DFIR Tier 1 Foundation
Cyberattacks have become a common aspect of our interconnected world. In the past, a response to such incidents would be to simply kick the attacker off and rebuild any compromised computers. But with the proliferation of skilled people employing ever more complex attack vectors, there is a call to perform a deeper forensic analysis to determine the exact attack methodologies, to better harden target systems from future attempts.
This 3-day course is aimed to bridge the gap between traditional Security Operations Centre incident response and Digital Forensics. You will learn where the two disciplines overlap, and how they can work together to create a capability that is greater than the sum of its parts.
T1 DFIR Foundations gives practitioners a grounding in both incident response and digital forensics, so they may better understand how these disciplines can work together to solve complex problems in the cybersecurity arena. This course features both theory as well as practical case studies where students will be able to use their new skills to examine data for evidence of attack using realistic data sets and tools.
If you are an existing Tier 1 SOC team member looking to upskill, a digital forensic analyst wanting to cross-skill, or an IT professional seeking an entry into DFIR, this is a great opportunity to increase your skills and capability.
Detailed course outline:
Day One
- Introduction to DF & IR
- DF vs IR – how and where they overlap
- Digital Evidence
- Data collection
- Forensic Data collection at rest
- Forensic Data collection at transit
- Practical exercises
Day Two (Theory)
- File systems forensic artefacts
- TCP / IP (v4)
- Windows OS forensic artefacts
- Application generated forensic artefacts
- Encryption and obfuscation
Day Three (Case Studies)
- Common indicators of possible attack or compromise
- Defining a scope for data collection
- Processing and examining of the evidence
- Practical Application of Scientific methodologies (Testing and experimentation)
