(Click Category to List Courses)
42 - IT-S Information Technology - Security and Audit
IT-S 129 - Digital Forensic and Incident Response (DFIR)
Code | Start Date | Duration | Venue | |
---|---|---|---|---|
IT-S 129 | 14 October 2024 | 5 Days | Istanbul | Registration Form Link |
IT-S 129 | 11 November 2024 | 5 Days | Istanbul | Registration Form Link |
IT-S 129 | 09 December 2024 | 5 Days | Istanbul | Registration Form Link |
Course Description
Training is given by experienced and professional people in their field, and the training contents are constantly updated according to the developing technologies and perspectives. The training course is prepared according to current internationally accepted standards, and interesting and entertaining with high-quality content that makes participants interactive. Anyone who completes the training can start to apply their knowledge and skills they have learned immediately.
In addition to the theoretical information, comprehensive practical exercises next to theoretical knowledge are performed in the training to ensure for reinforcement and practical gain of the participants. The main purpose of the training is not only to use software and try to understand the results by pressing certain buttons, but also to gain the ability to interpret and analyze raw data both theoretically and practically.
Course Objectives
- Understanding Incident Response (IR)
- Managing Cyber Incidents, Incident Scene Management
- Examining a Sample Case with Autopsy and Beklasoft Evidence Center
- Recovering Files from Forensic Images, File Carving, Data Recovery
Who Should Attend?
- Police and other laws enforcement personnel
- Defense and military personnel
- E-Business security professionals
- Systems administrators
- Legal professionals
Course Details/Schedule
Day 1
- Understanding Incident Response (IR)
- IR Process,
- IR Framework
- IR Plan
- IR Playbook/Handbook
- Testing IR Framework
- Methodology of Digital Forensics, Digital Evidence Concept
- Code Of Criminal Procedure, Penal Code
- Law and Regulations
- Legal Authority
- Evaluation of Data as Digital Evidence
- Rules of Evidence
- Incident Response (IR)
Day 2
- Managing Cyber Incidents, Incident Scene Management
- CSIRT Models
- SOAR
- Communication in Crisis
- Preparation Phase for Incident Response (IR)
- Identification, Scoping, and Initial Event Analysis
- Choosing Investigation Methodology
- Creating an Investigator Software Toolkit
- Choosing and Creating an Investigator Hardware Toolkit (Cameras, HDD/SSD Adapters, Cables, Screwdriver Sets, etc.)
- Search And Seizure Phase for Incident Response (IR)
- Digital Evidence Collection
- Write Protection Concept, Forensic Image Acquisition
- Write Blockers
- Hardware Imagers
- Software Imagers
- Understanding Forensic Imaging
- HPA and DCO
- Image Acquisition
- RAW DD Format, e01, and Other Image Files
Day 3
- Live Forensics Concept and Applications
- Order of Volatility
- First Controls
- Checking Disk Encryptions
- Acquisition of Volatile Data and RAM
- RAM Imagers, PSTools, Command Line Tools, Port Scanners, Autoruns, System Explorer, etc.
- Acquisition of Non-Volatile Data
- Triage Tools and How to Use
- Logical vs Physical Image
- Pagefile.sys and Hiberfil.sys
- Analyzing System Memory
- Volatility, Redline
- Unorthodox Image Acquisition Methods, Cloud Data, Remote Image Acquisition, Multi-Drive Storage Devices, and Network Image Acquisition
Day 4
- Processing of Acquired Image File
- Data Types
- Process Types
- Examining a Sample Case with Autopsy and Beklasoft Evidence Center
- Hash Concept and Usage,
- Hash Types
- Hashing a file
- Running Hash Analysis
- File Signature Analysis, File Analysis
- Windows File System
- FAT, ExFAT and NTFS
- Filename, Metadata, and Data Layers
- Sector and Clusters
- Data Allocation and Slack Area
- MBR and GPT
- $MFT
- Zone.Identifier
- Volume Shadow Copy
Day 5
- Recovering Files from Forensic Images, File Carving, Data Recovery
- Timestamps and Timelines
- Timeline Analysis
- Internet History Analysis
- GREP Search, YARA and SIGMA
- Malware Analysis for IR
- How to use GREP Search
- How to use YARA for Malware Analysis
- How to use SIGMA for Event Log Analysis
- Reporting
- What to Document
- Executive Summary
- IR Report / Forensic Report