SIGN IN
REGISTER FOR EXAM
Buy On-Demand Training
Book Classroom / Live Online Training

Course Overview

This course provides a holistic view of how Incident Response is implemented in the real world, including Incident Response preparation, acquiring and analyzing digital forensic images and analyzing host and network data. Malware analysis, Threat intelligence and report creation are also included.

100% Online

University of Central Lancashire Accredited Training Course

20 Credits MSc Cybersecurity

1-2 months to complete

24-hr remote access to a virtual lab allows you to learn, train and practice your skills in your own time.

Level: Intermediate

Trainer Online Support

Exam Code: CDFE, Hours 3.0 - Type: Hands-On,

ICSI | CDFE Certified Digital Forensics Examiner

Course Curriculum

Course: Digital Forensics, Incident Response and Threat Hunting

  • Introduction

Module 1: Incident Response

  • What is Incident Response
  • The Incident Response Process Model
  • The Role of Digital Forensics
  • Why Incident Response is needed
  • The Incident Response Framework
  • The CSIRT Response Charter
  • The Incident Response Team
  • The Incident Response Plan
  • Incident Classification
  • The Incident Response Playbook
  • Escalation Procedures
  • Incident Response Capability Maintenance
  • Quiz

Module 2: Forensic Fundamentals

  • Forensic Fundamentals
  • UK Laws and Regulations
  • Legal Aspects of Digital Forensics
  • Digital Forensic Process
  • Digital Forensic Fundamentals
  • Quiz

Module 3: Collection of Network Evidence

  • Collection of Network Evidence
  • Preparation
  • Evidence from Network Devices
  • Collection of Evidence
  • Quiz

Module 4: Capturing Evidence from Host Systems

  • Capturing Evidence from Host Systems
  • Methods for Acquiring Evidence
  • Procedures for Collecting Evidence
  • Acquiring Memory
  • Guided Exercise: Acquiring Memory with FTK Imager
  • Guided Exercise: Acquiring Memory with FTK Imager (Video)
  • Guided Exercise: Acquiring Memory with WinPmem
  • Guided Exercise: Acquiring Memory with WinPmem (Video)
  • Acquiring Memory Remotely
  • Virtual Machines Captures
  • Non-Volatile Data
  • Guided Exercise: Capturing Registry and Logs using FTK Imager
  • Guided Exercise: Capturing Registry and Logs using FTK Imager (Video)
  • Quiz

Module 5: Forensic Imaging

  • Forensic Imaging
  • Forensic Imaging Overview
  • Evidence Drive Preparation
  • Guided Exercise: Drive Wiping with Eraser
  • Guided Exercise: Drive Wiping with Eraser (Video)
  • Guided Exercise: Encrypting a Drive’s Repository Partition with VeraCrypt
  • Guided Exercise: Encrypting a Drive’s Repository Partition with VeraCrypt (Video)
  • Dead Imaging
  • Guided Exercise: Create a Forensic Image with a GUI Tool
  • Guided Exercise: Create a Forensic Image with a GUI Tool (Video)
  • Guided Exercise: Create a Forensic Image with a CLI Tool
  • Guided Exercise: Create a Forensic Image with a CLI Tool (Video)
  • Live Imaging
  • Guided Exercise: Creating a Live Image using FTK Imager Lite

Module 6: Analysing Network Evidence

  • Analysing Network Evidence
  • Wireshark
  • Guided Exercise: Network Traffic Identification: PING
  • Guided Exercise: Network Traffic Identification: PING (Solution)
  • Guided Exercise: Network Traffic Identification: PING (Video)
  • Guided Exercise: Network Traffic Identification: DNS Query
  • Guided Exercise: Network Traffic Identification: DNS Query (Solution)
  • Guided Exercise: Network Traffic Identification: DNS Query (Video)
  • Guided Exercise: Network traffic Identification: TCP Three-Way Handshake
  • Guided Exercise: Network traffic Identification: TCP Three-Way Handshake (Solution)
  • Guided Exercise: Network traffic Identification: TCP Three-Way Handshake (Video)
  • Guided Exercise: Traffic Analysis: Host Footprinting / File Extractions
  • Guided Exercise: Traffic Analysis: Host Footprinting / File Extractions (Solution)
  • Guided Exercise: Traffic Analysis: Host Footprinting / File Extractions (Video)
  • Lab: Analysing Network Evidence
  • Lab: Analysing Network Evidence (Solution)

