ＨｉｄｅＺｅｒｏＯｎｅ

Threat hunting and Incident response tactics and procedures have evolved rapidly over the past several years. Your team can no longer afford to use antiquated incident response and threat hunting techniques that fail to properly identify compromised systems. The key is to constantly look for attacks that get past security systems, and to catch intrusions in progress, rather than after attackers have completed their objectives and done worse damage to the organization. For the incident responder, this process is known as ” threat hunting “. FOR508 teaches advanced skills to hunt, identify, counter, and recover from a wide range of threats within enterprise networks, including APT nation-state adversaries, organized crime syndicates, and ransomeware operators.

FOR508.1: Advanced Incident Response & Threat Hunting
FOR508.2: Intrusion Analysis
FOR508.3: Memory Forensics in Incident Response & Threat Hunting
FOR508.4: Timeline Analysis
FOR508.5: Incident Response & Hunting Across the Enterprise | Advanced Adversary & Anti-Forensics Detection
FOR508.6: The APT Threat Group Incident Response Challenge

FOR508: Advanced Incident Response, Threat Hunting, and Digital Forensics

FOR498, a digital forensic acquisition training course, provides the necessary skills to identify the many and varied data storage mediums in use today, and how to collect and preserve this data in a forensically sound manner despite how and where it may be stored. It covers digital acquisition from computers, portable devices, networks, and the cloud. It then teaches the student rapid triage, or the art and science of identifying and starting to extract actionable intelligence from a hard drive in 90 minutes or less.

Syllabus

FOR498.1: Scene Prep, Management, and Storage Interfaces
FOR498.2: Portable Devices and Acquisition Processes
FOR498.3: Triage and Data Acquisition
FOR498.4: Non-Traditional and Cloud Acquisition
FOR498.5: Apple Acquisition and Internet of Things
FOR498.6: Beyond the Forensic Tools: The Deeper Dive

FOR498: Digital Acquisition and Rapid Triage

FOR500 builds comprehensive digital forensics knowledge of Microsoft Windows operating systems providing the means to recover, analyze, and authenticate forensic data, track user activity on the network, and organize findings for use in incident response, internal investigations, intellectual property theft inquiries, and civil or criminal litigation. Use this knowledge to validate security tools, enhance vulnerability assessments, identify insider threats, track hackers, and improve security policies. Detailed and real-world exercises teach the tools and techniques that every investigator should employ step-by-step to solve a forensic case. Newly updated to cover all Windows versions through Windows 11!

Syllabus

FOR500.1: Digital Forensics and Advanced Data Triage
FOR500.2: Registry Analysis, Application Execution, and Cloud Storage Forensics
FOR500.3: Shell Items and Removable Device Profiling
FOR500.4: Email Analysis, Windows Search, SRUM, and Event Logs
FOR500.5: Web Browser Forensics
FOR500.6: Windows Forensics Challenge

FOR500: Windows Forensic Analysis

The eLearnSecurity Certified Digital Forensics Professional certification tests your understanding of networks, systems and cyber attacks. Once you’ve mastered the essentials, you’re challenged to utilize various methodologies and creative thinking to complete a real-world simulation based on actual scenarios and incidents.

Your course material will cover how to analyze both FAT & NTFS file systems, carving and creating your own custom carving signatures and Windows registry analysis. In addition, you’ll learn how to perform thorough investigations against Skype, explorer’s shellbags, Windows recycle bins, and much more.