Contact US : +919999508202 [email protected]
Select Page

digital forensics and incident response

Digital forensics and incident response training is highly detailed training for corporate incident responders and forensics investigators.

Digital forensics plays a prime role in the threat hunting and incident response. Many windows forensics training courses focus on the techniques and methods used in this field, but very often those trainings do not address the real segments of knowledge . we need to question ourself that why enterprise forensic required  & how to correlate incident response with forensics . Also how to perform digital investigations and collecting digital evidence for an APT attack.

Digital forensics and incident response training serves to educate the users about windows forensics correlation with incident response so that they better understand workflow in SOC environments .

The Digital forensics and incident response training starts with the procedure of investigation and analysis techniques to gather and preserve evidence. We have included almost every sub division of DFIR including Live response ,Dead forensics , Live forensics , Network Forensics , Email Forensics , Browser forensics , Disk Forensics , Memory forensics , malware hunting and investigating  the advance persistent threats tools , techniques and procedures  in an organization .Incident response and  windows forensics has become its own area of scientific expertise, get an APT use case oriented training  with accompanying coursework and certification.

 

Digital forensics and incident response training

detailed syllabus

DIGITAL FORENSICS AND INCIDENT RESPONSE process

  • What is corporate digital forensics 
  • why corporate digital forensics is different from criminal investigations
  • The forensics correlation with incident response
  • why we need deep forensics in APT hunting
  • Understating the APT and attacks
  • What is MITRE & AT framework for investigations
  • Basic Forensic Process
  • Forensics 6A’s
  • Physical Protection of Evidence
  • Chain of custody
  • Forensic Investigator roles
  • Investigation Methods in breached environments
  • Understanding the complexity of investigation case
  • Enterprise Training Case –  A detailed threat hunting , threat intelligence and IR team investigation case

WINDOWS REGISTRIES AND INTERNALS INVESTIGATION

  • Registry Core
    • Hives, Keys, and Values
    • Registry Last Write Time
    • MRU Lists
    • Deleted Registry Key Recovery
    • Identify Dirty Registry Hives and Recover Missing Data
    • Rapidly Time-lining Multiple Hives
  • System Analysis
    • Identify the Current Control Sets
    • Document the System Timezone , name and version
    • Wireless, Wired, VPN, and Broadband Network Auditing
    • Perform Device Geolocation via Network Profiling
    • Identify System Updates and Last Shutdown Time
    • Registry-Based Malware Persistence methods 

WINDOWS REGISTRIES AND INTERNALS INVESTIGATION

  • Shellbag Forensics
    • Shortcut Files (.lnk) – Evidence of File Opening
    • Windows 7-11 Jumplists – Evidence of File Opening and Program Execution
    • Shellbag – Evidence of Folder Access
  • Additional Windows OS Artifacts
    • Windows Search Index Forensics
    • Extensible Storage Engine Database Recovery and Repair
    • Thumbs.db and Thumbcache Files
    • Windows Recycle Bin Analysis 
    • Windows Timeline Activities Database
    • Evidence of File Downloads
    • Office and Microsoft 365 File History Analysis
    • Windows Search History changes
    • Typed Paths and Directories
    • Recent Documents (RecentDocs)
    • Open Save/Run Dialog Boxes Evidence

USB and byod investigations

  • USB and BYOD Forensic Examinations
    • Vendor/Make/Version
    • Unique Serial Number identification
    • Last Drive Letter
    • MountPoints2 Last Drive Mapping Per User (Including Mapped Shares)
    • Volume Name and Serial Number
    • The username that Used the USB Device
    • Time of First USB Device Connection
    • Time of Last USB Device Connection
    • Time of Last USB Device Removal
    • Auditing BYOD Devices at Scale
    • Investigating wiped evidences of USB mount points

browser forensics

  • Browser Forensics
    • History and Cache
    • Searches and Downloads
    • Understanding Browser Timestamps
    • Private Browsing and Artifact Recovery
    • IE and EdgeHTML InPrivate Browsing analysis
    • Private Browsing analysis
    • Investigating the Tor Browser
    • SQLite and ESE Database Carving and additional Browser Artifacts
    • Identifying Selective Database Deletion
    • DOM and Web Storage Objects analysis
    • Rebuilding Cached Web Pages

