Incident Response Training

This training covers essential skills for cybersecurity professionals responsible for network intrusion detection and incident response.



Course Overview

This 4-day instructor-led training experience covers network intrusion detection completely by covering topics such as, detect evaluation, analysis, situation handling, theories involved in understanding hackers, intelligence gathering, coordinated attacks and preventive and aggressive security measures. This is an ideal course for the serious analyst, this course will put students in full control of their network’s security.


Incident Response Training

10/05/21 - 10/08/21 (4 days)

8:30AM - 4:30PM EST

Tysons Corner, VA
10/12/21 - 10/15/21 (4 days)

8:30AM - 4:30PM EST

10/12/21 - 10/15/21 (4 days)

8:30AM - 4:30PM EST

Columbia, MD

Not seeing a good fit?

Let us know. Our team of instructional designers, curriculum developers, and subject matter experts can create a custom course for you.

Contact Us

Learn more about custom training

Course Objectives

By the end of this course students will be able to do the following:

  • Create and Deploy incident capabilities within your organization
  • Build a solid foundation for acquiring and handling suitable evidence for later analysis
  • Analyze collected evidence and determine the root cause of a security incident
  • Learn to integrate digital forensic techniques and procedures into the overall incident response process
  • Integrate threat intelligence in digital evidence analysis
  • Prepare written documentation to use internally or with external parties such as regulators or law enforcement agencies.

Course Outline

Incident Response

  • Incident response process
  • Incident response framework
  • Incident response plan
  • Incident response playbook

Forensic Fundamentals

  • Legal aspects
  • Digital forensic fundamentals

Network Evidence Collection

  • Preparation
  • Network device evidence
  • Packet capture
  • Evidence collection

Host-Based Evidence

  • Evidence volatility
  • Evidence acquisition
  • Evidence collection procedures
  • Non-volatile data

Understanding Forensic Imaging

  • Overview of forensic imaging
  • Preparing a stage drive
  • Imaging

Network Evidence Analysis

  • Analyzing packet captures
  • Analyzing network log files

Analyzing System Memory

  • Memory evidence overview
  • Memory analysis

Analyzing System Storage

  • Forensic platforms

Forensic Reporting

  • Documentation overview
  • Incident tracking
  • Written reports

Malware Analysis

  • Malware overview
  • Malware analysis overview
  • Analyzing malware
  • Dynamic analysis

Threat Intelligence

  • Threat intelligence overview
  • Threat intelligence methodology
  • Threat intelligence direction
  • Threat intelligence sources
  • Threat intelligence platforms
  • Using threat intelligence


Who should take this course?

This course is intended for System and Network Analysts, System Administrators, Network Administrators, and management level IT professionals.

What is the recommended experience for this course?

Students should have knowledge of system and network common security threats, analysis techniques, and data recovery.

Subscribe now

Get new class alerts, promotions, and blog posts