Module 7: Analysis of System Memory

  • Analysis of System memory
  • Memory Analysis Methodology
  • Guided Exercise: Analysis of Memory File Using Volatility
  • Guided Exercise: Analysis of Memory File Using Volatility (Video)
  • Lab: Analysis of System memory
  • Lab: Analysis of System Memory (Solution)

Module 8: Analysis of System Storage

  • Analysis of System Storage
  • Types of System Storage
  • File Systems
  • Commercial Tools
  • Must Have Tools for Incident Responders
  • File Carving
  • Guided Exercise: File Carving
  • Guided Exercise: File Carving (Video)
  • Email Analysis
  • Guided Exercise: Email Header Analysis
  • Guided Exercise: Email Header Analysis (Solution)
  • Guided Exercise: Email Header Analysis (Video)FREE PREVIEW
  • Registry Analysis
  • Guided Exercise: Reading Offline Files with Regedit
  • Guided Exercise: Reading Offline Files with Regedit (Solution)
  • Guided Exercise: Reading Offline Files with Regedit (Video)
  • Guided Exercise: Reading Offline Registry Files with Windows Registry Recovery
  • Guided Exercise: Reading Offline Registry Files with Windows Registry Recovery (Video)
  • Guided Exercise: Reading Offline Files with RegRipper
  • Guided Exercise: Reading Offline Files with RegRipper (Solution)
  • Guided Exercise: Reading Offline Files with RegRipper (Video)
  • Hashing
  • Guided Exercise: Hashing Folders and Their Contents for Comparison
  • Guided Exercise: Hashing Folders and Their Contents for Comparison (Solution)
  • Guided Exercise: Hashing Folders and Their Contents for Comparison (Video)
  • Guided Exercise: Hashing Individual Files for Comparison
  • Guided Exercise: Hashing Individual Files for Comparison (Solution)
  • Guided Exercise: Hashing Individual Files for Comparison (Video)
  • Guided Exercise: Hashing Evidence Files for Validation
  • Guided Exercise: Hashing Evidence Files for Validation (Solution)
  • Guided Exercise: Hashing Evidence Files for Validation (Video)
  • Web browser Analysis
  • Guided Exercise: Analysing Chrome Internet Cache and History
  • Guided Exercise: Analysing Chrome Internet Cache and History (Solution)
  • Guided Exercise: Analysing Chrome Internet Cache and History (Video)
  • File Analysis
  • Guided Exercise: File Analysis – Microsoft Office Files
  • Guided Exercise: File Analysis – Microsoft Office Files (Solution)
  • Guided Exercise: File Analysis – Microsoft Office Files (Video)
  • Guided Exercise: File Analysis – EXIF Data from Graphic Files
  • Guided Exercise: File Analysis – EXIF Data from Graphic Files (Solution)
  • Guided Exercise: File Analysis – EXIF Data from Graphic Files (Video)
  • Timestamps and Timeline Analysis
  • Guided Exercise: Combining Timestamps for a Timeline
  • Guided Exercise: Combining Timestamps for a Timeline (Solution)
  • Guided Exercise: Combining Timestamps for a Timeline (Video)
  • Guided Exercise: Examining Event Logs
  • Guided Exercise: Examining Event Logs (Video)
  • Shortcut Files and Jumplist Analysis
  • Guided Exercise: Shortcut File Analysis
  • Guided Exercise: Shortcut File Analysis (Solution)
  • Guided Exercise: Shortcut File Analysis (Video)
  • Guided Exercise: Jump List Analysis
  • Guided Exercise: Jump List Analysis (Video)
  • Prefetch File Analysis
  • Guided Exercise: Prefetch File Analysis
  • Guided Exercise: Prefetch File Analysis (Solution)
  • Guided Exercise: Prefetch File Analysis (Video)
  • Thumbnail Caches Analysis
  • Guided Exercise: Analysing Thumbs.db from Windows XP
  • Guided Exercise: Analysing Thumbs.db from Windows XP (Video)
  • Guided Exercise: Analysing Cache Images within Microsoft Files
  • Guided Exercise: Analysing Cache Images within Microsoft Files (Video)
  • GREP Searches
  • Guided Exercise: GREP Searching Through Log Files
  • Guided Exercise: GREP Searching Through Log Files (Video)
  • File Recovery
  • Guided Exercise: Mounting a Forensic Image with FTK Imager and Recovering Files
  • Guided Exercise: Mounting a Forensic Image with FTK Imager and Recovering Files (Video)
  • Guided Exercise: Recovering Files from Forensic Images with Autopsy
  • Guided Exercise: Recovering Files from Forensic Images with Autopsy (Video)
  • Recovering Passwords
  • Guided Exercise: Recovering Passwords
  • Guided Exercise: Recovering Passwords (Video)