email forensics

    • Evidence of User Communication
    • Email Header Examination
    • Email Authenticity
    • Determining a Geographic Location
    • Extended MAPI Headers
    • Host-Based Email Forensics
    • Exchange Recoverable Items
    • Exchange Evidence Acquisition and Mail
    • Exchange Search and eDiscovery
    • Unified Audit Logs in Office 365
    • Google Workspace (G Suite) Logging
    • Recovering Data from the G Suite
    • Webmail Acquisition
    • Business Email Compromise analysis

data triage and logs for responders

  • Windows operation systems anatomy for forensics point of view
  • NTFS file system overview 
  • Documents and File metadata understanding
  • File and stream carving tools and techniques
  • Web browsers private search Artifact recovery and examination
  • Email artifacts recovery and examination
  • Application Execution History via UserAssist, Prefetch, Windows Timeline
  • System Resource Usage Monitor (SRUM), and BAM/DAM
  • Detecting the System hacking events with prefetch , shimcache
  • Live memory forensics vs Dead forensics 
  • Identify the insecurities in machine with amcache
  • Windows Log Parsing and environment setup
  • Windows multiple Events correlation for forensics in depth

Apt investigations

  • Understanding the attacks and techniques for privilege escalation
  • Identify events of privilege escalation
  • Powershell for forensics and live detection of active directory attacks
  • Network forensics and evidence detection in corporate networks
  • Extract files from network packet capture and proxy cache files, allowing follow-on malware analysis or definitive data loss determinations
  • Use historical NetFlow data to identify relevant past network occurrences, allowing accurate incident scoping
  • Reverse engineer custom network protocols to identify an attacker’s command-and-control abilities and actions
  • Examine traffic using common network protocols to identify patterns of activity or specific actions that warrant further investigation
  • Incorporate log data into a comprehensive analytic process, filling knowledge gaps that may be far in the past
  • Prepare an report for system hacking

memory forensics

  • Windows process architecture for memory mapping
  • memory analysis vs volume shadow copies detections
  • KDBG ,VAD tree , PEB and EPRROCESS in depth for memory analysis
  • Memory blocks and hibernation internconnection analysis
  • Importance of Cache Data in memoery analysis 
  • Evidence mapping in Memory with APT detection  techniques
  • Analysing  memory for rootkits and dll hijacking ,hollowing  investigations
  • Windows process injections anatomy and investigations 
  • In-depth APT malware attacks investigations
  • Python for modern memory investigations
  • Anti-forensics techniques and evidence for investigations
  • Forensics timeline science and super-timelining for anti-forensics techniques 
  • Developing Report writing skills
  • Common mistakes in report
who should attend this training?
  • Freshers
  • Ethical hackers
  • Forensics Analyst
  • Incident responder
  • Threat hunter
why should i take this training?

The era of technology is now growing every day but due to dependency on the technology cyber frauds and attacks are also increased so to take defense for yourself and your business this is the best suitable training to take entry in this domain.

prerequisite of the training ?

The person should familiar with basic computer operations 

what is the total duration of the training ?

Its an Instructor-led online training and the total duration of the training is 25 hours.

TESTIMONIALS

What People Are Saying

Today I've completed my one 2 one online training by Mr Naresh sir from Certcube Labs .
This is the first time I have attended a class in this format and wondered how effective it would be. It was very effective and therefore I would definitely be interested in attending other classes in the same format. The instructor was very knowlegeable and provided a wealth of information about the current version, especially since the last version I used was several releases ago.

Satyam Singh

BCA, Delhi University

Positive: Professionalism, Quality, Responsiveness, Value

5 start training. Naresh is the best. He made me Zero to Hero in 3 months time. Little bit expensive compare to others ,but totally worth it .

Ravi S

Cyber Security Consultant , Red Hawk

We're Here To Help!

Office

3500 , 1st Floor , Raja Park , New Delhi -110034

Hours

M-S: 10am - 11pm