Proactive First Response

2 Days | Face to Face

Rapid incident response minimizes loss and destruction, mitigates exploited weaknesses, restores IT services, and reduces the risk of future cyber security incidents.

However, a lack of resource, technology, or recognition of the type and magnitude of the problem leaves organizations under-prepared  when the worst happens. When the reality is that you're not expertly equipped, the role of a first responder is essential -- and one many individuals in your IT team can step into.

  • Practical, exercise-driven, and business-focused
  • Written and delivered by our consultants – experienced cyber security professionals, responsible for delivering incident response to organizations, daily
  • Focused on the offensive techniques and capabilities of modern attackers, and how to defend against them
  • Demonstrates the principles of identifying, reacting, and containing an attack
Who should attend?

This course is aimed at IT staff on the frontline who need to defend their systems and respond to attacks. First responder training doesn’t require prior knowledge of digital forensics or cyber security techniques, but attendees must have a user-level proficiency with the basics of UNIX/Windows systems and network fundamentals.

  • Gain an in-depth understanding of the Incident Response process, and the lifespan of an incident
  • Learn to make critical decisions that directly affect the business continuity of your network estate, fast
  • Gain the technical skills required to support the incident investigation: disk and memory acquisition, network capture, and triaging)
  • Become well-versed in the process and importance of evidence tracking and handling throughout an incident
Benefits to your organization

From your team to the board, everyone needs results, which is why our courses come with their own individual business case. This 3-day Proactive First Response course will:

  • Prepare you to respond effectively to incidents threatening your organization, reducing response times and increasing the ability of your business to survive an attack
  • Maximize the value of any future investigations – first responders who can perform acquisition tasks help expedite the work of the investigators
  • Reduce the impact of an attack – first responders reduce the time during which hostiles remain in control, and ensure optimum containment and remediation
Show your interest

Please enter your details below. We’ll be in touch to find out your requirements as soon as possible:

We process the personal data you share with us in accordance with our Corporate Business Privacy Policy.


Introduction to Key Principles

  • Digital Forensics/Incident Response Differences
  • Actors, Motivations, and Methods
  • Threat Intelligence
    • Practical: Threat Intelligence Sources and Their Relevance

Incident Response

  • Preparation
  • Detection & Analysis
  • Containment, Eradication & Recovery
  • Post-Incident Activity

Policies and Procedures

  • Procedures & Forms
  • Evidence Handling
  • Chain of Custody
    • Practical: Seize that machine

Data Acquisition

  • Memory
    • Practical: Windows/Linux Memory Collection Techniques
  • Disk
    • Practical: Windows/Linux Disk Acquisition Techniques
  • Network Traffic and Log Acquisition
    • Practical: Network and Log Data Collection

Analysis & Triaging

  • Memory
    • Practical: Linux/Windows Key Memory Artefacts
  • Network Traffic
    • Practical: Searching for the Needle
  • Disk
    • Practical: Linux/Windows Key Disk Artefacts
Accreditations & Certificates

F-Secure Consulting (F-Secure Cyber Security (Pty) Ltd) is a level 4 contributor to B-BBEE with a procurement recognition level of 100%. Learn more and download our B-BBEE certificate. Click here to read the press release.

Follow us
@fsecure_consult F-Secure-Consulting f-secure-foundry fsecurelabs