GCIH Certification Training Boot Camp

Infosec offers this five-day accelerated GCIH boot camp to train and prepare you for the GIAC® Certified Incident Handler (GCIH) certification exam, the prestigious security certification created and administered by the Global Information Assurance Certification.

Award-Winning Training

For 20 years InfoSec has been one of the most awarded and trusted information security training vendors — 40+ industry awards!

Hands-on Labs

Over 20 lab exercises provide you with the necessary skills to fight back against would-be attackers.

Analysts Recommended

IDC lists Infosec as Major Player in their Security Training Vendor Assessment.

GCIH Course Overview

Our GCIH boot camp helps you fully understand how systems are compromised and what traces are left behind by attackers on the network, on disk and in volatile memory. Security incidents are a way of life in the modern world, and how organizations respond to them makes a massive difference in how much damage is ultimately done.

In this five-day course, you learn how cutting-edge attack vectors and tried-and-true methods are used for compromise, the ins and outs of incident response, and the tools of the trade used by incident responders on a daily basis. You will leave with the knowledge of how to prevent incidents and the skills to defend against a security incident if it does happen.

The course focuses on the 5 key incident response stages:

  • Planning – Preparing the right process, people and technology enables organizations to effectively respond to security incidents
  • Identification – Scoping the extent of the incident and determining which networks and systems have been compromised and to what degree
  • Containment – Preventing the incident from further escalation using information gathered in identification stage
  • Eradication – Removing intruder access to internal and external company resources
  • Recovery and lessons learned – Restoring fully operational system capability and closing out the incident by proper reporting and lessons learned meetings

Award-winning training that you can trust.

Outstanding Partnership Award

Gold Winner

Best Cybersecurity Education Provider

Publisher's Choice

Security Training for Infosec Professionals

Top 20 Company

IT Training

Watch List Company

Top Online Learning Library

The Most Flexible Training — Guaranteed

100% Satisfaction Guarantee — If you’re not 100% satisfied with your training at the end of the first day, you may enroll in a different Flex Pro or Flex Classroom course

Knowledge Transfer Guarantee — If an employee leaves within three months of obtaining certification, Infosec will train a different employee at the same organization tuition-free for up to one year

What Will You Learn?

After attending our GCIH boot camp, you will have the ability to:

  • Firmly understand the provisions of IT law
  • Successfully define evidence-handling procedures
  • Comprehend the general rules of evidence
  • Apply fundamental computer and mobile forensics concepts to forensic investigations
  • Identify key technologies relevant to computer forensics
  • Acquire forensic evidence
  • Locate forensic artifacts in various operating systems
  • Analyze extracted evidence and properly report findings

What Our Students Are Saying

Without any question, InfoSec has the most gifted individual instructors. Our instructor for this class was both an excellent educator and a premier/world class security expert. He was able to clearly explain and impart to the students, the most complicated security techniques I have ever heard of or imagined. I simply can not find the words to recommend him and Infosec security training more highly.

John Hollan GE

Advanced Ethical Hacking Training Boot Camp

Why Choose InfoSec for GCIH Training?

Industry-Leading Exam Pass Rates — 93% of our students pass their certification exams on their first attempt

Training to Fit Your Schedule — In addition to Flex Pro, the highest-quality live online training in the industry, Infosec offers Flex Classroom training around the country and learn-at-your-own pace Flex Basic courses

Experienced Instructors — Infosec instructors have at least 10 years of industry training experience and are professionals with active roles in the industry

Most Thorough Exam Prep Services Available — Students get free exam readiness testing through SkillSet.com as well as advanced access to all course materials

Hands-on Labs

Our custom hands-on labs will let you play the part of a forensic examiner. More than 20 labs containing over a hundred exercises follow a cohesive scenario, providing you with a complete experience of a forensic investigation, from identifying evidence in a crime scene to extracting and examining artifacts from the suspect’s and victim’s computers. You will use popular commercial and open-source tools to practice and learn new skills in forensics image creation and analysis, examining file signatures and metadata, memory forensics, browser and email forensics, examining social media and cloud artifacts, and many other areas of forensic analysis.

What's Included?

  • Five days of the best hands-on incident response training in the industry
  • GCIH boot camp all-in-one textbook
  • GCIH sample exam questions
  • Pre-paid card to cover the cost of exam fees
  • Pre-shipment of textbook
  • 100% Satisfaction Guarantee
  • Infosec Flex video archive of course you attend (Flex Pro)
  • Infosec Flex detailed reporting on exam readiness (Flex Pro)

Who Should Attend?

