Skip to main content
back to List back
on this page

System Forensics and Incident Handling Masterclass

See current trainings here
post-event
This training has been completed See current trainings here
CQURE Inc.
TBC
Beginner / Intermediate
5 Days
Sat 19 Nov - Wed 23 Nov
This training has been completed See current trainings here
Venue:

Radisson Blu Hotel, Riyadh Qurtuba
Al Thumama Road, Riyadh, 11263, Saudi Arabia

Timings:
  • Registration starts at 8am
  • Training from 9am to 5pm
Topics:
  • Introduction to Incident Handling
  • Incident Response and Handling Steps
  • Windows Internals
  • Handling Malicious Code Incidents
  • Network Forensics and Monitoring
  • Securing Monitoring Operations and Evidence Gathering
  • Memory: Dumping and Analysis
  • Memory: Indicators of compromise
  • Disk: Storage Acquisition and Analysis
  • Reporting – Digital Evidence
Overview

Forensics and Incident Handling are constantly evolving and crucial topics in the area of cybersecurity. In order to stay on top of the attackers, the knowledge of Individuals and Teams responsible for collecting digital evidences and handling the incidents has to be constantly enhanced and updated. This advanced training provides skills necessary to find, collect and preserve data in a correct manner, analyze it and get to know as much about the incident as possible. This is an intense hands-on course covering the general approach to forensics and incident handling, network forensics, important aspects of Windows internals, memory and storage analysis, detecting indicators of compromise and a proper way of reporting.

Examples of tools, software and examples used during the course:

  • Belkasoft RAM Capturer
  • Wireshark
  • Volatility
  • The Sleuth Kit® (TSK)
  • Autopsy
  • DumpIt
  • DC3DD
  • Arsenal Image Mounter
  • Reclaim Me
  • ReFS Images
  • SysInternals Toolkit
  • ShadowCopyView
  • RegRipper
  • Rifiuti2
  • Registry Explorer/RECmd
  • FullEventLogView
  • EVTXtract
  • Loki IOC Scanner
  • Yara
  • LECmd
  • LinkParser
  • PECmd
  • SkypeLogViewer
  • SQLiteBrowser
  • Network Miner
  • StuxNet Memory Dump
Who Should Take This Course?

IT professionals, Forensics and Incident Handling Specialists, Security Consultants, Enterprise Administrators, Infrastructure Architects, Security Professionals, Systems Engineers, Network Administrators and other people responsible for implementing network and perimeter security.