GIAC GCIH Training Boot Camp

Infosec offers this five-day accelerated GCIH Boot Camp to train and prepare you for the GIAC® Certified Incident Handler (GCIH) certification exam, the prestigious security certification created and administered by the Global Information Assurance Certification.

Become a GIAC Certified Incident Handler (GCIH)

Boot camp overview

Our GCIH Boot Camp helps you fully understand how systems are compromised and what traces are left behind by attackers on the network, on disk and in volatile memory. Security incidents are a way of life in the modern world, and how organizations respond to them makes a massive difference in how much damage is ultimately done.

In this five-day training, you learn how cutting-edge attack vectors and tried-and-true methods are used for compromise, the ins and outs of incident response, and the tools of the trade used by incident responders on a daily basis. You will leave with the knowledge of how to prevent incidents and the skills to defend against a security incident if it does happen.

Skill up and get certified, guaranteed

100% Satisfaction Guarantee

If you’re not 100% satisfied with your training at the end of the first day, you may withdraw and enroll in a different Flex Pro or Flex Classroom course.

Knowledge Transfer Guarantee

If an employee leaves within three months of obtaining certification, Infosec will train a different employee at the same organization tuition-free for up to one year.

What's included?

  • Five days of expert, live GCIH training
  • Exam Insurance
  • Exam Payment
  • Unlimited practice exam attempts
  • 100% Satisfaction Guarantee
  • Free annual Infosec Skills subscription ($599 value!)
  • 1-year access to all boot camp video replays and materials
  • Onsite proctoring of exam
  • Knowledge Transfer Guarantee

Hands-on labs

Our custom hands-on labs will let you play the part of a forensic examiner. More than 20 labs containing over a hundred exercises follow a cohesive scenario, providing you with a complete experience of a forensic investigation, from identifying evidence in a crime scene to extracting and examining artifacts from the suspect’s and victim’s computers. You will use popular commercial and open-source tools to practice and learn new skills in forensics image creation and analysis, examining file signatures and metadata, memory forensics, browser and email forensics, examining social media and cloud artifacts, and many other areas of forensic analysis.

Award-winning training that you can trust

Best Product - Cybersecurity Training for Infosec Professionals

Infosec Skills

Ranked #52 in Top 100 Global Software Sellers


Best Software - Highest Satisfaction

Infosec Skills

Best IT Security-related Training Program

Infosec Skills

Best Cybersecurity Podcast

Cyber Work with Chris Sienko

Who should attend?

  • Law enforcement professionals looking to expand into computer crime investigations
  • Legal professionals
  • IT/infosec pros being tasked with corporate forensics and incident handling


  • Basic understanding of computer networking and fundamental security concepts
  • General knowledge of networking protocols
  • Working knowledge of the Windows OS and command line
  • Basic exposure to Linux

What you'll learn

After attending our GCIH Boot Camp, you will have the ability to:

  • Firmly understand the provisions of IT law
  • Successfully define evidence-handling procedures
  • Comprehend the general rules of evidence
  • Apply fundamental computer and mobile forensics concepts to forensic investigations
  • Identify key technologies relevant to computer forensics
  • Acquire forensic evidence
  • Locate forensic artifacts in various operating systems
  • Analyze extracted evidence and properly report findings

Incident response stages

The boot camp focuses on the five key incident response stages:

  • Planning – Preparing the right process, people and technology enables organizations to effectively respond to security incidents
  • Identification – Scoping the extent of the incident and determining which networks and systems have been compromised and to what degree
  • Containment – Preventing the incident from further escalation using information gathered in identification stage
  • Eradication – Removing intruder access to internal and external company resources
  • Recovery and lessons learned – Restoring fully operational system capability and closing out the incident by proper reporting and lessons learned meetings

Our clients

Bank of America
Defense Information Systems Agency

GCIH Boot Camp details

Day 1: Incident response overview

  • Course introduction
  • Responding to incidents
    • Incident response today
    • Incident response needs
    • Current cyber threat landscape
  • IR definitions
  • The stages of incident response
    • Planning/preparation
    • Identification
    • Containment
    • Eradication
    • Recovery
    • Post-incident activity (lessons learned)
  • Incident response team members
  • Incident evidence
    • Chain of custody
    • Evidence types
    • Incident evidence
    • Evidence handling
  • Incident response tools
    • File system navigation tools
    • Hashing tools
    • Binary search tools
    • Imaging tools for bit-stream image copies
    • Deep retrieval tools
    • File chain and directory navigation tools
    • IR case management tools

Day 2: Common attacks, anatomy and coordination

  • Commonly used attacks
    • Precursors and indicators
    • Types of attacks
      • Network attacks
      • Botnets
      • Denial-of-service (DDoS) attacks
      • Email attacks
      • Malicious code (malware)
      • Overflow attacks
      • Ransomware
      • Client attacks
      • Compromise of privileged accounts
      • Insider attacks
      • Web application attacks
    • Anatomy of an attack
      • Reconnaissance
      • Scanning
      • Exploit
      • Maintaining access
      • Covering tracks on networks and systems
  • Incident response coordination
    • IR coordination benefits
    • Trusted communication paths
    • Information sharing techniques

Day 3: Network forensics, tools and analysis

  • Network forensics
    • Internet and networking basics
    • IP addressing
    • Understanding protocols (TCP, UDP, ICMP, DHCP)
    • Approach to network forensics
    • Network logs
  • Network security tools
    • Network devices and appliances
    • Port scanners
    • Packet sniffers and traffic analyzers
    • Network scanners
    • Firewalls
    • IDS/IPS
    • Remote access technologies
    • File integrity tools
    • Anti-malware
  • Log analysis
    • Importance of logs
    • Top 10 logging practices
    • Log management and control
    • SIEM
    • Main sources of data
    • Log analysis tools
    • Normal traffic signatures
    • Abnormal traffic signatures
  • Protocol analysis
    • TCP/IP concepts
    • TCP deep dive
    • Ports and sockets
    • Understanding headers
  • Wireless analysis
    • Wireless networking fundamentals
    • Wireless security solutions
    • Wireless attacks
    • Wireless PKI
  • Live analysis
    • Live forensics overview
    • Order of volatility
    • Live forensics tools
  • Web traffic analysis
    • Web signatures
    • DNS record types
    • Browser data locations
  • Email analysis
    • Email structure
    • Email protocols
    • Message analysis techniques
    • Outlook files
    • Email analysis tools

Day 4: CFE role, disk forensics, passwords and more

  • Role of the computer forensics examiner
    • Scope of authority
    • 4 steps to success
    • SWGDE
    • Legal aspects
  • Disk forensics
    • Image copy of disks
    • Imaging process and tools
    • Image analysis
    • Deleted files and other recovery areas
    • Slack
    • Data hiding techniques
  • Passwords and encryption
    • Protected storage
    • Password protected vs. password encrypted
    • Password recovery tools
    • Windows passwords
    • Password cracking
  • Memory forensics
    • Memory forensics definition and objectives
    • Memory artifacts
    • Dumping memory
    • Memory forensics tools
  • Windows swap file
    • Pagefile.sys
    • Policy and registry setting
    • Recovering the swap file

Day 5: Other forensics areas and exam review

  • Cell phone forensics
    • Cell phone technologies and operating systems
    • Cell phone communications
    • Android forensics challenges
    • Common tools
    • iOS forensics challenges
    • Common tools
  • Reverse engineering
    • Reverse engineering definition and objectives
    • Assembly language and machine code
    • Disassemblers
    • Hardcoded data
  • Exploit kits
    • Malware development kits
    • Evasion techniques
  • GCIH exam review