MINISTRY OF DEFENCE FUNDING


	Enhanced Learning Credits Administration Service (ELCAS)

7Safe provides Level 7 (of 8) nationally recognised qualifications on the National Qualifications Framework.

The course

This 4 day technical, highly practical course is designed to equip information security specialists with the knowledge and skills to deal effectively with incident response situations. It also gives investigators valuable insight into forensic acquisition under difficult circumstances. Delegates will be guided through a real-world style scenario featuring extensive “hands-on” learning throughout. Delegates who successfully complete the exam included at the end of the training course will be awarded the Certified Security Incident Specialist (CSIS) qualification.

Course Content

1. Introduction to Incident Response

a. Define an incident within the context of Computer Security

b. Explain how incidents are commonly identified

c. Describe the potential business impact of an incident occurring

d. Describe the requirements of an Incident Response Plan

e. Describe the need for an Incident Response Team

f. Discuss the issues involved in developing Incident Response procedures and techniques

2. Introduction to Incident Investigation

a. Discuss reasons why an incident investigation is needed

b. Discuss the objectives of an incident investigation

c. Describe the skill sets required for incident investigators

d. Explain how the investigation process needs to be balanced against business continuity

e. Describe the process of an investigation

f. Discuss potential lines of enquiry within a given scenario

3. Incident Investigation Techniques

a. Define the stages of a typical incident investigation

b. Describe the purpose of each stage of incident investigation

c. Discuss the relevance of each stage of the investigation

d. Discuss issues that could affect the order in which an incident investigation may proceed

4. Incident Investigation Preparation

a. List technical equipment that may be required to respond to a security incident

b. Discuss data security considerations associated with an onsite incident investigation

c. List further preparations that may be necessary for a computer security incident investigation.

5. Information Gathering

a. Describe the purpose of information gathering

b. Describe common methods of information gathering

c. Discuss the benefits of information gathering methods

d. List the type of information that should be sought during the information gathering stage

e. Consider appropriate sources of relevant information

6. Assessing Network Security

a. Define common security assessment techniques

b. Discuss the purpose of network security assessments

c. Describe the issues surrounding network security assessments

d. Describe the 7 stage hacking methodology

e. Discuss the evidential implications of security assessments

f. Demonstrate the use of common network scanning and vulnerability assessment tools on the case study environment

7. Introduction to Server Forensics

a. Discuss hardware related issues associated with server forensics

b. Describe the services provided by different types of network server

c. Describe typical forensic artefacts associated with Microsoft servers

d. Describe typical forensic artefacts associated with Linux servers

e. List evidentially significant files and folders that are core to the investigation of Microsoft and Linux operating systems

8. Data Harvesting Techniques

a. List electronic devices suitable for data acquisition

b. Define common data acquisition techniques

c. Discuss how acquisition of RAID devices can be achieved

d. Demonstrate acquisition and analysis of live server data

e. Demonstrate acquisition of a live server using FTK imager

f. Demonstrate acquisition of a local server using DD

g. Demonstrate acquisition of a remote server using DD

h. Explain considerations for prioritising acquisition of devices

9. Data Analysis Techniques

a. Describe the four analysis environments

b. Describe the malware analysis investigation methodology

c. Demonstrate malware analysis

d. Describe the requirements for log file analysis

e. Describe the requirements for source code analysis

f. Describe the requirements for database analysis

g. Demonstrate log file, source code and database analysis techniques

10. Incident Containment

a. Describe the purpose of incident containment

b. Discuss common containment issues

c. Describe techniques to achieve appropriate containment

d. Discuss the need to have knowledge of security best practices

e. Discuss the importance of testing containment solutions

f. Demonstrate containment within the course scenario

11. Incident Reporting

a. Describe the requirement for appropriate incident reporting

b. Describe the issues that affect report requirements

c. Discuss techniques that can assist report delivery

d. Discuss the importance of clear reporting requirements

Highlights

Download
PDF

Course outline

Read the CSIS Computer Security training course outline to find out more about the many topics covered in CSIS Computer Security Incident Investigation: Hands-On

Frequently Asked Questions (FAQ)

Delegate Testimonials

"As usual for 7Safe the course was excellent. First rate instructor whose enthusiasm and knowledge was clear to all - a credit to the company.”
Detective Constable - UK police

"Great course, instructor was excellent! The labs are very realistic and up to date with the latest technology. Thanks for a fantastic class-best yet."
Principal Security Consultant - UK information security company

"Good course - brought together the investigation aspects & potential pitfalls well."
Information Security Professional - UK information security company