BONUS! Cyber Phoenix Subscription Included: All Phoenix TS students receive complimentary ninety (90) day access to the Cyber Phoenix learning platform, which hosts hundreds of expert asynchronous training courses in Cybersecurity, IT, Soft Skills, and Management and more!
Course Overview
This 4-day instructor-led training experience covers network intrusion detection completely by covering topics such as, detect evaluation, analysis, situation handling, theories involved in understanding hackers, intelligence gathering, coordinated attacks and preventive and aggressive security measures. This is an ideal course for the serious analyst, this course will put students in full control of their network’s security.
Schedule
Currently, there are no public classes scheduled. Please contact a Phoenix TS Training Consultant to discuss hosting a private class at 301-258-8200.
![[image]](http://13.64.56.230/wp-content/themes/phoenixts-com/assets/images/temp/image-9@2x.jpg)
Not seeing a good fit?
Let us know. Our team of instructional designers, curriculum developers, and subject matter experts can create a custom course for you.
Learn more about custom training
Course Objectives
By the end of this course students will be able to do the following:
- Create and Deploy incident capabilities within your organization
- Build a solid foundation for acquiring and handling suitable evidence for later analysis
- Analyze collected evidence and determine the root cause of a security incident
- Learn to integrate digital forensic techniques and procedures into the overall incident response process
- Integrate threat intelligence in digital evidence analysis
- Prepare written documentation to use internally or with external parties such as regulators or law enforcement agencies.
Course Outline
Incident Response
- Incident response process
- Incident response framework
- Incident response plan
- Incident response playbook
Forensic Fundamentals
- Legal aspects
- Digital forensic fundamentals
Network Evidence Collection
- Preparation
- Network device evidence
- Packet capture
- Evidence collection
Host-Based Evidence
- Evidence volatility
- Evidence acquisition
- Evidence collection procedures
- Non-volatile data
Understanding Forensic Imaging
- Overview of forensic imaging
- Preparing a stage drive
- Imaging
Network Evidence Analysis
- Analyzing packet captures
- Analyzing network log files
Analyzing System Memory
- Memory evidence overview
- Memory analysis
Analyzing System Storage
- Forensic platforms
Forensic Reporting
- Documentation overview
- Incident tracking
- Written reports
Malware Analysis
- Malware overview
- Malware analysis overview
- Analyzing malware
- Dynamic analysis
Threat Intelligence
- Threat intelligence overview
- Threat intelligence methodology
- Threat intelligence direction
- Threat intelligence sources
- Threat intelligence platforms
- Using threat intelligence
FAQs
This course is intended for System and Network Analysts, System Administrators, Network Administrators, and management level IT professionals.
Students should have knowledge of system and network common security threats, analysis techniques, and data recovery.
BONUS! Cyber Phoenix Subscription Included: All Phoenix TS students receive complimentary ninety (90) day access to the Cyber Phoenix learning platform, which hosts hundreds of expert asynchronous training courses in Cybersecurity, IT, Soft Skills, and Management and more!
Phoenix TS is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints re-garding registered sponsors may be submitted to the National Registry of CPE Sponsors through its web site: www.nasbaregistry.org
![[GSA LOGO]](http://13.64.56.230/wp-content/themes/phoenixts-com/assets/images/gsa-logo-black.png){kind=logo}
