Study any time, from any device.

GCIH Certification Training Boot Camp

Infosec offers this five-day accelerated GCIH Boot Camp to train and prepare you for the GIAC® Certified Incident Handler (GCIH) certification exam, the prestigious security certification created and administered by the Global Information Assurance Certification.

Become a GIAC Certified Incident Handler (GCIH)

Boot camp overview

Our GCIH Boot Camp helps you fully understand how systems are compromised and what traces are left behind by attackers on the network, on disk and in volatile memory. Security incidents are a way of life in the modern world, and how organizations respond to them makes a massive difference in how much damage is ultimately done.

In this five-day training, you learn how cutting-edge attack vectors and tried-and-true methods are used for compromise, the ins and outs of incident response, and the tools of the trade used by incident responders on a daily basis. You will leave with the knowledge of how to prevent incidents and the skills to defend against a security incident if it does happen.

Skill up and get certified, guaranteed

100% Satisfaction Guarantee

If you’re not 100% satisfied with your training at the end of the first day, you may withdraw and enroll in a different Flex Pro or Flex Classroom course.

Knowledge Transfer Guarantee

If an employee leaves within three months of obtaining certification, Infosec will train a different employee at the same organization tuition-free for up to one year.

What's included?

  • Five days of the best hands-on incident response training in the industry
  • Infosec digital courseware (physical textbooks available to purchase)
  • GCIH sample exam questions
  • Pre-paid card to cover the cost of exam fees
  • 90-day access to replays of daily lessons (Flex Pro)
  • 100% Satisfaction Guarantee

Hands-on labs

Our custom hands-on labs will let you play the part of a forensic examiner. More than 20 labs containing over a hundred exercises follow a cohesive scenario, providing you with a complete experience of a forensic investigation, from identifying evidence in a crime scene to extracting and examining artifacts from the suspect’s and victim’s computers. You will use popular commercial and open-source tools to practice and learn new skills in forensics image creation and analysis, examining file signatures and metadata, memory forensics, browser and email forensics, examining social media and cloud artifacts, and many other areas of forensic analysis.

Award-winning training that you can trust

Rising Star

Partner Award

G2 Crowd Leader

Technical Skills Development Software

Gold Winner

Best Cybersecurity Education Provider

Publisher's Choice

Security Training for Infosec Professionals

Top 20 Company

IT Training

Who should attend?

  • Law enforcement professionals looking to expand into computer crime investigations
  • Legal professionals
  • IT/infosec pros being tasked with corporate forensics and incident handling

Prerequisites

  • Basic understanding of computer networking and fundamental security concepts
  • General knowledge of networking protocols
  • Working knowledge of the Windows OS and command line
  • Basic exposure to Linux

You're in good company.

"I’ve taken five boot camps with Infosec and all my instructors have been great."

Jeffrey Coa

Information Security Systems Officer

"The course not only met my expectations, but exceeded them. It was the most engaging online training I’ve ever had."

Val Vask

Commercial Technical Lead

"I knew Infosec could tell me what to expect on the exam and what topics to focus on most."

Julian Tang

Chief Information Officer

What you'll learn

After attending our GCIH Boot Camp, you will have the ability to:

  • Firmly understand the provisions of IT law
  • Successfully define evidence-handling procedures
  • Comprehend the general rules of evidence
  • Apply fundamental computer and mobile forensics concepts to forensic investigations
  • Identify key technologies relevant to computer forensics
  • Acquire forensic evidence
  • Locate forensic artifacts in various operating systems
  • Analyze extracted evidence and properly report findings

Incident response stages

The boot camp focuses on the five key incident response stages:

  • Planning – Preparing the right process, people and technology enables organizations to effectively respond to security incidents
  • Identification – Scoping the extent of the incident and determining which networks and systems have been compromised and to what degree
  • Containment – Preventing the incident from further escalation using information gathered in identification stage
  • Eradication – Removing intruder access to internal and external company resources
  • Recovery and lessons learned – Restoring fully operational system capability and closing out the incident by proper reporting and lessons learned meetings

Can’t get away for a week?

Learn cybersecurity on-demand.

Get the cybersecurity training you need at a pace that fits your schedule with a subscription to Infosec Skills. Includes unlimited access to hundreds of additional on-demand courses — plus cloud-hosted cyber ranges where you can practice and apply knowledge in real-world scenarios — all for just $34 a month!

