• 708.689.0131
  • Contact us
  • Infosec IQ login
  • Infosec Skills login
Infosec Logo
  • Infosec Logo
  • Products
  • Solutions
  • Resources
  • Company
  • Infosec IQ logo Security awareness
  • Infosec Skills logo Boot camps & training
  • Product overview
  • Security awareness training
  • Phishing simulator
  • Reporting & assessments
  • Program automation
  • Global administration
  • Browse all training
  • Pricing & features
  • Demo
  • Live boot camps
  • Role-based training
  • Certifications & CPEs
  • Cyber ranges & labs
  • Skill assessments
  • Infosec Skills teams
  • Browse all training
  • Free trial
  • Pricing & features
  • Demo
  • Pre-built training plans
  • Industry, compliance & role-based training
  • Custom education
  • Personalized learning
  • Language
  • 1000+ phishing templates
  • Simulation types
  • Phishing email reporter
  • Reports
  • Assessments
  • Dashboard
  • Learner analytics
  • Learner management
  • Threat response orchestration
  • Integrations
  • Cybersecurity Specialist
  • Cybercrime Investigator
  • IT Auditor
  • Cybersecurity Analyst
  • Cybersecurity Consultant
  • Penetration Tester
  • Cybersecurity Manager
  • Cybersecurity Engineer
  • Cybersecurity Architect
  • Boot Camp Overview
  • CISSP Boot Camp
  • Security+ Boot Camp
  • Ethical Hacking Boot Camp
  • CCNA Dual Cert Boot Camp
  • CASP+ Boot Camp
  • CCSP Boot Camp
  • CISM Boot Camp
  • CySA+ Boot Camp
  • PMP Boot Camp
  • Browse all boot camps
Choose Your Own Adventure

Security awareness games by Infosec

Click to Play
  • By organization type
  • By need
  • Solutions overview
  • For business teams
  • For government & contractor teams
  • For MSPs & resellers
  • Security awareness
  • Phishing simulation
  • Technical skill development
  • IT certification
  • Compliance & framework
  • CMMC certification

    2020 security talent pipeline study

    250 security hiring managers share how they fill open roles

    Download
    • Cyber Work
    • Webinars
    • Case studies
    • Reports & whitepapers
    • Blog
    • Community
    • Infosec Inspire
    • Free tools
    • Cyber Work Podcast
    • Cyber Work Applied
    • Infosec Insiders
    • TechExams
    • YouTube
    • LinkedIn
    • Facebook
    • Twitter
    • Phishing Risk Test
    • Security awareness ROI calculator
    • Security awareness training plans
    • Security awareness buyer’s guide

      Free cybersecurity training from industry experts

      Forrester Wave™ graphic

      New episodes every month

      Get Access
      • About us
      • Events
      • Careers
      • Scholarships & awards
      • Infosec Gives
      • Industry alliances
      • About us
      • Leadership
      • Newsroom
      • Recognition
      • About LX Labs
      • Infosec Hall of Fame
      • Infosec Security Awareness Awards
      • Infosec Accelerate Scholarship Program

        We’re hiring!

        Join an ambitious team of people who care about making a difference.

        Get To Know Us

        Incident Response and Network Forensics Training Boot Camp

        Learn how to detect and respond to security incidents! This popular boot camp builds your knowledge around network forensics and incident response with hands-on labs and expert instruction.

