Course Length: 16 Hours
Tuition: $575 per person
Includes: Twelve months of complimentary access to the Antisyphon Cyber Range, certificate of participation, six months access to class recordings.


This page is for the Live version of this course. See below for any trainings currently scheduled. If there are no training sessions scheduled at this time, there may be an On-Demand version available.
If you are interested in arranging a private training for your organization, contact us to set up a call!
Course Description
The Enterprise Forensics and Response course is designed to provide students with both an investigative construct and techniques that allow them to scale incident response activities in an enterprise environment. The focus of the lecture portion of the course work is understanding the incident investigation process, objective oriented analysis and response, intrusion analysis and an exploration of attacker Tactics and Techniques.
The technical portion of the course will focus on how to conduct incident investigations at enterprise scale using the remote evidence acquisition and analysis tool Velociraptor along with other free and open-source tools. The focus of the technical portion will be on extracting usable Indicators of Compromise (IOCs) related to specific MITRE ATT&CK tactics. For example, students will be instructed on extracting and analyzing evidence related to the Execution TA0002 of malicious code or LOLBAS. From here, they will be tasked with addressing containment and eradication measures.
This course will combine technical elements along with lecture that provides students with both an investigative construct and techniques that allows them to analyze evidence and provide stakeholders with data necessary to limit the damage of modern cyber-attacks.
Trainer & Author

Gerard Johansen is an information security professional with over a decade of experience in Incident Response, Digital Forensics and Threat Intelligence. During his various roles over the last decade, he has been an author and trainer, developing interactive cyber range exercises for security professionals. Additionally, Gerard has been involved in assisting organizations with cyber security incidents both as a consultant and IR lead. Gerard is currently a Principal Incident Handler with a Managed Detection and Response provider where he is currently working on the development of readiness solutions to prepare organizations for modern threats.
Gerard has also a frequent contributor to professional conferences and the overall information security community. He has spoken at various conferences held by BSides, SANS and other community-based groups. Further, he has recently completed the third edition of Digital Forensics and Incident Response, published by Packt.
If no live trainings appear below, please visit our Live Training Calendar for other classes that may interest you.