Course Overview

This course provides a holistic view of how Incident Response is implemented in the real world, including Incident Response preparation, acquiring and analyzing digital forensic images and analyzing host and network data. Malware analysis, Threat intelligence and report creation are also included.

  • 100% online course - Study anywhere, anytime

  • University of Central Lancashire Accredited Training Course

  • 20 Credits MSc Cybersecurity

  • 1-2 months to complete

  • 24-hr remote access to a virtual lab allows you to learn, train and practice your skills in your own time.

  • Level: Intermediate

  • Trainer Online Support

  • Exam Code: CDFE, Hours 3.0 - Type: Hands-On,

ICSI | CDFE Certified Digital Forensics Examiner

Course curriculum

  • 1

    Course: Digital Forensics, Incident Response and Threat Hunting

  • 2

    Exam Information

    • Exam Information

  • 3

    Module 1: Incident Response

    • What is Incident Response

    • The Incident Response Process Model

    • The Role of Digital Forensics

    • Why Incident Response is needed

    • The Incident Response Framework

    • The CSIRT Response Charter

    • The Incident Response Team

    • The Incident Response Plan

    • Incident Classification

    • The Incident Response Playbook

    • Escalation Procedures

    • Incident Response Capability Maintenance

    • Quiz

  • 4

    Module 2: Forensic Fundamentals

    • Forensic Fundamentals

    • UK Laws and Regulations

    • Legal Aspects of Digital Forensics

    • Digital Forensic Process

    • Digital Forensic Fundamentals

    • Quiz

  • 5

    Module 3: Collection of Network Evidence

    • Collection of Network Evidence

    • Preparation

    • Evidence from Network Devices

    • Collection of Evidence

    • Quiz

  • 6

    Module 4: Capturing Evidence from Host Systems

    • Capturing Evidence from Host Systems

    • Methods for Acquiring Evidence

    • Procedures for Collecting Evidence

    • Acquiring Memory

    • Guided Exercise: Acquiring Memory with FTK Imager

    • Guided Exercise: Acquiring Memory with WinPmem

    • Acquiring Memory Remotely

    • Virtual Machines Captures

    • Non-Volatile Data

    • Guided Exercise: Capturing Registry and Logs using FTK Imager

    • Quiz

  • 7

    Module 5: Forensic Imaging

    • Forensic Imaging

    • Forensic Imaging Overview

    • Evidence Drive Preparation

    • Guided Exercise: Drive Wiping with Eraser

    • Guided Exercise: Encrypting a Drive’s Repository Partition with VeraCrypt

    • Dead Imaging

    • Guided Exercise: Create a Forensic Image with a GUI Tool

    • Guided Exercise: Create a Forensic Image with a CLI Tool

    • Live Imaging

    • Guided Exercise: Creating a Live Image using FTK Imager Lite

    • Lab: Forensic Imaging

    • Lab: Forensic Imaging (Solution)

  • 8

    Module 6: Analysing Network Evidence

    • Analysing Network Evidence

    • Wireshark

    • Guided Exercise: Network Traffic Identification: PING

    • Guided Exercise: Network Traffic Identification: PING (Solution)

    • Guided Exercise: Network Traffic Identification: DNS Query

    • Guided Exercise: Network Traffic Identification: DNS Query (Solution)

    • Guided Exercise: Network traffic Identification: TCP Three-Way Handshake

    • Guided Exercise: Network traffic Identification: TCP Three-Way Handshake (Solution)

    • Guided Exercise: Traffic Analysis: Host Footprinting / File Extractions

    • Guided Exercise: Traffic Analysis: Host Footprinting / File Extractions (Solution)

    • Lab: Analysing Network Evidence

    • Lab: Analysing Network Evidence (Solution)

  • 9

    Module 7: Analysis of System Memory

  • 10

    Module 8: Analysis of System Storage

    • Analysis of System Storage

    • Types of System Storage

    • File Systems

    • Commercial Tools

    • Must Have Tools for Incident Responders

    • File Carving

    • Guided Exercise: File Carving

    • Email Analysis

    • Guided Exercise: Email Header Analysis

      FREE PREVIEW
    • Guided Exercise: Email Header Analysis (Solution)

    • Registry Analysis

    • Guided Exercise: Reading Offline Files with Regedit

    • Guided Exercise: Reading Offline Files with Regedit (Solution)

    • Guided Exercise: Reading Offline Registry Files with Windows Registry Recovery

    • Guided Exercise: Reading Offline Files with RegRipper

    • Guided Exercise: Reading Offline Files with RegRipper (Solution)

    • Hashing

    • Guided Exercise: Hashing Folders and Their Contents for Comparison

    • Guided Exercise: Hashing Folders and Their Contents for Comparison (Solution)

    • Guided Exercise: Hashing Individual Files for Comparison

    • Guided Exercise: Hashing Individual Files for Comparison (Solution)