        ★★★★☆
        4.06
        (211 ratings)
        Updated December 2020
        Book a Boot Camp

        Level up your skills

        • 100% Satisfaction Guarantee
        • Five days live, expert instruction (live online or in-person)
        • Immediate access to Infosec Skills — including a bonus boot camp prep course — from the minute you enroll to 90 days after your boot camp
        • Learn by doing with 100s of additional hands-on courses and labs
        • 90-day access to all boot camp video replays and materials
        • Knowledge Transfer Guarantee

        Course objectives

        This boot camp focuses on teaching you the five key incident response steps:

        1. Plan – Preparing the right process, people and technology enables organizations to effectively respond to security incidents
        2. Identify – Scoping the extent of the incident and determining which networks and systems have been compromised; includes assessing the extent to which systems have been compromised
        3. Contain – Prevent the incident from further escalating using information gathered in the previous stage
        4. Eradicate – Remove intruder access to internal and external company resources
        5. Recover – Restore fully operational system capability and close out incident

         

        View full course schedule

        Training overview

        Infosec’s Incident Response and Network Forensics Boot Camp covers the essential information you need to properly detect, contain and mitigate security incidents. You’ll learn the ins and outs of incident response as well as the tools used by incident responders on a daily basis. You’ll gain hands-on experience in how systems are compromised and what traces are left behind by attackers on the network, on disk and in volatile memory.

        Security incidents are a way of life in the modern world, and how organizations respond to them makes a massive difference in how much damage is ultimately done. This boot camp addresses cutting-edge attack vectors as well as tried-and-true methods for compromise. You leave with the knowledge of how to prevent incidents and the skills to defend against a security incident if it does happen.

        What you'll learn

        • The incident response process
        • Building an incident response kit
        • Event/incident detection
        • Categorizing and prioritizing events
        • Sources of network evidence
        • TCP reconstruction
        • Flow analysis
        • NIDS/NIPS
        • Vulnerability analysis
        • Log analysis
        • Firewall log investigation
        • Log aggregation
        • Network artifact discovery
        • Identifying rogue processes
        • DNS forensics and artifacts
        • NTP forensics and artifacts
        • HTTP forensics and artifacts
        • HTTPS and SSL analysis
        • FTP and SSH forensics
        • Email protocol artifacts
        • Wireless network forensics
        • Defensive review
        • Secure credential changing
        • Reporting and coordinating incidents

        Who should attend

        • Incident response professionals
        • Network and system administrators
        • Computer security incident response team (CSIRT) members
        • Anyone interested in improving their network forensics and incident management skills

        Prerequisites

        One or more years of experience in incident handling or equivalent information security experience is recommended.

        Get training resources sent to your inbox

        Everything you need to level up your skills

        • 100% Satisfaction Guarantee
        • 5 days live, expert instruction (live online or in-person)
        • Learn by doing with 100s of additional hands-on courses and labs
        • 90-day access to all boot camp video replays and materials
        • Knowledge Transfer Guarantee
        Everything you need to level up your skills
        View Pricing

        Training schedule

        Infosec’s Incident Response and Network Forensics training is more than just a boot camp. We support you before, during and after your live training to ensure you’re fully prepared to work on incident response and network forensics.

        • Before your boot camp
          • Start learning now. You’ll get immediate access to all the content in Infosec Skills the moment you enroll. Prepare for your live boot camp, uncover your knowledge gaps and maximize your training experience.

        • During your boot camp
          • Day 1

            Plan

            • Incident response planning fundamentals
            • Building an incident response kit
            • Incident response team components
            • IR toolkits and appropriate implementation
            • Threat Intelligence
            • Cyber Kill Chain
            • Agent-based IR

            Identify

            • Indications of an incident
            • Triage
            • Critical first steps
            • Understanding chain of custody

            Contain

            • Documentation
            • Written documentation and supporting media evidence
            • Identification methods
            • Isolation technical procedure best practices
            • Containment
            • Quarantine considerations for business continuity

            Eradicate

            • Eradication testing and the QA role
            • Incremental backup compromise detection
            • Operating system rebuilds

            Recover

            • Stakeholder identification in recovery process
            • Post incident heightened monitoring tasks
            • Special actions for specific incident types
            • Incident record keeping
            • Lessons learned

            Constructing your live incident response toolkit

            • Trusted command shells – Windows/Linux
            • Remote shells
            • PsExec vs PowerShell

