Digital forensics and incident response are two of the most critical fields in all of information security. The staggering number of reported breaches in the last several years has shown that the ability to rapidly respond to attacks is a vital capability for all organizations. Unfortunately, the standard IT staff member is simply unable to effectively respond to security incidents. Successful handling of these situations requires specific training in a number of deeply technical areas including file systems, operating system design, and knowledge of possible network and host attack vectors. During this training, students will learn how to approach digital investigations in a manner that allows for immediate forensic exploitation of relevant data both in-memory and on-disk. Significant hands-on experience during labs will train students to analyze the same types of evidence and situations that they will encounter in real-world investigations. This class is structured so that a specific analysis technique is discussed and then the students immediately analyze staged evidence using their newly gained knowledge. Not only does this approach reinforce the material learned, but it also gives students a number of new skills as the course proceeds. Upon completion of the training, students will be able to effectively analyze a large number of digital evidence sources, including both on-disk and in-memory data, using the latest and most effective forensics tools and techniques. These skills will be immediately usable in a number of investigative scenarios and will greatly enhance even experienced investigators’ skillset. Students will also leave with media that contains all the tools and resources used throughout the training.
Digital Forensics And Incident Response – Tactical Edition (2021)