Cyber Security First Responder | Getting it right can change everything
Find out how to best respond right at the start of an incident . Contain the damage and ensure the incident response investigation can be performed with minimum delay.
How well you respond at the start, in the early stages of an incident, can be the single most important determinant in how well you can contain the damage.
ALC’s ground-breaking course CyberSec First ResponderTM is designed to achieve just that.
It is designed to equip your IT staff members with the capability and knowledge to be able to respond to an incident in an effective and timely manner, therteby significantly reducing the incident’s negative impact and ensuring that an incident response investigation can be performed with minimum delay.
The two-day training is a technical and hands on workshop that will introduce participants to various open source and free tools that can be used to capture and analyse artifacts that are critical during an incident investigation.
Classes are available both Face-to-Face and also Live Virtual.
Melbourne 9-10 May 2023
Sydney 20-21 July 2023
Live Virtual 16-17 May 2023
Live Virtual 17-18 July 2023
Learning outcomes
This course is designed to:
- Ensure that staff members who are on the front lines of responding to incidents as they occur are well equipped to perform this critical role
- Provide front line staff members the knowledge on how to satisfactorily collect forensic evidence'
Who should attend
This course is intended for:
- Technical staff members who are tasked to first respond to cyber security incidents. Typical roles include:
- Systems Engineer
- Systems Administrator
- Systems Analyst
- Network Engineer
- Network Administrator
- Network Analyst
- Helpdesk Level 1 & 2
- Security Analyst
- Threat Analyst
- Infrastructure Manager
- IT Manager
- Anyone involved in Governance or Risk and who needs to gain a better understanding of how an attacker thinks
Course contents
Phase 1: Introduction to Incident Response
- Common pitfalls
- Common pain points that organisation make with regards to incidents
- Prevalent threats/attacks
- Who are the threat actors
- What are the most common attack that are currently used
- What is an incident and how to prepare for it
- Incident life cycle
- Regulatory bodies and Law
- Evidence handling best practices
- Chain of custody discussion
- Forensics go kit
- War stories and scenarios
- Sharing of war stories and their root cause
- What could have been done better to prevent the incident
Phase 2: How Hackers Do It
- Introduction to malwares
- Type of malwares
- Common protection against malwares
- Common attack techniques and lifecycle
- Common attacker behaviour
- Typical attack lifecycle
Phase 3: Data Collection (demo / hands on)
- Disk image gathering
- Introduction to tools used for disk image creation
- Demo and hands on workshop on creating disk images
- Memory image gathering
- Introduction to tools used for memory dump collection
- Demo and hands on workshop on memory dump collection
Phase 4: Introduction to Forensic Analysis
- Autopsy 101
- Introduction to forensic analysis tools
- Demo and hands on workshop on using the tool called Autopsy
- Basics of memory forensics
- Introduction to memory forensics analysis tools
- Demo and hands on workshop on using memory analysis tools
Phase 5: Cloud IR
- Triaging incidents in the cloud
- Conducting M365 incident response
Phase 6: Google-Fu (optional, if time permits)
- Using Open Source Intelligence (OSINT) in incident investigation
- How can public data be used during an incident investigation
Exam Information
The certificate exam comprises:
- Multiple choice examination questions
- 40 questions
- 26 marks required to pass (out of 40 available) – 65%
- 60 minutes duration
- Closed book.
The exam will be held at the end of the course. For Face-to-Face classes it will be a paper-based exam and for Live Virtual classes it will be an online exam.
REGISTER NOW
iscover