            Day 2
            Event/incident detection

            • Develop an incident response strategy and plan
            • Limit incident effect and repair incident damage
            • Perform real-time incident response tasks
            • Determine the risk of continuing operations
            • Spearphishing and APT attacks

            Sources of network evidence

            • 3 evidence collection modalities
            • Persistence checks
            • Sensors
            • Evidence acquisition
            • Forensically sound collection of images

            TCP reconstruction

            • TCP session reconstruction
            • Payload reconstruction
            • Encapsulation methods
            • tcpdump/Wireshark
            • Working with pcap files
            • Wireshark filtering
            • Identify missing data
            • Identify sources of information and artifacts
            • Packet analysis

            Flow analysis

            • nfcapd and nfdump
            • nfsen
            • SiLK
            • Flow record export protocols
            • Network file carving
            • Encrypted flow analysis
            • Anomalous behavior analysis
            • Flow data points

            NIDS/NIPS

            • Snort
            • Snort rule configuration
            • Collect incident data and intrusion artifacts

            Log analysis

            • Syslog server
            • Syslog protocol format
            • Event investigation
            • Microsoft event log
            • Event viewer
            • Modeling analysis formats
            • HTTP server logs
            • Apache vs IIS
            • Header analysis and attack reconstruction

            Firewall log investigation

            • Log formats
            • iptables and packet flow

            Log aggregation

            • SIEM tools
            • Splunk architecture

            Day 3
            Triage & analysis

            • Categorizing events
            • Developing standard category definitions
            • Perform correlation analysis on event reports
            • Event affinity
            • Prioritize events
            • Determining scope, urgency, and potential impact
            • Assign events for further analysis, response, or disposition/closure.
            • Determine cause and symptoms of the incident

            Network artifact discovery

            • Network forensics with Xplico

            DNS forensics and artifacts

            • DNS tunneling
            • Fast flux forensics

            NTP forensics and artifacts

            • Understanding NTP architecture
            • NTP analysis
            • NTP usage in timeline analysis and log monitoring
            • Protocol inspection

            HTTP forensics and artifacts

            • Artifact discovery
            • Request/response architecture
            • HTTP field analysis
            • HTTP web services
            • AJAX
            • Web services

            HTTPS and SSL analysis

            • Artifact from secure negotiation process
            • Other non HTTPS SSL analysis

            FTP and SSH forensics

            • Capture and inspection
            • SFTP considerations

            Email protocol artifacts

            • SMTP vs POP vs IMAP artifacts
            • Adaptations and extensions
            • Microsoft Protocols
            • Architecture and capture
            • Exchange considerations
            • SMB considerations
            • Cloud email forensics

            Wireless network forensics

            • Wireless monitoring and capture methodologies
            • Understanding Wi-Fi common attacks
            • WEP vs WPA vs WPA2
            • Wi-Fi security compromise analysis

            Perform vulnerability analysis

            • Determine the risk, threat level or business impact of a confirmed incident.

            Day 4
            Timeline analysis

            • Timeline reconstruction
            • Benefits of structured timeline analysis
            • Required pre-knowledge
            • Pivot point analysis
            • Contexting with incomplete data
            • Enter information into an operations log or record of daily operational activity.
            • Filesystem considerations
            • Time rules
            • Using Sleuthkit and fls
            • Program execution file knowledge
            • File opening and file deletion
            • log2timeline
            • log2timeline input and output modules
            • Using l2t_process for filtering

            Volatile data sources and collection

            • System memory acquisitions from Windows systems
            • 64 bit Windows memory considerations
            • Page File analysis
            • Hibernation file analysis
            • Identify rogue processes
            • DLL analysis
            • Handle discovery and analysis
            • Code injection artifacts
            • Rootkit indicators
            • Correlation with network artifacts
            • Volatility walk-through
            • Redline analysis
            • Volatility basics
            • Volatility case study
            • Advanced malware hunting with Volatility
            • Examine Windows registry in memory
            • Investigate windows services
            • Cached files in RAM
            • Credential recovery in RAM

