Course Length: 16 Hours
Tuition: $575 per person
Includes: Twelve months of complimentary access to the Antisyphon Cyber Range, certificate of participation, six months access to class recordings.
This page is for the Live version of this course. See below for any trainings currently scheduled. If there are no training sessions scheduled at this time, there may be an On-Demand version available.
If you are interested in arranging a private training for your organization, contact us to set up a call!
Course Description
The Enterprise Forensics and Response course is designed to provide students with both an investigative construct and techniques that allow them to scale incident response activities in an enterprise environment. The focus of the lecture portion of the course work is understanding the incident investigation process, objective oriented analysis and response, intrusion analysis and an exploration of attacker Tactics and Techniques.
The technical portion of the course will focus on how to conduct incident investigations at enterprise scale using the remote evidence acquisition and analysis tool Velociraptor along with other free and open-source tools. The focus of the technical portion will be on extracting usable Indicators of Compromise (IOCs) related to specific MITRE ATT&CK tactics. For example, students will be instructed on extracting and analyzing evidence related to the Execution TA0002 of malicious code or LOLBAS. From here, they will be tasked with addressing containment and eradication measures.
This course will combine technical elements along with lecture that provides students with both an investigative construct and techniques that allows them to analyze evidence and provide stakeholders with data necessary to limit the damage of modern cyber-attacks.
Trainer & Author
Gerard Johansen is a cyber security professional with over a decade of experience in Incident Response, Digital Forensics, Security Operations and Cyber Threat Intelligence. During his tenure in the cyber security field, Gerard has served as both a digital forensics and instruction analysis professional as well as an Incident Commander, managing large scale network intrusions and ransomware cases. Currently Gerard works within a Managed Detection and Response vendor where he works directly with customers providing consultation and guidance around forensics, log management and incident resolution. A frequent speaker, Gerard has presented at various conferences including Wild West Hackin’ Fest. He is also completing a fourth edition of his book; Digital Forensics and Incident Response.
If no live trainings appear below, please visit our Live Training Calendar for other classes that may interest you.
Enterprise Forensics and Response w/ Gerard Johansen
OnlineThe Enterprise Forensics and Response course is designed to provide students with both an investigative construct and techniques that allow them to scale incident response activities in an enterprise environment. The focus of the lecture portion of the course work is understanding the incident investigation process, objective oriented analysis and response, intrusion analysis and an exploration of attacker Tactics and Techniques.