Breaking news and updates daily. Subscribe to our Newsletter

Cyber Security First Responder | Getting it right can change everything

Find out how to best respond right at the start of an incident . Contain the damage and ensure the incident response investigation can be performed with minimum delay.

Promoted by ALC Cyber Security
Wed, 29 Mar 2023
Cyber Security First Responder | Getting it right can change everything
expand image

How well you respond at the start, in the early stages of an incident, can be the single most important determinant in how well you can contain the damage.

ALC’s ground-breaking course CyberSec First ResponderTM is designed to achieve just that.

It is designed to equip your IT staff members with the capability and knowledge to be able to respond to an incident in an effective and timely manner, therteby significantly reducing the incident’s negative impact and ensuring that an incident response investigation can be performed with minimum delay.

The two-day training is a technical and hands on workshop that will introduce participants to various open source and free tools that can be used to capture and analyse artifacts that are critical during an incident investigation.

Classes are available both Face-to-Face and also Live Virtual.

Melbourne 9-10 May 2023
Sydney 20-21 July 2023
Live Virtual 16-17 May 2023
Live Virtual 17-18 July 2023

Learning outcomes

This course is designed to:

  • Ensure that staff members who are on the front lines of responding to incidents as they occur are well equipped to perform this critical role
  • Provide front line staff members the knowledge on how to satisfactorily collect forensic evidence'

Who should attend

This course is intended for:

  • Technical staff members who are tasked to first respond to cyber security incidents. Typical roles include:
    • Systems Engineer
    • Systems Administrator
    • Systems Analyst
    • Network Engineer
    • Network Administrator
    • Network Analyst
    • Helpdesk Level 1 & 2
    • Security Analyst
    • Threat Analyst
    • Infrastructure Manager
    • IT Manager
  • Anyone involved in Governance or Risk and who needs to gain a better understanding of how an attacker thinks

Course contents

Phase 1: Introduction to Incident Response

  • Common pitfalls
    • Common pain points that organisation make with regards to incidents
  • Prevalent threats/attacks
    • Who are the threat actors
    • What are the most common attack that are currently used
  • What is an incident and how to prepare for it
    • Incident life cycle
    • Regulatory bodies and Law
  • Evidence handling best practices
    • Chain of custody discussion
    • Forensics go kit
  • War stories and scenarios
    • Sharing of war stories and their root cause
    • What could have been done better to prevent the incident

Phase 2: How Hackers Do It

  • Introduction to malwares
    • Type of malwares
    • Common protection against malwares
  • Common attack techniques and lifecycle
    • Common attacker behaviour
    • Typical attack lifecycle

Phase 3: Data Collection (demo / hands on)

  • Disk image gathering
    • Introduction to tools used for disk image creation
    • Demo and hands on workshop on creating disk images
  • Memory image gathering
    • Introduction to tools used for memory dump collection
    • Demo and hands on workshop on memory dump collection

Phase 4: Introduction to Forensic Analysis

  • Autopsy 101
    • Introduction to forensic analysis tools
    • Demo and hands on workshop on using the tool called Autopsy
  • Basics of memory forensics
    • Introduction to memory forensics analysis tools
    • Demo and hands on workshop on using memory analysis tools

Phase 5: Cloud IR

  • Triaging incidents in the cloud
    • Conducting M365 incident response

Phase 6: Google-Fu (optional, if time permits)

  • Using Open Source Intelligence (OSINT) in incident investigation
    • How can public data be used during an incident investigation

Exam Information

The certificate exam comprises:

  • Multiple choice examination questions
  • 40 questions
  • 26 marks required to pass (out of 40 available) – 65%
  • 60 minutes duration
  • Closed book.

The exam will be held at the end of the course. For Face-to-Face classes it will be a paper-based exam and for Live Virtual classes it will be an online exam.

REGISTER NOW

cyber daily discover
ALC is a leading Australia-based provider of quality training for business and government, since 1994. Our focus is on...

Latest articles

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.