Skip to main content

System Forensics for Incident Responders

Identify, Respond and Recover from a Security Breach.

This comprehensive, technically detailed course enables you to successfully respond to incidents and reinforce your security posture.

Request Course Details

Attending students will learn

  • Computer forensics process
  • How to create evidentiary disk images
  • How to respond to unlawful access and information theft
  • Incident response procedures for Unix and Microsoft Windows systems

Who should attend

  • Incident Responders
  • Security Operations Center Personnel
  • Cyber Security Managers


  • Basic Understanding of the Windows and Linux Operating Systems
  • Some Programming Knowledge

Course Outline

1.  Introduction

  • Course Content and Format
  • Principles of Forensics and Incident Response (IR)

2.  Preparation

  • Data Collection Techniques
  • Chain of Custody
  • Pre-Incident Preparation
  • Forensic Hardware
  • Basic Incident Response Process
  • Documentation Requirements

3.  Legal Concerns

  • Federal Laws - ECPA and USC
  • Interception of Data
  • Stored Communications
  • Unauthorized Access
  • Child Pornography
  • Patriot Act, Gramm-Leach-Bliley Act, and Sarbanes-Oxley
  • Acceptable Use Policies

4.  UNIX & Linux Incident Response

  • Live Response Best Practices and Order of Volatility
  • Unix/Linux File Permissions
  • Unix/Linux Live Response
  • Following the Process Tree

5.  Windows Incident Response

  • Installed Software and Hotfixes
  • Persistence Mechanisms
  • Windows Audit Policies
  • Malware Analysis
  • Alternate Data Streams
  • Windows Registry

6.  File Carving and Toolkit Building

  • File Carving
  • Building a Response Kit
  • Determining File Headers
  • Scripting a Response Step by Step
  • Extracting Specific File Types

7.  Network-Based Monitoring

  • Sources of Network Data
  • Placement of Monitoring Devices in Network Monitoring Hardware

8.  File System Forensics

  • Common File System Types
  • Image File Formats
  • Hard Drive Types
  • Deleted Files
  • File Systems

9.  Advanced Topics

  • Memory Analysis and Rootlet Detection
  • Extracting Registry Values from Memory Dumps

Courses That Follow This Course

Request More Info About This Course

contact Focal Point

tweets by @FocalPointDR

Loading Tweets...