The Basic (Level 1) course covers:
- Basic Concepts of Incident Response (Locard's Exchange Principle in the digital realm, etc.)
- Incident Preparation (Principle of Least Privilege, host configuration, monitoring, etc.)
- Data Hiding (how data is hidden on live systems; NTFS ADSs, rootkits, etc.)
- Data Collection and Analysis (collecting and analyzing information from live systems)
- Review of the Level 1 course
- Log (Event Log and IIS) Analysis
- Using scanners and sniffers (advanced network mapping, sniffing, TCP stream reconstruction, etc.)
- Malware Analysis (how to analyze suspicious files)
I'm working with a couple of places to provide facilities for the training, and once I've finalized something, I'll be blogging about it. I've also provided training on-site, having the hosting company provide the facilities, systems, catering, etc., as well as the attendees.
If you're interested in the training, please feel free to contact me.