    • Guided Exercise: Hashing Evidence Files for Validation

    • Guided Exercise: Hashing Evidence Files for Validation (Solution)

    • Web browser Analysis

    • Guided Exercise: Analysing Chrome Internet Cache and History

    • Guided Exercise: Analysing Chrome Internet Cache and History (Solution)

    • File Analysis

    • Guided Exercise: File Analysis - Microsoft Office Files

    • Guided Exercise: File Analysis - Microsoft Office Files (Solution)

    • Guided Exercise: File Analysis - EXIF Data from Graphic Files

    • Guided Exercise: File Analysis - EXIF Data from Graphic Files (Solution)

    • Timestamps and Timeline Analysis

    • Guided Exercise: Combining Timestamps for a Timeline

    • Guided Exercise: Combining Timestamps for a Timeline (Solution)

    • Guided Exercise: Examining Event Logs

    • Shortcut Files and Jumplist Analysis

    • Guided Exercise: Shortcut File Analysis

    • Guided Exercise: Shortcut File Analysis (Solution)

    • Guided Exercise: Jump List Analysis

    • Prefetch File Analysis

    • Guided Exercise: Prefetch File Analysis

    • Guided Exercise: Prefetch File Analysis (Solution)

    • Thumbnail Caches Analysis

    • Guided Exercise: Analysing Thumbs.db from Windows XP

    • Guided Exercise: Analysing Cache Images within Microsoft Files

    • GREP Searches

    • Guided Exercise: GREP Searching Through Log Files

    • File Recovery

    • Guided Exercise: Mounting a Forensic Image with FTK Imager and Recovering Files

    • Guided Exercise: Recovering Files from Forensic Images with Autopsy

    • Recovering Passwords

    • Guided Exercise: Recovering Passwords

  • 11

    Module 9: Creating Forensic Reports

    • Creating Forensic Reports

    • What should be documented

    • Documentation Types

    • Sources to Include

    • Audience

    • Tracking Incidents

    • Written Reports

    • Quiz

  • 12

    Module 10: Malware Analysis

    • Malware Analysis

    • Malware Types and Definition

    • Malware Analysis Methodology

    • Guided Exercise: Using Pestudio to Analyse Malware

    • Guided Exercise: Analyse Malware with Process Explorer

    • Lab: Malware Analysis

    • Lab: Malware Analysis (Solution)

  • 13

    Module 11: Threat Intelligence

    • Threat Intelligence

    • Threat Intelligence Actor Groups

    • Advanced Persistent Threat

    • Types of Threat Intelligence

    • Threat Intelligence Life Cycle

    • Sourcing Threat Intelligence

    • Threat Intelligence Platforms

    • Threat Intelligence Use Types

    • Guided Exercise: Hashing Evidence - Known Bad Hashes

    • Quiz

  • 14

    Module 12: Course Review

    • Exercise - Wireshark

    • Exercise - Wireshark (Solution)

    • Exercise - Memory

    • Exercise - Memory (Solution)

    • Exercise - File Carving

    • Exercise - File Carving (Solution)

    • Exercise - Email Headers

    • Exercise - Email Headers (Solution)

    • Exercise - Registry

    • Exercise - Registry (Solution)

    • Exercise - Hash Functions

    • Exercise - Hash Functions (Solution)

    • Exercise - Web Browsers

    • Exercise - Web Browsers (Solution)

    • Exercise - File Analysis - Metadata

    • Exercise - File Analysis - Metadata (Solution)

    • Exercise - Event Logs

    • Exercise - Event Logs (Solution)

    • Exercise - Shortcuts

    • Exercise - Shortcuts (Solution)

    • Exercise - Jump Lists

    • Exercise - Jump Lists (Solution)

    • Exercise - Prefetch Files

    • Exercise - Prefetch Files (Solution)

    • Exercise - Thumb Caches

    • Exercise - Thumb Caches (Solution)

    • Exercise - GREP Searches

    • Exercise - GREP Searches (Solution)

    • Exercise - File Recovery

    • Exercise - File Recovery (Solution)

    • Exercise - Password Recovery

    • Exercise - Password Recovery (Solution)

  • 15

    Module 13: Appendices

    • Appendix 1 - Sample Chain of Custody Form

    • Appendix 2- Host Evidence Collection Checklist

Watch Intro Video

Video

File Recovery

What is included in this course

  • High-quality videos with in-depth content

  • Modular structure – student-directed path

  • Knowledge Checks at end of each module and the course

  • eBook

  • Lab Guide including video Guided Exercises and answer files

  • 6 months 24x7 remote access to a virtual lab

  • Instructor email support

  • 1 exam voucher - Online Exam Proctoring

  • Digital Certificate of Completion

  • Pass your Exam and share you Accredible Badge on LinkedIn