In this course, you will :
- Learn the fundamentals of incident response, including how evidence is gathered for further digital forensic investigation.
- This course provides hands-on demonstrations of tools and techniques used by real-world professionals in the field as an introduction to the field of digital forensics and incident response practises.
- To get the most out of this course, you should have a basic understanding of computer networks and cybersecurity.
1. Digital Forensics
- What is cyber crime?
- Digital forensic investigations
- Types of evidence
- Best practices for digital forensic investigations
2. Incident Response
- Cyber incident response
- Preparation phase
- Detection and analysis phase
- Containment, eradication, and recovery phase
- Post-incident activity phase
3. Selecting Forensic Tools
- Types of forensic tools
- Commercial vs. open-source forensic tools
- Legal considerations when choosing forensic tools
- A basic forensic toolkit
4. What Do You Do When an Incident Occurs?
- Our cyber incident response scenario
- How to preserve evidence during a cyber incident response
- Collecting volatile forensic evidence from memory
- Collecting network forensics evidence
- Imaging a mass storage device
5. Analyzing the Data
- Types of data analysis
- Analyzing the contents of volatile memory
- Importing evidence into Autopsy
- Analyzing hidden and deleted files
- Analyzing data from Windows Registry
- Conducting log analysis
- Creating your report
- Other considerations for your investigations