Threat Hunting in the Cloud: Defending AWS, Azure and Other Cloud
CYATTK-CLOUD.AE1
Threat Hunting in the Cloud: Defending AWS, Azure and Other Cloud
ISBN: 9781644593790CYATTK-CLOUD.AE1
Digital Forensics and Incident Response
Learn how to build a strong defense fabric using the latest digital forensics and incident response techniques.
(DIG-FORNSC-IR.AJ1) / ISBN : 978-1-64459-471-1This course includes
Interactive Lessons
Gamified TestPrep
Hands-On Labs
AI Tutor (Add-on)
About This Course
In this course, you’ll acquire specialized skills to identify and reconstruct a cybersecurity incident by collecting and analyzing digital evidence to persecute the threat actor. The digital forensics incident response solutions like threat hunting will help you capture the root cause of an attack and remove all traces of it from your network. Once enrolled, you’ll gain access to risk-free simulation labs to practice your theoretical knowledge and gain practical experience to add to your resume! So what are you waiting for? Everything you need is available in this hot-selling training courseware.
Skills You’ll Get
- Engage and manage IR teams, utilizing Security Orchestration, Automation, and Response (SOAR).
- Apply various incident investigation analyses to understand the cyber kill chain and the diamond model of intrusion analysis.
- Collect and analyze network evidence from firewalls, proxy logs, NetFlow, and packet captures using tools like Wireshark.
- Take actions to respond to ransomware incidents and investigate cyberattacks.
- Set up and use malware sandboxes for static and dynamic analysis using tools like ClamAV and YARA.
- Source and leverage threat intelligence using the MITRE ATT&CK framework.
- Work with Indicators of Compromise (IOCs) and Indicators of Attack (IOAs).
- Create hypotheses, plan and execute threat hunts, and apply digital forensic techniques and EDR tools for threat hunting.
- Manage and analyze log files using SIEMs and other tools, with a focus on Windows Event Logs.
Interactive Lessons
20+ Interactive Lessons | 148+ Exercises | 60+ Quizzes | 94+ Flashcards | 94+ Glossary of terms
Gamified TestPrep
55+ Pre Assessment Questions | 55+ Post Assessment Questions |
Hands-On Labs
29+ LiveLab | 29+ Video tutorials | 49+ Minutes
1
Preface
- Who this course is for
- What this course covers
- To get the most out of this course
2
Understanding Incident Response
- The IR process
- The IR framework
- The IR plan
- The IR playbook/handbook
- Testing the IR framework
- Summary
- Further reading
3
Managing Cyber Incidents
- Engaging the incident response team
- SOAR
- Incorporating crisis communications
- Incorporating containment strategies
- Getting back to normal – eradication, recovery, and post-incident activity
- Summary
- Further reading
4
Fundamentals of Digital Forensics
- An overview of forensic science
- Locard’s exchange principle
- Legal issues in digital forensics
- Forensic procedures in incident response
- Summary
- Further reading
5
Investigation Methodology
- An intrusion analysis case study: The Cuckoo’s Egg
- Types of incident investigation analysis
- Functional digital forensic investigation methodology
- The cyber kill chain
- The diamond model of intrusion analysis
- Summary
6
Collecting Network Evidence
- An overview of network evidence
- Firewalls and proxy logs
- NetFlow
- Packet capture
- Wireshark
- Evidence collection
- Summary
- Further reading
7
Acquiring Host-Based Evidence
- Preparation
- Order of volatility
- Evidence acquisition
- Acquiring volatile memory
- Acquiring non-volatile evidence
- Summary
- Further reading
8
Remote Evidence Collection
- Enterprise incident response challenges
- Endpoint detection and response
- Velociraptor overview and deployment
- Velociraptor scenarios
- Summary
9
Forensic Imaging
- Understanding forensic imaging
- Tools for imaging
- Preparing a staging drive
- Using write blockers
- Imaging techniques
- Summary
- Further reading
10
Analyzing Network Evidence
- Network evidence overview
- Analyzing firewall and proxy logs
- Analyzing NetFlow
- Analyzing packet captures
- Summary
- Further reading
11
Analyzing System Memory
- Memory analysis overview
- Memory analysis methodology
- Memory analysis tools
- Memory analysis with Strings
- Summary
- Further reading
12
Analyzing System Storage
- Forensic platforms
- Autopsy
- Master File Table analysis
- Prefetch analysis
- Registry analysis
- Summary
- Further reading
13
Analyzing Log Files
- Logs and log management
- Working with SIEMs
- Windows Logs
- Analyzing Windows Event Logs
- Summary
- Further reading
14
Writing the Incident Report
- Documentation overview
- Executive summary
- Incident investigation report
- Forensic report
- Preparing the incident and forensic report
- Summary
- Further reading
15
Ransomware Preparation and Response
- History of ransomware
- Conti ransomware case study
- Proper ransomware preparation
- Eradication and recovery
- Summary
