The Basic (Level 1) course covers:
- Basic Concepts of Incident Response (Locard's Exchange Principle in the digital realm, etc.)
- Incident Preparation (Principle of Least Privilege, host configuration, monitoring, etc.)
- Data Hiding (how data is hidden on live systems; NTFS ADSs, rootkits, etc.)
- Data Collection and Analysis (collecting and analyzing information from live systems)
- Review of the Level 1 course
- Log (Event Log and IIS) Analysis
- Using scanners and sniffers (advanced network mapping, sniffing, TCP stream reconstruction, etc.)
- Malware Analysis (how to analyze suspicious files)
I'm working with a couple of places to provide facilities for the training, and once I've finalized something, I'll be blogging about it. I've also provided training on-site, having the hosting company provide the facilities, systems, catering, etc., as well as the attendees.
If you're interested in the training, please feel free to contact me.
Not sure if still relevant, or if you would care, but the link for the book redirects me to (windows-ir) a site with what appears to be Japanese Characters or at least foreign text. Not sure if the domain has been squatted or repurposed.
ReplyDelete(Sure is an old post, been reading from past to present.. promise to catch up soon)