Digital Forensics and Incident Response

Learn how to build a strong defense fabric using the latest digital forensics and incident response techniques.

(DIG-FORNSC-IR.AJ1) / ISBN : 978-1-64459-471-1
Lessons
Lab
TestPrep
AI Tutor (Add-on)
Get A Free Trial

About This Course

In this course, you’ll acquire specialized skills to identify and reconstruct a cybersecurity incident by collecting and analyzing digital evidence to persecute the threat actor. The digital forensics incident response solutions like threat hunting will help you capture the root cause of an attack and remove all traces of it from your network. Once enrolled, you’ll gain access to risk-free simulation labs to practice your theoretical knowledge and gain practical experience to add to your resume! So what are you waiting for? Everything you need is available in this hot-selling training courseware.

Skills You’ll Get

  • Engage and manage IR teams, utilizing Security Orchestration, Automation, and Response (SOAR). 
  • Apply various incident investigation analyses to understand the cyber kill chain and the diamond model of intrusion analysis.
  • Collect and analyze network evidence from firewalls, proxy logs, NetFlow, and packet captures using tools like Wireshark. 
  • Take actions to respond to ransomware incidents and investigate cyberattacks. 
  • Set up and use malware sandboxes for static and dynamic analysis using tools like ClamAV and YARA.
  • Source and leverage threat intelligence using the MITRE ATT&CK framework.
  • Work with Indicators of Compromise (IOCs) and Indicators of Attack (IOAs).
  • Create hypotheses, plan and execute threat hunts, and apply digital forensic techniques and EDR tools for threat hunting.
  • Manage and analyze log files using SIEMs and other tools, with a focus on Windows Event Logs.

1

Preface

  • Who this course is for
  • What this course covers
  • To get the most out of this course
2

Understanding Incident Response

  • The IR process
  • The IR framework
  • The IR plan
  • The IR playbook/handbook
  • Testing the IR framework
  • Summary
  • Further reading
3

Managing Cyber Incidents

  • Engaging the incident response team
  • SOAR
  • Incorporating crisis communications
  • Incorporating containment strategies
  • Getting back to normal – eradication, recovery, and post-incident activity
  • Summary
  • Further reading
4

Fundamentals of Digital Forensics

  • An overview of forensic science
  • Locard’s exchange principle
  • Legal issues in digital forensics
  • Forensic procedures in incident response
  • Summary
  • Further reading
5

Investigation Methodology

  • An intrusion analysis case study: The Cuckoo’s Egg
  • Types of incident investigation analysis
  • Functional digital forensic investigation methodology
  • The cyber kill chain
  • The diamond model of intrusion analysis
  • Summary
6

Collecting Network Evidence

  • An overview of network evidence
  • Firewalls and proxy logs
  • NetFlow
  • Packet capture
  • Wireshark
  • Evidence collection
  • Summary
  • Further reading
7

Acquiring Host-Based Evidence

  • Preparation
  • Order of volatility
  • Evidence acquisition
  • Acquiring volatile memory
  • Acquiring non-volatile evidence
  • Summary
  • Further reading
8

Remote Evidence Collection

  • Enterprise incident response challenges
  • Endpoint detection and response
  • Velociraptor overview and deployment
  • Velociraptor scenarios
  • Summary
9

Forensic Imaging

  • Understanding forensic imaging
  • Tools for imaging
  • Preparing a staging drive
  • Using write blockers
  • Imaging techniques
  • Summary
  • Further reading
10

Analyzing Network Evidence

  • Network evidence overview
  • Analyzing firewall and proxy logs
  • Analyzing NetFlow
  • Analyzing packet captures
  • Summary
  • Further reading
11

Analyzing System Memory

  • Memory analysis overview
  • Memory analysis methodology
  • Memory analysis tools
  • Memory analysis with Strings
  • Summary
  • Further reading
12

Analyzing System Storage

  • Forensic platforms
  • Autopsy
  • Master File Table analysis
  • Prefetch analysis
  • Registry analysis
  • Summary
  • Further reading
13

Analyzing Log Files

  • Logs and log management
  • Working with SIEMs
  • Windows Logs
  • Analyzing Windows Event Logs
  • Summary
  • Further reading
14

Writing the Incident Report

  • Documentation overview
  • Executive summary
  • Incident investigation report
  • Forensic report
  • Preparing the incident and forensic report
  • Summary
  • Further reading
15

