Thursday, December 30, 2004


I've updated my courseware to provide two courses as a follow-on to my book, Basic (Level 1) and Advanced (Level 2) Windows Incident Response, respectively.

The Basic (Level 1) course covers:
  • Basic Concepts of Incident Response (Locard's Exchange Principle in the digital realm, etc.)
  • Incident Preparation (Principle of Least Privilege, host configuration, monitoring, etc.)
  • Data Hiding (how data is hidden on live systems; NTFS ADSs, rootkits, etc.)
  • Data Collection and Analysis (collecting and analyzing information from live systems)
The Advanced (Level 2) course covers:
  • Review of the Level 1 course
  • Log (Event Log and IIS) Analysis
  • Using scanners and sniffers (advanced network mapping, sniffing, TCP stream reconstruction, etc.)
  • Malware Analysis (how to analyze suspicious files)
Each course is two days in length, and highly intensive. And it's not just lecture...I don't get in front of a classroom and pontificate. My courses are very interactive, and include hands-on labs and exercises. That way, you leave the courses having used what you've learned.

I'm working with a couple of places to provide facilities for the training, and once I've finalized something, I'll be blogging about it. I've also provided training on-site, having the hosting company provide the facilities, systems, catering, etc., as well as the attendees.

If you're interested in the training, please feel free to contact me.

1 comment:

Joe said...

Not sure if still relevant, or if you would care, but the link for the book redirects me to (windows-ir) a site with what appears to be Japanese Characters or at least foreign text. Not sure if the domain has been squatted or repurposed.
(Sure is an old post, been reading from past to present.. promise to catch up soon)