DESCRIPTION

Digital forensics and incident response (DFIR) is the science of gathering, preserving, analyzing, and presenting digital information and evidence in the organization. This is also known as the Blue Team. 
This field is relevant to corporate security professionals, government employees, and military officers and contractors. Also, anyone who relies on digital information to communicate or to conduct business. 

DFIR (Blue team): Digital Forensics and Incident Response is a hugely important sector of cyber security, where your everyday security analysis is taken to the next level. While most security analysts will work out of a SIEM or SOAR platform, Incident Responders and Forensic analysts typically work directly with a potentially compromised device. With this, they are required to not only be familiar with a larger array of tools for analysis, but also a much stricter set of process and procedures as their actions are often subject to legal requirements.

COURSE OBJECTIVES

After completing this course, you should be able to:

• Define incident response plan 

• Investigate office files, PDF, RTF emails for forensics purpose

• Detect, analyse and contain malwares and attackers

• Find anomalies in network traffic 

• Investigate Windows and Linux systems  

• Use timelines to detect cyber attacks  

• Analyse malwares and create an IOCs / TTP

• Use big data system for SIEM 

• Threat hunting and forensics