Windows DFIR Foundations

(5-DAY INSTRUCTOR LED COURSE)

COURSE SUMMARY

Using leading industry tools such as Cyber Triage, X-Ways and USB Detective alongside Python and Powershell scripting, this 5-day course combines theory and practical exercises to build your capability in Digital Forensics and Incident Response.

TARGET AUDIENCE

Those wishing to develop skills in DF and IR.

Existing DF or IR team members seeking to cross-skill.

Those seeking technical skills and knowledge to build a capable DFIR team

Day 1

Introduction to incident response: profiling, user and entity analytics, baselining and the incident-handling life cycle. Case studies on IR definition.

Day 2

Introduction to forensic science and digital forensics. Evidence and forensic data acquisition. Digital forensic principles, artefacts and attribution. Introduction to data structures and file systems.

Day 3

Introduction to network and memory forensics. Case study on forensic data acquisition and basic examination. End point – Windows OS forensics and IR internals.

Day 4

Incident response planning, organisation, and preparing the Computer Security Incident Response Team. Detection strategies and systems. Response strategies. Recovery, maintenance and investigations. Disaster recovery planning, implementation and contingencies. Business continuity and crisis management.

Day 5

Cyber Triage. Case studies. Reporting and presentation.

An online assessment will be available to all students that must be completed within 6 weeks after the class.