IR250 - Incident Investigation

Course Overview

This hands-on course concentrates on the use of EnCase Endpoint Investigator (EnCase) & other tools to acquire & analyze data in a manner that elaborates the relevance of various file system, network, & memory-based artifacts in the context of an investigative scenario. Professionals will examine the distinct factors that affect incident investigations, including planning, basic forensic principles, and examination & response options. They will observe how failing to take note of important issues & implement suitable policies can lead to weaknesses in IT infrastructure and the loss of evidential data. Conversely scholars will learn to appreciate the benefits of forward planning, employee education, audit & event logging, and suitable access-control policies. This course is very much concentrated on the recovery of data for the purposes of an investigation & the context in which said data may prove valuable. Scholars will participate in practical exercises throughout the course to underscore & drive home the skills taught.

Prerequisites

●    Participants should have attended the EnCase course, DF120–Foundations in Digital Forensics.

Audience Profile

This entry-level course is developed for digital forensic investigators, including IT specialists, security analysts, DFIR practitioners, & traditional digital investigators. Professionals should have Foundations level EnCase skills.

Learning Objectives

Refer course overview

Content Outline

●    Incident response/investigation considerations
●    How to capture disk & memory data using EnCase Endpoint Investigator and other tools
●    The significance of Windows Registry & file-system metadata, paying particular attention to the NT file system (NTFS) & timestamp analysis
●    How to identify & recover data encrypted using the Microsoft® Encrypting File System (EFS) & BitLocker®; also, how properly applied group policies can help to recover said data & the potential significance of NTFS alternate data streams
●    The benefits of USN change log & ShellBag analysis & how they may complement one another
●    The significance & analysis of shortcut link files and jumplists
●    Windows event log & $LogFile analysis
●    Microsoft Windows® Recycle Bin mechanics & analysis
●    Examination of volume shadow copies
●    Memory analysis utilizing Volatility; also, the recovery of passwords, encryption keys, & other data from memory dumps
●    Determining the nature, identity, & provenance of files and folders using hash, signature, & USN change log analysis
●    Identification & recovery of artifacts from Internet Explorer, Edge, Firefox, and Chrome

FAQs

A: To attend the training session, learners should have operational Desktops or Laptops with the needed specifications and a decent internet connection to access labs.

A: We would always suggest you attend the live session to practice & clarify the doubts instantly & get more value from your investment. However, due to some contingency, if you have to skip the class, Radiant Techlearning will help you with the recorded session of that specific day. However, those recorded sessions are meant only for personal consumption & NOT for distribution or commercial use.

A: Radiant Techlearning has a data center with a Virtual Training environment for the learners.

Participants can easily access these labs over Cloud with the help of a remote desktop connection.

Radiant virtual labs allow you to learn from anywhere, globally, and in any time zone.

A: The individuals will be enthralled as we engage them in real-world & industry Oriented projects during the training program. These projects will enhance your skills and knowledge & you will gain a better experience. These real-time projects will assist you a lot in your future tasks & assignments.

 A: Radiant Telelearning offers customized solutions and training programs for individuals, teams & businesses depending on their needs. Here is how we assist each one through our diverse formats.
Individuals / One-O-One Training
●      Focused learning sessions
●       Programmed scheduling according to your choice
●    Get personalized attention
 Opt what technology interests you
●    Teams- Enroll for our Online public or Classroom batches
●    Get our specialized updated content for various skill levels
●    Get on-demand learning & solve problems quickly
●    Get assistance from the ground level through sequential learning 
Enterprise:
●      Get customized training programmed and solutions that can be curated for your business
●     Meet the requirements of all learners
●     Let your workforce be geared up for all kinds of problem-solving
●       Inspire your teams for future
●     Update your workforce with the latest information from technology and business leadership to marketing.
 

A: Radiant Telelearning has a large pool of in-house certified trainers & consultants with solid backgrounds and working experience in the technology.

Radiant Telelearning offers more than 800+ courses & for each course, Radiant has identified ideal-in-class instructors.

Radiant has highly intensive selection criteria for Technology Trainers & Consultants who provide you with training programs. Our trainers & consultants undergo a rigorous technical & behavioral interview & assessment process before they are boarded in our company.

Our Technology experts/trainers & consultants carry a deep-dive understanding of the technical subject & are certified by the OEM. Our faculty will deliver you the knowledge of each course from the basic level in an easy way & you are free to ask your doubts any time from your respective faculty.

Our trainers have the patience & ability to explain complex concepts in a simplistic way with depth & width of knowledge.

A: Radiant believes in a practical & creative approach to training & development, distinguishing it from other training & development platforms. Moreover, training courses are undertaken by experts with a wide range of experience in their domain

 

A: Radiant believes in a practical & creative approach to training & development, distinguishing it from other training & development platforms. Moreover, training courses are undertaken by experts with a wide range of experience in their domain

 

Send a Message.


  • Enroll
    • Learning Format: ILT
    • Duration: 80 Hours
    • Training Level : Beginner
    • Jan 29th : 8:00 - 10:00 AM (Weekend Batch)
    • Price : INR 25000
    • Learning Format: VILT
    • Duration: 50 Hours
    • Training Level : Beginner
    • Validity Period : 3 Months
    • Price : INR 6000
    • Learning Format: Blended Learning (Highly Interactive Self-Paced Courses +Practice Lab+VILT+Career Assistance)
    • Duration: 160 Hours 50 Hours Self-paced courses+80 Hours of Boot Camp+20 Hours of Interview Assisstance
    • Training Level : Beginner
    • Validity Period : 6 Months
    • Jan 29th : 8:00 - 10:00 AM (Weekend Batch)
    • Price : INR 6000

    This is id #d