ENTERPRISE COMPUTER INCIDENT RESPONSE AND FORENSICS TRAINING

In an industry that changes daily and a profession that demands lightning fast response, staying informed, engaged and one step ahead is critical. At Unatek, education and training are part of our mission. We believe we have a responsibility to share what we know with those who need it most. Our training programs are customized to suit our student’s and clients needs. Our students come from a variety of backgrounds from Fortune 500 companies, law enforcement agencies, and even independent security consultants. All of our courses are taught by practitioners that have first-hand experience with the latest twists and turns in the ever-changing world of cybercrime on its most aggressive and sophisticated level.
Unatek offers selective and private courses typically for groups of 10-20 students. You may schedule a private course by contacting sales@unatek.com.  
 
Course Description:
This course introduces students to methods of enterprise systems computer forensics and investigations.  This course helps prepare students for the International Association of Computer Investigative Specialists (IACIS) and certification.
 
Course Duration: 
Course durations from 1 - 8 days depending on course selection.
 
Who Should Attend:
Corporate executives, managers and technical team members involved in Information Technology, Information Security, Incident Response or other staff that have a need to investigate suspect network and systems use/misuse.
 
Expert Instructors:
Our corporate computer training instructors are Subject Matter Experts (SME), with extensive industry experience. They bring their comprehensive real-world skills and experiences to the classroom.
 
Pre-requisites:
In general, students should have a basic understanding of networks, TCP/IP and familiarity with Linux and Microsoft Windows family of operating systems. Familiarity with basic computer security terms and concepts is recommended. Depending on course selection, there might be additional pre-requisites.
 
Pre-Study Materials:
Written by industry experts to better prepare the students for the class and the exams.
 
Curriculum:
Developed by leading authors and can be customized to meet your company's learning and certification objectives.
 
Tools:
Instructions will be conducted using Encase Forensics Suites.  Students will come prepared with their laptops.
 
Assessments:
Proper evaluation determines the missing elements in a student's knowledge base. The student and instructor can then focus to improve those areas.
 
What You Will Learn:
Professional Competencies:

  • Explain concepts related to computer forensics.
  • Explain critical elements of managing a computer investigation.
  • Set up a computer-forensic workstation and execute an investigation.
  • Recover data from Windows and DOS systems for computer investigations. 
  • Describe the Macintosh and Linux boot process and disk structures. 
  • Create a computer forensic lab. 
  • Use various hardware and software tools to perform activities associated with computer forensics.
  • Identify and control digital evidence.
  • Explain procedures for processing crime and incident scenes.
  • Explain how to acquire digital evidence from disk drives.
  • Conduct a computer forensics analyses.
  • Conduct a forensics analysis of e-mail.
  • Conduct a forensics analysis of image files.
  • Prepare reports from forensics analysis.
  • Explain considerations for performing expert testimony.

 
Evaluation of Professional Competencies/Objectives:
Unless otherwise indicated, evaluation of student’s attainment of objectives is based on knowledge gained from this course.  During performance evaluations, students will be provided necessary tools, equipment, materials, specifications, and any other resources necessary to accomplish the task.  Specifications may be in the form of, but not limited to, manufacturer’s specifications, technical orders, regulations, national and state codes, certification agencies, locally developed lab assignments, or any combination of specifications

Enterprise Computer Incident Response and Investigations
This course investigates techniques needed to respond to today's landscape of threat actors and intrusion scenarios.
 
This intensive three-day course is designed to teach the fundamental investigative techniques needed to respond to today’s landscape of threat actors and intrusion scenarios. The class is built upon a series of hands-on labs that highlight the phases of a targeted attack, key sources of evidence, and the forensic analysis know-how required to analyze them.  Students will learn how to conduct rapid triage on a system to determine if it is compromised, uncover evidence of initial attack vectors, recognize persistence mechanisms, develop indicators of compromise to further scope an incident, and much more.
 
Student must bring a laptop or virtual machine running Windows 7 (32 or 64 bit). Students must possess Administrator rights to the system they will use during class and must be able to install software provided on a USB device.
 
Students must have a working understanding of the Windows operating system, file system, registry, and use of the command-line. Familiarity with Active Directory and basic Windows security controls and common network protocols will also be beneficial.
 
Cost: $3,999
 
Advanced Computer Forensics Analysis
This course investigates techniques needed to respond to today's landscape of threat actors and intrusion scenarios. 
This intensive three-day course covers in-depth advanced techniques used in computer forensics analysis and is designed to teach the fundamental investigative techniques needed to respond to today’s landscape of threat actors and intrusion scenarios. The class is built upon a series of hands-on labs that highlight the phases of a targeted attack, key sources of evidence, and the forensic analysis know-how required to analyze them.  Students will learn how to conduct rapid triage on a system to determine if it is compromised, uncover evidence of initial attack vectors, recognize persistence mechanisms, develop indicators of compromise to further scope an incident, and much more.
 
Student must bring a laptop or virtual machine running Windows 7 (32 or 64 bit). Students must possess Administrator rights to the system they will use during class and must be able to install software provided on a USB device.
 
Students must have a working understanding of the Windows operating system, file system, registry, and use of the command-line. Familiarity with Active Directory and basic Windows security controls and common network protocols will also be beneficial.
 
 
Cost: $3,999