• Classroom
  • Online, Instructor-Led
Course Description

Training on incident detection, response and handling basics for tracking malware and malicious activity throughout a network.

Learning Objectives

Describe the differences between the SANS and NIST IR frameworks|Recognize and identify a Phishing incident|Perform disk analysis and preserve evidence|Create a timeline of events for analysis|Protect traffic from protocol analysis|Determine status of affected resources|Build an incident response playbook|Compare endpoint detection with forensic imaging|Determine the incident root cause|Reimage workstations with proper precautions|Perform RTO within MTD|Reconstitute crucial functions|Perform password auditing|Demonstrate Windows share abuse|Establish primary and secondary incident logs|Analyze common injection attacks|Identify malicious C2 traffic|Detect log tampering|Demonstrate network scanning fundamentals|Facilitate a lessons-learned team discussion|Map contributing factors to attacker tradecraft|Clearly document findings

Framework Connections

The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):