"Vi hjelper deg å nå dine kompetansemål i 2017"

MasterClass: System Forensics and Incident Handling

Kursavgift: kr 25 000 | Varighet: 5 dager


The secure infrastructure configuration should be the most important line of defense in every organization. Unfortunately, people, the most valuable resource, are not always aware of the level of security in their companies, possible points of entry, how operating systems are attacked, and how to protect the infrastructure from successful attacks which are sometimes caused by configuration mistakes. Understanding internal OS protection mechanisms and services/roles completely provides a huge impact on the whole infrastructure security level. Unfortunately, the problem is… rarely anyone has this impact!

This is a deep dive course on security operations: vulnerability management, anomalies detection, discovery of industry attacks and threats, understanding how compromised system or solution looks like, defining the indicators of the attack, incident handling also daily servicing on SIEM platform. We will also walk through the advanced access rights, password mechanisms, windows internals, PowerShell usage for security purposes, gaining unauthorized access, advanced DNS configuration and common configuration mistakes, forensics techniques, Active Directory security, IIS Security, debugging, advanced monitoring and troubleshooting and much more! Topics covered during this training will help you to walk in hackers’ shoes and evaluate your infrastructure from their point of view.

The training focuses on detecting, responding, and resolving computer security incidents and covers the following security techniques:
  • The steps of the incident handling process
  • Detecting malicious applications and network activity
  • Common attack techniques that compromise hosts
  • Detecting and analyzing system and network vulnerabilities
  • Continuous process improvement by discovering the root causes of incidents


This course is a must-go for enterprise administrators, security officers and architects. Delivered by one of the best people in the market in the security field – with practical knowledge from tons of successful projects, many years of real-world experience, great teaching skills and no mercy for misconfigurations or insecure solutions.

Target audience is enterprise administrators, infrastructure architects, security professionals, systems engineers, network administrators, IT professionals, security consultants and other people responsible for implementing network and perimeter security.


Author’s unique tools, over 300 pages of exercises, presentations slides with notes.

Module 1: Introduction to Incident Response and Handling
1. Types of Computer Security Incidents
2. Examples of Computer Security Incidents
3. Signs of an Incident
4. Incident Prioritization
5. Incident Response
6. Incident Handling

Module 2: System and Network Security Mechanisms
1. Integrity Levels
2. Anti-malware & Firewalls
3. Application Whitelisting, Application Virtualization
4. Privileged Accounts, Authentication, Monitoring, and UAC
5. Whole Disk Encryption
6. Browser Security
8. Dangerous Endpoint Applications Session Zero
9. Privileges, permissions and rights
10. Passwords security (techniques for getting and cracking passwords
11. Registry Internals
12. Monitoring Registry Activity
13. Boot configuration
14. Services architecture
15. Access tokens
16. Web Application Firewall
17. HTTP Proxies, Web Content Filtering, and SSL Decryption
18. SIMs, NIDS, Packet Captures, and DLP
19. Honeypots/Honeynets
20. Network Infrastructure – Routers, Switches, DHCP, DNS
21. Wireless Access Points

Module 3: Incident Response and Handling Steps
1. How to Identify an Incident
2. Handling Incidents Techniques
3. Incident Response Team Services
4. Defining the Relationship between Incident Response, Incident Handling, and Incident Management
5. Incident Response Best Practices
6. Incident Response Policy
7. Incident Response Plan Checklist

Module 4: Handling Network Security Incidents
1. Denial-of-Service Incidents
2. Distributed Denial-of-Service Attack
3. Detecting DoS Attack
4. Incident Handling Preparation for DoS
5. DoS Response and Preventing Strategies
6. Following the Containment Strategy to Stop DoS
7. Detecting Unauthorized Access Incident
8. Incident Handling Preparation
9. Incident Prevention
10. Following the Containment Strategy to Stop Unauthorized Access
11. Eradication and Recovery
12. Detecting the Inappropriate Usage Incidents
13. Multiple Component Incidents
14. Containment Strategy to Stop Multiple Component Incidents
15. Network Traffic Monitoring Tools

Module 5: Handling Malicious Code Incidents
1. Count of Malware Samples
2. Virus, Worms, Trojans and Spywares
3. Incident Handling Preparation
4. Incident Prevention
5. Detection of Malicious Code
6. Containment Strategy
7. Evidence Gathering and Handling
8. Eradication and Recovery

Module 6: Securing Monitoring Operations
1. Industry Best Practices
2. Critical Security Controls
3. Host, Port and Service Discovery
4. Vulnerability Scanning
5. Monitoring Patching, Applications, Service Logs
6. Detecting Malware via DNS logs
7. Monitoring Change to Devices and Appliances
8. Leveraging Proxy and Firewall Data
9. Configuring Centralized Windows Event Log Collection
10. Monitoring Critical Windows Events
11. Detecting Malware via Windows Event Logs
12. Scripting and Automation
13. Importance of Automation
14. PowerShell

Module 7: Forensics Basics
1. Computer Forensics
2. Objectives of Forensics Analysis
3. Role of Forensics Analysis in Incident Response
4. Forensic Readiness And Business Continuity
5. Types of Computer Forensics
6. Computer Forensic Investigator
7. Computer Forensics Process
8. Collecting Electronic Evidence
9. Challenging Aspects of Digital Evidence
10. Forensics in the Information System Life Cycle
11. Forensic Analysis Guidelines
12. Forensics Analysis Tools
13. Memory acquisition techniques
14. Finding data and activities in memory
15. Tools and techniques to perform memory forensic

Bestill kurset her


Velg kurssted


    Velg dato

    kurs merket med * har startgaranti


    Mailen er sendt:

    Ditt tips er registrert og sendt!
    Vi håper snarlig å se deg på kurs hos oss!


    OBS! Vi har problemer med å sende ditt tips!

    Vi anbefaler deg å sjekke om du har skrevet inn en gyldig mailadresse.

    Tips sjefen

    Lyst til å delta på dette kurset, men må overbevise sjefen først?

    Glasspaper har laget en tips funksjon, som gjør det enklere for deg å overbevise din sjef om at dette kurset er perfekt for deg.
    Det eneste du trenger å gjøre er å fylle ut kontaktinformasjon, så sender vi relevant informasjon om kurset rett til dine utvalgte kontaktpersoner.
    Bruk gjerne funksjonen til å tipse venner og kollegaer om at dette er et nyttig kurs for dem

    Kontakt oss


    Hroar Henriksen

    916 70 066


    Glasspaper er kåret til Årets Microsoft Kurspartner 2017 - dette er åttende år på rad vi mottar denne hedersprisen