            Day 5
            Incident response

            • Defensive review and recommendations
            • Improving defenses
            • Secure credential changing process and monitoring
            • Increased monitoring period – when and how long
            • Validate the system
            • Identify relevant stakeholders that need to be contacted
            • Communications about an organizational incident
            • Appropriate communications protocols and channels
            • Coordinate, integrate and lead team responses with other internal groups
            • Provide notification service to other constituents
            • Enable constituents to protect their assets and/or detect similar incidents.
            • Report and coordinate incidents with appropriate external organizations
            • Liaison with law enforcement personnel
            • Track and document incidents from initial detection through final resolution.
            • Assign and label data according to the appropriate class or category of sensitivity
            • Collect and retain information on all events/incidents in support of future analytical efforts and situational awareness
            • Perform risk assessments on incident management systems and networks
            • Run vulnerability scanning tools on incident management systems and networks
            • CERT-CSIH Review
            • CSIH Domains
            • CSIH Practice Exam
        • After your boot camp
          • Your Infosec Skills access extends 90 days past your boot camp, so you can continue to build your skills, get a head start on your next certification goal or start earning CPEs.

        Free training resources

        Digital forensics and incident response: Is it the career for you?

        From fraud to extortion to intellectual property theft, new cybercrimes are being committed daily. Digital forensics and incident response (DFIR) professionals help piece together those crimes so that organizations can better protect themselves — and the bad guys get prosecuted.

        This episode of the Cyber Work podcast is a rebroadcast of a webinar featuring Cindy Murphy, President at Gillware Digital Forensics.  In this podcast, you’ll get the inside scoop on what it’s like to be a DFIR professional from someone with more than 25 years in the field and learn practical information on how to kickstart a career in DFIR.

        Listen Now

        Network forensics Resource Hub

        Explore our network forensics resource hub to learn all about network forensics, including exam information, study resources, job outlook and more.

        See Resources

        SolarWinds breach: Insights from the trenches | Live incident response demo

        It’s been a busy week for cybersecurity professionals as they respond to the SolarWinds breach. On December 13, the Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive to immediately “disconnect or power down SolarWinds Orion products" as they were being actively exploited by malicious actors.

        Infosec Skills author and KM Cyber Security managing partner Keatron Evans is helping numerous clients respond to the breach. In this live discussion and incident response demo (recorded Friday, December 18) he covers what happened with the SolarWinds supply chain attack, immediate action you can take to protect your systems and industry responses to help mitigate the incident. He also provides a live demo of Snort, memory forensics and Zeek, as well as a live Q&A with attendees.

        Listen Now

        Find your boot camp

        Take the course online?
        Learn more about online
        866.471.0059
        • Today
        • Next week
        • Next month
        See additional dates

        ©2021 Infosec, Inc.

        • Privacy & Cancellation Policies
        • Trademarks
        We use cookies to personalize your experience and optimize site functionality. Accept Cookie settings
        Privacy & Cookies Policy

        Infosec cookie notice

        We use cookies to help understand your needs, optimize website functionality and give you the best experience possible. Use this policy to understand how, when and where cookies are stored on your device. 

        Want to know more? Contact [email protected].
        Necessary
        Always Enabled

        This type of cookie helps keep our website functioning. They provide access to account-based features and other secure areas of our site, and do not store information about you that could be used for marketing. This category of cookies cannot be disabled.

        Analytics

        Google Analytics cookies help us understand how visitors use our site. All data collected from Google Analytics is anonymized (including your IP address) and stored by Google on U.S. servers.

        Marketing

        We use this type of cookie to optimize our marketing campaigns. Marketing cookies are delivered by our database when you visit our site, complete a form or open email from us. Information stored in this cookie includes personal information like your name and what pages you view on our site.

        Save & Accept