uCertify

CIS4113 - Forensic and Digital Investigation

(RU-CIS4113.AJ1) / ISBN : 978-1-64459-071-3
Lessons
Lab
TestPrep
AI Tutor (Add-on)
Get A Free Trial

Skills You’ll Get

Download Course Outline

1

Preface

  • Who this course is for
  • What this course covers
  • To get the most out of this course
2

Understanding Incident Response

  • The IR process
  • The IR framework
  • The IR plan
  • The IR playbook/handbook
  • Testing the IR framework
  • Summary
  • Further reading
3

Managing Cyber Incidents

  • Engaging the incident response team
  • SOAR
  • Incorporating crisis communications
  • Incorporating containment strategies
  • Getting back to normal – eradication, recovery, and post-incident activity
  • Summary
  • Further reading
4

Fundamentals of Digital Forensics

  • An overview of forensic science
  • Locard’s exchange principle
  • Legal issues in digital forensics
  • Forensic procedures in incident response
  • Summary
  • Further reading
5

Investigation Methodology

  • An intrusion analysis case study: The Cuckoo’s Egg
  • Types of incident investigation analysis
  • Functional digital forensic investigation methodology
  • The cyber kill chain
  • The diamond model of intrusion analysis
  • Summary
6

Collecting Network Evidence

  • An overview of network evidence
  • Firewalls and proxy logs
  • NetFlow
  • Packet capture
  • Wireshark
  • Evidence collection
  • Summary
  • Further reading
7

Acquiring Host-Based Evidence

  • Preparation
  • Order of volatility
  • Evidence acquisition
  • Acquiring volatile memory
  • Acquiring non-volatile evidence
  • Summary
  • Further reading
8

Remote Evidence Collection

  • Enterprise incident response challenges
  • Endpoint detection and response
  • Velociraptor overview and deployment
  • Velociraptor scenarios
  • Summary
9

Forensic Imaging

  • Understanding forensic imaging
  • Tools for imaging
  • Preparing a staging drive
  • Using write blockers
  • Imaging techniques
  • Summary
  • Further reading
10

Analyzing Network Evidence

  • Network evidence overview
  • Analyzing firewall and proxy logs
  • Analyzing NetFlow
  • Analyzing packet captures
  • Summary
  • Further reading
11

Analyzing System Memory

  • Memory analysis overview
  • Memory analysis methodology
  • Memory analysis tools
  • Memory analysis with Strings
  • Summary
  • Further reading
12

Analyzing System Storage

  • Forensic platforms
  • Autopsy
  • Master File Table analysis
  • Prefetch analysis
  • Registry analysis
  • Summary
  • Further reading
13

Analyzing Log Files

  • Logs and log management
  • Working with SIEMs
  • Windows Logs
  • Analyzing Windows Event Logs
  • Summary
  • Further reading
14

Writing the Incident Report

  • Documentation overview
  • Executive summary
  • Incident investigation report
  • Forensic report
  • Preparing the incident and forensic report
  • Summary
  • Further reading
15

Ransomware Preparation and Response

  • History of ransomware
  • Conti ransomware case study
  • Proper ransomware preparation
  • Eradication and recovery
  • Summary
  • Further reading
16

Ransomware Investigations

  • Ransomware initial access and execution
  • Discovering credential access and theft
  • Investigating post-exploitation frameworks
  • Command and Control
  • Investigating lateral movement techniques
  • Summary
  • Further reading
17

Malware Analysis for Incident Response

  • Malware analysis overview
  • Setting up a malware sandbox
  • Static analysis
  • Dynamic analysis
  • ClamAV
  • YARA
  • Summary
  • Further reading
18

Leveraging Threat Intelligence

  • Threat intelligence overview
  • Sourcing threat intelligence
  • The MITRE ATT&CK framework
  • Working with IOCs and IOAs
  • Threat intelligence and incident response
  • Summary
  • Further reading
19

Threat Hunting

  • Threat hunting overview
  • Crafting a hypothesis
  • Planning a hunt
  • Digital forensic techniques for threat hunting
  • EDR for threat hunting
  • Summary
  • Further reading
A

Appendix

1

Fundamentals of Digital Forensics

  • Completing the Chain of Custody
2

Investigation Methodology

  • Performing Reconnaissance on a Network
3

Collecting Network Evidence

  • Installing a DHCP Server
  • Performing a Proxy Server Operation
  • Creating a Firewall Rule
  • Capturing Packet Using RawCap
  • Using tcpdump to Capture Packets
4

Acquiring Host-Based Evidence

  • Using WinPmem for Memory Acquisition
  • Using FTK Imager
  • Using FTK Imager for Obtaining Protected Files
5

Remote Evidence Collection

  • Using the Velociraptor Server
6

Forensic Imaging

  • Preparing a Staging Drive
  • Using EnCase Imager
7

Analyzing Network Evidence

  • Working with NetworkMiner
  • Capturing a Packet Using Wireshark
8

Analyzing System Memory

  • Analyzing Malicious Activity in Memory Using Volatility
  • Working with Strings in Linux
9

Analyzing System Storage

  • Analyzing Forensic Case with Autopsy
  • Viewing the Windows File Registry
10

Analyzing Log Files

  • Creating an Event Log View
  • Examining Windows Event Logs Using DeepBlueCLI
11

Ransomware Preparation and Response

  • Understanding LPE
12

Ransomware Investigations

  • Using Social Engineering Techniques to Plan an Attack
  • Passing the Hash Using Mimikatz
13

Malware Analysis for Incident Response

  • Analyzing Malware Using VirusTotal
  • Using Process Explorer
  • Handling Potential Malware Using ClamAV
14

Leveraging Threat Intelligence

  • Examining MITRE ATT&CK
  • Footprinting a Website

Related Courses

All Courses