  • -Law enforcement professionals looking to expand into computer crime investigations

  • -Legal professionals

  • -IT/infosec pros being tasked with corporate forensics and incident handling

What are the Prerequisites for this Course?

  • Basic understanding of computer networking and fundamental security concepts
  • General knowledge of networking protocols
  • Working knowledge of the Windows OS and command line
  • Basic exposure to Linux

Our Major Clients

GCIH Course Syllabus

    Our instructors give you 100% of their time and dedication to ensure that your time is well spent. You receive an immersive experience with no distractions! The typical daily schedule is:

    • Day 1: Incident response overview
      • Course introduction
      • Responding to incidents
        • Incident response today
        • Incident response needs
        • Current cyber threat landscape
      • IR definitions
      • The stages of incident response
        • Planning/preparation
        • Identification
        • Containment
        • Eradication
        • Recovery
        • Post-incident activity (lessons learned)
      • Incident response team members
      • Incident evidence
        • Chain of custody
        • Evidence types
        • Incident evidence
        • Evidence handling
      • Incident response tools
        • File system navigation tools
        • Hashing tools
        • Binary search tools
        • Imaging tools for bit-stream image copies
        • Deep retrieval tools
        • File chain and directory navigation tools
        • IR case management tools
    • Day 2: Common attacks, anatomy and coordination
      • Commonly used attacks
        • Precursors and indicators
        • Types of attacks
          • Network attacks
          • Botnets
          • Denial-of-service (DDoS) attacks
          • Email attacks
          • Malicious code (malware)
          • Overflow attacks
          • Ransomware
          • Client attacks
          • Compromise of privileged accounts
          • Insider attacks
          • Web application attacks
        • Anatomy of an attack
          • Reconnaissance
          • Scanning
          • Exploit
          • Maintaining access
          • Covering tracks on networks and systems
      • Incident response coordination
        • IR coordination benefits
        • Trusted communication paths
        • Information sharing techniques
    • Day 3: Network forensics, tools and analysis
      • Network forensics
        • Internet and networking basics
        • IP addressing
        • Understanding protocols (TCP, UDP, ICMP, DHCP)
        • Approach to network forensics
        • Network logs
      • Network security tools
        • Network devices and appliances
        • Port scanners
        • Packet sniffers and traffic analyzers
        • Network scanners
        • Firewalls
        • IDS/IPS
        • Remote access technologies
        • File integrity tools
        • Anti-malware
      • Log analysis
        • Importance of logs
        • Top 10 logging practices
        • Log management and control
        • SIEM
        • Main sources of data
        • Log analysis tools
        • Normal traffic signatures
        • Abnormal traffic signatures
      • Protocol analysis
        • TCP/IP concepts
        • TCP deep dive
        • Ports and sockets
        • Understanding headers
      • Wireless analysis
        • Wireless networking fundamentals
        • Wireless security solutions
        • Wireless attacks
        • Wireless PKI
      • Live analysis
        • Live forensics overview
        • Order of volatility
        • Live forensics tools
      • Web traffic analysis
        • Web signatures
        • DNS record types
        • Browser data locations
      • Email analysis
        • Email structure
        • Email protocols
        • Message analysis techniques
        • Outlook files
        • Email analysis tools
    • Day 4: CFE role, disk forensics, passwords and more
      • Role of the computer forensics examiner
        • Scope of authority
        • 4 steps to success
        • SWGDE
        • Legal aspects
      • Disk forensics
        • Image copy of disks
        • Imaging process and tools
        • Image analysis
        • Deleted files and other recovery areas
        • Slack
        • Data hiding techniques
      • Passwords and encryption
        • Protected storage
        • Password protected vs. password encrypted
        • Password recovery tools
        • Windows passwords
        • Password cracking
      • Memory forensics
        • Memory forensics definition and objectives
        • Memory artifacts
        • Dumping memory
        • Memory forensics tools
      • Windows swap file
        • Pagefile.sys
        • Policy and registry setting
        • Recovering the swap file
    • Day 5: Other forensics areas and exam review
      • Cell phone forensics
        • Cell phone technologies and operating systems
        • Cell phone communications
        • Android forensics challenges
        • Common tools
        • iOS forensics challenges
        • Common tools
      • Reverse engineering
        • Reverse engineering definition and objectives
        • Assembly language and machine code
        • Disassemblers
        • Hardcoded data
      • Exploit kits
        • Malware development kits
        • Evasion techniques
      • GCIH exam review

    View Pricing

    We will never share any of your information, spam you or annoy you with pushy sales pitches.

    Book your course

      Ready to get started? Get instant pricing for this award-winning boot camp. View course pricing
      View instant course pricing