Proactive First Response

2 Days | Face to Face

Rapid incident response minimizes loss and destruction, mitigates exploited weaknesses, restores IT services, and reduces the risk of future cyber security incidents.

However, a lack of resource, technology, or recognition of the type and magnitude of the problem leaves organizations under-prepared when the worst happens. When the reality is that you're not expertly equipped, the role of a first responder is essential -- and one many individuals in your IT team can step into.

Practical, exercise-driven, and business-focused
Written and delivered by our consultants – experienced cyber security professionals, responsible for delivering incident response to organizations, daily
Focused on the offensive techniques and capabilities of modern attackers, and how to defend against them
Demonstrates the principles of identifying, reacting, and containing an attack

Who should attend?

This course is aimed at IT staff on the frontline who need to defend their systems and respond to attacks. First responder training doesn’t require prior knowledge of digital forensics or cyber security techniques, but attendees must have a user-level proficiency with the basics of UNIX/Windows systems and network fundamentals.

Gain an in-depth understanding of the Incident Response process, and the lifespan of an incident
Learn to make critical decisions that directly affect the business continuity of your network estate, fast
Gain the technical skills required to support the incident investigation: disk and memory acquisition, network capture, and triaging)
Become well-versed in the process and importance of evidence tracking and handling throughout an incident

Benefits to your organization

From your team to the board, everyone needs results, which is why our courses come with their own individual business case. This 3-day Proactive First Response course will:

Prepare you to respond effectively to incidents threatening your organization, reducing response times and increasing the ability of your business to survive an attack
Maximize the value of any future investigations – first responders who can perform acquisition tasks help expedite the work of the investigators
Reduce the impact of an attack – first responders reduce the time during which hostiles remain in control, and ensure optimum containment and remediation

Show your interest

Please enter your details below. We’ll be in touch to find out your requirements as soon as possible:

First Name *

Last Name *

Business Email *

Business Phone *

Job Role / Title *

Company *

Country *

States/ Province

Additional information

I would like to receive emails and equivalent communications from F-Secure, including newsletters, event invitations, offers and product-related information.

Syllabus

Introduction to Key Principles

Digital Forensics/Incident Response Differences
Actors, Motivations, and Methods
Threat Intelligence
- Practical: Threat Intelligence Sources and Their Relevance

Incident Response

Preparation
Detection & Analysis
Containment, Eradication & Recovery
Post-Incident Activity

Policies and Procedures

Procedures & Forms
Evidence Handling
Chain of Custody
- Practical: Seize that machine

Data Acquisition

Memory
- Practical: Windows/Linux Memory Collection Techniques
Disk
- Practical: Windows/Linux Disk Acquisition Techniques
Network Traffic and Log Acquisition
- Practical: Network and Log Data Collection

Analysis & Triaging

Memory
- Practical: Linux/Windows Key Memory Artefacts
Network Traffic
- Practical: Searching for the Needle
Disk
- Practical: Linux/Windows Key Disk Artefacts

Accreditations & Certificates

F-Secure Consulting (F-Secure Cyber Security (Pty) Ltd) is a level 4 contributor to B-BBEE with a procurement recognition level of 100%. Learn more and download our B-BBEE certificate. Click here to read the press release.

@fsecure_consult F-Secure-Consulting fsecurelabs