Ransomware Preparation and Response

  • History of ransomware
  • Conti ransomware case study
  • Proper ransomware preparation
  • Eradication and recovery
  • Summary
  • Further reading
16

Ransomware Investigations

  • Ransomware initial access and execution
  • Discovering credential access and theft
  • Investigating post-exploitation frameworks
  • Command and Control
  • Investigating lateral movement techniques
  • Summary
  • Further reading
17

Malware Analysis for Incident Response

  • Malware analysis overview
  • Setting up a malware sandbox
  • Static analysis
  • Dynamic analysis
  • ClamAV
  • YARA
  • Summary
  • Further reading
18

Leveraging Threat Intelligence

  • Threat intelligence overview
  • Sourcing threat intelligence
  • The MITRE ATT&CK framework
  • Working with IOCs and IOAs
  • Threat intelligence and incident response
  • Summary
  • Further reading
19

Threat Hunting

  • Threat hunting overview
  • Crafting a hypothesis
  • Planning a hunt
  • Digital forensic techniques for threat hunting
  • EDR for threat hunting
  • Summary
  • Further reading
A

Appendix

1

Fundamentals of Digital Forensics

  • Completing the Chain of Custody
2

Investigation Methodology

  • Performing Reconnaissance on a Network
3

Collecting Network Evidence

  • Installing a DHCP Server
  • Performing a Proxy Server Operation
  • Creating a Firewall Rule
  • Capturing Packet Using RawCap
  • Using tcpdump to Capture Packets
4

Acquiring Host-Based Evidence

  • Using WinPmem for Memory Acquisition
  • Using FTK Imager
  • Using FTK Imager for Obtaining Protected Files
5

Remote Evidence Collection

  • Using the Velociraptor Server
6

Forensic Imaging

  • Preparing a Staging Drive
  • Using EnCase Imager
7

Analyzing Network Evidence

  • Working with NetworkMiner
  • Capturing a Packet Using Wireshark
8

Analyzing System Memory

  • Analyzing Malicious Activity in Memory Using Volatility
  • Working with Strings in Linux
9

Analyzing System Storage

  • Analyzing Forensic Case with Autopsy
  • Viewing the Windows File Registry
10

Analyzing Log Files

  • Creating an Event Log View
  • Examining Windows Event Logs Using DeepBlueCLI
11

Ransomware Preparation and Response

  • Understanding LPE
12

Ransomware Investigations

  • Using Social Engineering Techniques to Plan an Attack
  • Passing the Hash Using Mimikatz
13

Malware Analysis for Incident Response

  • Analyzing Malware Using VirusTotal
  • Using Process Explorer
  • Handling Potential Malware Using ClamAV
14

Leveraging Threat Intelligence

  • Examining MITRE ATT&CK
  • Using Maltego to Gather Information

Any questions?
Check out the FAQs

Still have unanswered questions and need to get in touch?

Contact Us Now

Digital forensic and incident response (DFIR) is a specialized field of cybersecurity that collects and analyzes digital evidence to mitigate a threat incident in a timely approach. 

No, there are no formal requirements to take this course. However, a basic understanding of cybersecurity, threats, and incident response will help you get started smoothly

You will learn to use the following tools:

Incident Response Tools:

  • SOAR (Security Orchestration, Automation, and Response)
  • Network Evidence Collection and Analysis:
  • Firewalls
  • Proxy logs
  • NetFlow
  • Packet capture
  • Wireshark
  • RawCap
  • tcpdump
  • NetworkMiner

Host-Based Evidence Collection and Analysis:

  • WinPmem for memory acquisition
  • FTK Imager
  • Velociraptor
  • EnCase Imager
  • Volatility (for memory analysis)
  • Strings (Linux tool)

Digital Forensics Platforms and Tools:

  • Forensic platforms
  • Autopsy
  • Master File Table analysis tools
  • Prefetch analysis tools
  • Registry analysis tools

Log Analysis:

  • SIEMs (Security Information and Event Management systems)
  • Windows Event Logs
  • DeepBlueCLI

Malware Analysis:

  • Malware sandbox
  • ClamAV
  • YARA
  • VirusTotal
  • Process Explorer

Threat Intelligence and Threat Hunting:

  • MITRE ATT&CK framework
  • Maltego

The salary of a Digital Forensics and Incident Response Specialist can vary depending on factors such as experience, location, and specific job roles. As of 2024, the average salary for a Digital Forensics Investigator in the United States is around $74,000 to $110,000 per year​.

Related Courses

All Course
scroll to top