- Further reading
16
Ransomware Investigations
- Ransomware initial access and execution
- Discovering credential access and theft
- Investigating post-exploitation frameworks
- Command and Control
- Investigating lateral movement techniques
- Summary
- Further reading
17
Malware Analysis for Incident Response
- Malware analysis overview
- Setting up a malware sandbox
- Static analysis
- Dynamic analysis
- ClamAV
- YARA
- Summary
- Further reading
18
Leveraging Threat Intelligence
- Threat intelligence overview
- Sourcing threat intelligence
- The MITRE ATT&CK framework
- Working with IOCs and IOAs
- Threat intelligence and incident response
- Summary
- Further reading
19
Threat Hunting
- Threat hunting overview
- Crafting a hypothesis
- Planning a hunt
- Digital forensic techniques for threat hunting
- EDR for threat hunting
- Summary
- Further reading
Appendix
1
Fundamentals of Digital Forensics
- Completing the Chain of Custody
2
Investigation Methodology
- Performing Reconnaissance on a Network
3
Collecting Network Evidence
- Installing a DHCP Server
- Performing a Proxy Server Operation
- Creating a Firewall Rule
- Capturing Packet Using RawCap
- Using tcpdump to Capture Packets
4
Acquiring Host-Based Evidence
- Using WinPmem for Memory Acquisition
- Using FTK Imager
- Using FTK Imager for Obtaining Protected Files
5
Remote Evidence Collection
- Using the Velociraptor Server
6
Forensic Imaging
- Preparing a Staging Drive
- Using EnCase Imager
7
Analyzing Network Evidence
- Working with NetworkMiner
- Capturing a Packet Using Wireshark
8
Analyzing System Memory
- Analyzing Malicious Activity in Memory Using Volatility
- Working with Strings in Linux
9
Analyzing System Storage
- Analyzing Forensic Case with Autopsy
- Viewing the Windows File Registry
10
Analyzing Log Files
- Creating an Event Log View
- Examining Windows Event Logs Using DeepBlueCLI
11
Ransomware Preparation and Response
- Understanding LPE
12
Ransomware Investigations
- Using Social Engineering Techniques to Plan an Attack
- Passing the Hash Using Mimikatz
13
Malware Analysis for Incident Response
- Analyzing Malware Using VirusTotal
- Using Process Explorer
- Handling Potential Malware Using ClamAV
14
Leveraging Threat Intelligence
- Examining MITRE ATT&CK
- Using Maltego to Gather Information
Any questions?Check out the FAQs
Still have unanswered questions and need to get in touch?
Contact Us NowDigital forensic and incident response (DFIR) is a specialized field of cybersecurity that collects and analyzes digital evidence to mitigate a threat incident in a timely approach.
No, there are no formal requirements to take this course. However, a basic understanding of cybersecurity, threats, and incident response will help you get started smoothly
You will learn to use the following tools:
Incident Response Tools:
- SOAR (Security Orchestration, Automation, and Response)
- Network Evidence Collection and Analysis:
- Firewalls
- Proxy logs
- NetFlow
- Packet capture
- Wireshark
- RawCap
- tcpdump
- NetworkMiner
Host-Based Evidence Collection and Analysis:
- WinPmem for memory acquisition
- FTK Imager
- Velociraptor
- EnCase Imager
- Volatility (for memory analysis)
- Strings (Linux tool)
Digital Forensics Platforms and Tools:
- Forensic platforms
- Autopsy
- Master File Table analysis tools
- Prefetch analysis tools
- Registry analysis tools
Log Analysis:
- SIEMs (Security Information and Event Management systems)
- Windows Event Logs
- DeepBlueCLI
Malware Analysis:
- Malware sandbox
- ClamAV
- YARA
- VirusTotal
- Process Explorer
Threat Intelligence and Threat Hunting:
- MITRE ATT&CK framework
- Maltego
The salary of a Digital Forensics and Incident Response Specialist can vary depending on factors such as experience, location, and specific job roles. As of 2024, the average salary for a Digital Forensics Investigator in the United States is around $74,000 to $110,000 per year.
Related Courses
All Course
Computer Security Fundamentals 5e
COMP-SEC-FUNDA.AB1
Computer Security Fundamentals 5e
ISBN: 9781644594162COMP-SEC-FUNDA.AB1
Cybersec First Responder (CFR-410)
CFR-410.AK1
Cybersec First Responder (CFR-410)
ISBN: 9781644594179CFR-410.AK1
Certified Information Systems Auditor (CISA)
CISA.AA1
Certified Information Systems Auditor (CISA)
ISBN: 9781644594421CISA.AA1
Cisco CyberOps Associate CBROPS (200-201)
200-201.AP2
Cisco CyberOps Associate CBROPS (200-201)
ISBN: 9781644594650200-201.AP2
Certified Ethical Hacker (CEH v12)
CEH-v12.AE1
Certified Ethical Hacker (CEH v12)
ISBN: 9781644599815CEH-v12.AE1
Certified Secure Software Lifecycle Professional (CSSLP)
CSSLP.AO2
Certified Secure Software Lifecycle Professional (CSSLP)
ISBN: 9781644594544CSSLP.AO2
Cybersecurity Risk Management-NIST Framework
CYBERSEC-NIST.AE1
Cybersecurity Risk Management-NIST Framework
ISBN: 9781644594643CYBERSEC-NIST.AE1
Artificial Intelligence for Cybersecurity
AI-CYBSEC.AJ1
Artificial Intelligence for Cybersecurity
ISBN: 9781644594834AI-CYBSEC.AJ1