  • 400+ courses
  • 4 cyber range environments
  • 100+ hands-on labs
  • Certification practice exams
  • 50+ learning paths

Our clients

FedEx
Microsoft
Bank of America
Defense Information Systems Agency
Symantec

GCIH Boot Camp details

Day 1: Incident response overview

  • Course introduction
  • Responding to incidents
    • Incident response today
    • Incident response needs
    • Current cyber threat landscape
  • IR definitions
  • The stages of incident response
    • Planning/preparation
    • Identification
    • Containment
    • Eradication
    • Recovery
    • Post-incident activity (lessons learned)
  • Incident response team members
  • Incident evidence
    • Chain of custody
    • Evidence types
    • Incident evidence
    • Evidence handling
  • Incident response tools
    • File system navigation tools
    • Hashing tools
    • Binary search tools
    • Imaging tools for bit-stream image copies
    • Deep retrieval tools
    • File chain and directory navigation tools
    • IR case management tools

Day 2: Common attacks, anatomy and coordination

  • Commonly used attacks
    • Precursors and indicators
    • Types of attacks
      • Network attacks
      • Botnets
      • Denial-of-service (DDoS) attacks
      • Email attacks
      • Malicious code (malware)
      • Overflow attacks
      • Ransomware
      • Client attacks
      • Compromise of privileged accounts
      • Insider attacks
      • Web application attacks
    • Anatomy of an attack
      • Reconnaissance
      • Scanning
      • Exploit
      • Maintaining access
      • Covering tracks on networks and systems
  • Incident response coordination
    • IR coordination benefits
    • Trusted communication paths
    • Information sharing techniques

Day 3: Network forensics, tools and analysis

  • Network forensics
    • Internet and networking basics
    • IP addressing
    • Understanding protocols (TCP, UDP, ICMP, DHCP)
    • Approach to network forensics
    • Network logs
  • Network security tools
    • Network devices and appliances
    • Port scanners
    • Packet sniffers and traffic analyzers
    • Network scanners
    • Firewalls
    • IDS/IPS
    • Remote access technologies
    • File integrity tools
    • Anti-malware
  • Log analysis
    • Importance of logs
    • Top 10 logging practices
    • Log management and control
    • SIEM
    • Main sources of data
    • Log analysis tools
    • Normal traffic signatures
    • Abnormal traffic signatures
  • Protocol analysis
    • TCP/IP concepts
    • TCP deep dive
    • Ports and sockets
    • Understanding headers
  • Wireless analysis
    • Wireless networking fundamentals
    • Wireless security solutions
    • Wireless attacks
    • Wireless PKI
  • Live analysis
    • Live forensics overview
    • Order of volatility
    • Live forensics tools
  • Web traffic analysis
    • Web signatures
    • DNS record types
    • Browser data locations
  • Email analysis
    • Email structure
    • Email protocols
    • Message analysis techniques
    • Outlook files
    • Email analysis tools

Day 4: CFE role, disk forensics, passwords and more

  • Role of the computer forensics examiner
    • Scope of authority
    • 4 steps to success
    • SWGDE
    • Legal aspects
  • Disk forensics
    • Image copy of disks
    • Imaging process and tools
    • Image analysis
    • Deleted files and other recovery areas
    • Slack
    • Data hiding techniques
  • Passwords and encryption
    • Protected storage
    • Password protected vs. password encrypted
    • Password recovery tools
    • Windows passwords
    • Password cracking
  • Memory forensics
    • Memory forensics definition and objectives
    • Memory artifacts
    • Dumping memory
    • Memory forensics tools
  • Windows swap file
    • Pagefile.sys
    • Policy and registry setting
    • Recovering the swap file

Day 5: Other forensics areas and exam review

  • Cell phone forensics
    • Cell phone technologies and operating systems
    • Cell phone communications
    • Android forensics challenges
    • Common tools
    • iOS forensics challenges
    • Common tools
  • Reverse engineering
    • Reverse engineering definition and objectives
    • Assembly language and machine code
    • Disassemblers
    • Hardcoded data
  • Exploit kits
    • Malware development kits
    • Evasion techniques
  • GCIH exam review