security of their organization's digital infrastructure even if the enterprise is not equipped with the proper new tools and technologies to do that work.

Pricing Options

Kindly choose the enrollment pricing option that suits you best. If you're enrolling as a group or need a custom plan, please contact us. We're here to help!

  • Incident Response 101

    Course Material + 40 hours of virtual lab access

    $100.00

    Buy Now

Course Curriculum

  • 01

    Required Files

    • Required Files
  • 02

    Introduction

    • Introduction

    • Challenges in Large Scale IR

    • Course Lab - Diagram

    • Course Lab - Scenario
  • 03

    Preparation Phase

    • Preparation Phase

    • PowerShell Remoting

    • Lab #1

    • Lab #1 - Solutions

    • Kansa “Remote Windows investigation”

    • Lab #2

    • Lab #2 - Solutions

    • Ansible “Remote Linux investigation”

    • Lab #3

    • Lab #3 - Solutions
  • 04

    Detection Phase

    • Detection Phase

    • Anomaly Detection “Windows”

    • System Information

    • Network Information

    • Process Information

    • Active Sessions

    • Tracking Logging Events

    • Lab #4

    • Lab #4 - Solutions

    • Anomaly Detection “Linux”

    • Time Zone

    • Network Information

    • Process Information

    • Login Information

    • Command History

    • Lab #5

    • Lab #5 - Solutions
  • 05

    Acquisition Phase

    • Remote Acquisition “Windows” - Kape

    • Remote Acquisition “Windows” - CyLR

    • Memory Dump

    • Mount Memory Images

    • Lab #6

    • Lab #6 - Solutions

    • Remote Acquisition “Linux”

    • RAM Dump

    • Sysmon “Establish More Visability”

    • Traffic Analysis

    • Lab #7

    • Lab #7 - Solutions

    • Documentation Phase

Learning Outcomes

After completing this course, you will learn the following:

  • Understand Incident Response Frameworks

  • Prepare for Incidents

  • Detect and Analyze Threats

  • Perform Forensic Investigations

  • Document and Report Incidents

  • Utilize Incident Response Tools

  • Address Challenges in Large-Scale Incident Response

Technical Requirements

For the hands-on labs in this course

  • Internet Connection

  • Workstation with at least 16GB RAM and 100GB Disk Space

  • Operating System (Windows or Linux)

  • VirtualBox or VMWare (hypervisor)

What is next at Cyber 5W?

Add your email to the mailing list to get the latest updates