Support

Elevate Your Expertise: Learn More, Save More, and Achieve More with Our Exclusive Training Deals!

Course Summary

Threat hunting and incident response strategies have advanced significantly in recent years. Outdated techniques that fail to accurately identify compromised systems, contain breaches, or effectively address incidents, such as spreading ransomware, are no longer sufficient. Modern threat hunting and incident response teams play a crucial role in recognizing malware indicators and identifying patterns of malicious activity, allowing for the generation of actionable threat intelligence to detect and prevent future intrusions. This comprehensive course equips incident response teams and threat hunters with the advanced skills needed to track, identify, counter, and recover from a wide array of threats, including nation-state actors, organized cybercrime groups, and ransomware attacks.

Understand attacker tactics to perform thorough compromise assessments
Detect the timing and method of breaches
Rapidly identify compromised and infected systems
Conduct damage assessments to determine stolen, altered, or accessed data
Contain and remediate a variety of incidents
Track adversaries and generate threat intelligence for network scoping
Hunt for additional breaches by leveraging adversary techniques
Enhance forensic skills to overcome anti-forensics and data hiding methods used by attackers

Analyzing Volatile Malicious Event Artifacts
Learners will gain expertise in identifying abnormal activity within the Windows memory structure, including malicious processes, suspicious drivers, and malware techniques such as code injection and rootkits, enabling them to detect and mitigate advanced threats.

Analyzing Volatile Windows Event Artifacts
Learners will develop the ability to identify normal system activity within Windows memory, focusing on artifacts such as network connections, command-line processes, handles, threads, and memory-resident artifacts. This knowledge will help in distinguishing legitimate system behavior from potential malicious activity.

Enterprise Environment Incident Response
Learners will explore the essential steps of incident response, including understanding attack progression and adversary tactics. They will gain the skills necessary to assess and analyze compromised systems rapidly in enterprise environments, utilizing tools and techniques to scale investigations for large, complex environments.

File System Timeline Artifact Analysis
Learners will dive into the intricacies of the Windows filesystem, gaining an understanding of how system and user activities create and modify time-based artifacts. They will be equipped to analyze these timestamps to piece together the timeline of an attack.

Identification of Malicious System and User Activity
Learners will develop the skills to detect indicators of compromise (IOCs) on compromised systems, including malware and attack tools. They will also gain proficiency in attributing malicious activity to specific events or user accounts and addressing anti-forensic measures employed by attackers.

Identification of Normal System and User Activity
Learners will gain the ability to distinguish between normal and abnormal system behaviors using memory and disk-resident artifacts, helping them identify and respond to incidents more effectively.

Introduction to File System Timeline Forensics
Learners will understand the critical methods for gathering and processing timeline data from a Windows system, allowing them to reconstruct the sequence of events surrounding a breach and gain insights into the attacker’s methods.

Introduction to Memory Forensics
Learners will acquire the skills to collect volatile data, such as system memory, during an investigation. They will also learn to document and maintain the integrity of this data to preserve its use in legal or investigative processes.

NTFS Artifact Analysis
Learners will gain in-depth knowledge of the NTFS file system structure, focusing on techniques for identifying, recovering, and analyzing evidence from multiple layers of the file system, including data storage, metadata, and filename layers.

Windows Artifact Analysis
Learners will be trained to recognize and analyze key Windows artifacts, such as backup and restore data, application execution evidence, and other system records, to understand the actions taken by attackers and build a complete picture of the incident.

There are no formal prerequisites for this course.

proctored exam 82 questions 3 hours Minimum passing score of 71%

Following your booking, a confirmation message will be sent to all participants, ensuring you're well-informed of your successful enrollment. Calendar placeholders will also be dispatched to assist you in scheduling your commitments around the course. Rest assured, all course materials and access to necessary labs or platforms will be provided no later than one week before the course begins, allowing you ample time to prepare and engage fully with the learning experience ahead.

Our comprehensive training package includes all the necessary materials and resources to facilitate a full learning experience. Enrollees will be provided with detailed course content, encompassing a wide array of topics to ensure a thorough understanding of the subject matter. Additionally, participants will receive a certificate of completion to recognize their dedication and hard work. It's important to note that while the course fee covers all training materials and experiences, the examination fee for certification is not included but can be purchased separately.
Send as a Prefilled Cart
Request Custom Delivery

Questions About This Course?







    Other Popular Courses

    CompTIA: SecurityX
    • Duration: 5 Days
    • Language: English
    • Level: Advanced
    • Exam: CAS-005
    Course Details This product has multiple variants. The options may be chosen on the product page
    Dates & Details
    Executive Cyber Risk Certification (ECRC)
    • Duration: 2 Days
    • Language: English
    • Level: Advanced
    • Exam: ECRC
    Course Details This product has multiple variants. The options may be chosen on the product page
    Dates & Details
    Mastering Communication & Presentation Te...
    • Duration: 5 Days
    • Language: Danish
    • Level: Intermediate
    • Exam: MCPT
    Course Details This product has multiple variants. The options may be chosen on the product page
    Dates & Details