Module 9: Creating Forensic Reports

  • Creating Forensic Reports
  • What should be documented
  • Documentation Types
  • Sources to Include
  • Audience
  • Tracking Incidents
  • Written Reports
  • Quiz

Module 10: Malware Analysis

  • Malware Analysis
  • Malware Types and Definition
  • Malware Analysis Methodology
  • Guided Exercise: Using Pestudio to Analyse Malware
  • Guided Exercise: Using Pestudio to Analyse Malware (Video)
  • Guided Exercise: Analyse Malware with Process Explorer
  • Guided Exercise: Analyse Malware with Process Explorer (Video)
  • Lab: Malware Analysis
  • Lab: Malware Analysis (Solution)

Module 11: Threat Intelligence

  • Threat Intelligence
  • Threat Intelligence Actor Groups
  • Advanced Persistent Threat
  • Types of Threat Intelligence
  • Threat Intelligence Life Cycle
  • Sourcing Threat Intelligence
  • Threat Intelligence Platforms
  • Threat Intelligence Use Types
  • Guided Exercise: Hashing Evidence – Known Bad Hashes
  • Guided Exercise: Hashing Evidence – Known Bad Hashes (Video)
  • Quiz

Module 12: Course Review

  • Exercise – Wireshark
  • Exercise – Wireshark (Solution)
  • Exercise – Memory
  • Exercise – Memory (Solution)
  • Exercise – File Carving
  • Exercise – File Carving (Solution)
  • Exercise – Email Headers
  • Exercise – Email Headers (Solution)
  • Exercise – Registry
  • Exercise – Registry (Solution)
  • Exercise – Hash Functions
  • Exercise – Hash Functions (Solution)
  • Exercise – Web Browsers
  • Exercise – Web Browsers (Solution)
  • Exercise – File Analysis – Metadata
  • Exercise – File Analysis – Metadata (Solution)
  • Exercise – Event Logs
  • Exercise – Event Logs (Solution)
  • Exercise – Shortcuts
  • Exercise – Shortcuts (Solution)
  • Exercise – Jump Lists
  • Exercise – Jump Lists (Solution)
  • Exercise – Prefetch Files
  • Exercise – Prefetch Files (Solution)
  • Exercise – Thumb Caches
  • Exercise – Thumb Caches (Solution)
  • Exercise – GREP Searches
  • Exercise – GREP Searches (Solution)
  • Exercise – File Recovery
  • Exercise – File Recovery (Solution)
  • Exercise – Password Recovery
  • Exercise – Password Recovery (Solution)

Module 13: Appendices

  • Appendix 1 – Sample Chain of Custody Form
  • Appendix 2- Host Evidence Collection Checklist

Exam Registration

  • How to register for the exam

What is included in this course

  • High-quality videos with in-depth content

  • Modular structure – student-directed path

  • Knowledge Checks at end of each module and the course

  • eBook

  • Lab Guide including video Guided Exercises and answer files

  • 6 months 24x7 remote access to a virtual lab

  • Instructor email support

  • 1 exam voucher - Online Exam Proctoring

  • Digital Certificate of Completion

  • Pass your Exam and share you Accredible Badge on LinkedIn