Brug for hjælp?

  • Gregersensvej 8
  • 2630 Taastrup
Google MapsApple MapsRejseplanen
  • Forskerparken Fyn, Forskerparken 10F
  • 5230 Odense M
Google MapsApple MapsRejseplanen
  • Teknologiparken Kongsvang Allé 29
  • 8000 Aarhus C
Google MapsApple MapsRejseplanen
  • NordsøcentretPostboks 104
  • 9850Hirtshals
Google MapsApple MapsRejseplanen
  • Gammel Ålbovej 1
  • 6092Sønder Stenderup
Google MapsApple MapsRejseplanen
87804 - Masterclass: System Forensics and Incident Handling

Masterclass: System Forensics and Incident Handling

Få styr på sikkerheden med dette dybdegående kursus i sikkerhedsoperationer. Du lærer at detektere incidents, anormaliteter, håndtere avanceret fejlfinding, brugerrettigheder, konfigurationsfejl samt overvågning. Undervisningen foregår på engelsk.


Kurset er for it-sikkerhedsfolk, sikkerhedskonsulenter, arkitekter, it-professionelle der arbejder med enterprise infrastructure, systemudviklere, netværksadministratorer og it-professionelle, der arbejder med it-sikkerhed.


Module 1: Introduction to Incident Response and Handling
  • Types of Computer Security Incidents
  • Examples of Computer Security Incidents
  • Signs of an Incident
  • Incident Prioritization
  • Incident Response
  • Incident Handling
Module 2: System and Network Security Mechanisms
  • Integrity Levels
  • Anti-malware & Firewalls
  • Application Whitelisting, Application Virtualization
  • Privileged Accounts, Authentication, Monitoring,
  • and UAC
  • Whole Disk Encryption
  • Browser Security
  • EMET
  • Dangerous Endpoint Applications Session Zero
  • Privileges, permissions and rights
  • Passwords security (techniques for getting and cracking passwords
  • Registry Internals
  • Monitoring Registry Activity
  • Boot configuration
  • Services architecture
  • Access tokens
  • Web Application Firewall
  • HTTP Proxies, Web Content Filtering, and SSL Decryption
  • SIMs, NIDS, Packet Captures, and DLP
  • Honeypots/Honeynets
  • Network Infrastructure – Routers, Switches, DHCP, DNS
  • Wireless Access Points
Module 3: Incident Response and Handling Steps
  • How to Identify an Incident
  • Handling Incidents Techniques
  • Incident Response Team Services
  • Defining the Relationship between Incident Response, Incident Handling, and Incident Management
  • Incident Response Best Practices
  • Incident Response Policy
  • Incident Response Plan Checklist
Module 4: Handling Network Security Incidents
  • Denial-of-Service Incidents
  • Distributed Denial-of-Service Attack
  • Detecting DoS Attack
  • Incident Handling Preparation for DoS
  • DoS Response and Preventing Strategies
  • Following the Containment Strategy to Stop DoS
  • Detecting Unauthorized Access Incident
  • Incident Handling Preparation
  • Incident Prevention
  • Following the Containment Strategy to Stop Unauthorized Access
  • Eradication and Recovery
  • Detecting the Inappropriate Usage Incidents
  • Multiple Component Incidents
  • Containment Strategy to Stop Multiple Component Incidents
  • Network Traffic Monitoring Tools
Module 5: Handling Malicious Code Incidents
  • Count of Malware Samples
  • Virus, Worms, Trojans and Spywares
  • Incident Handling Preparation
  • Incident Prevention
  • Detection of Malicious Code
  • Containment Strategy
  • Evidence Gathering and Handling
  • Eradication and Recovery
Module 6: Securing Monitoring Operations
  • Industry Best Practices
  • Critical Security Controls
  • Host, Port and Service Discovery
  • Vulnerability Scanning
  • Monitoring Patching, Applications, Service Logs
  • Detecting Malware via DNS logs
  • Monitoring Change to Devices and Appliances
  • Leveraging Proxy and Firewall Data
  • Configuring Centralized Windows Event Log Collection
  • Monitoring Critical Windows Events
  • Detecting Malware via Windows Event Logs
  • Scripting and Automation
  • Importance of Automation
  • PowerShell
Module 7: Forensics Basics
  • Computer Forensics
  • Objectives of Forensics Analysis
  • Role of Forensics Analysis in Incident Response
  • Forensic Readiness And Business Continuity
  • Types of Computer Forensics
  • Computer Forensic Investigator
  • Computer Forensics Process
  • Collecting Electronic Evidence
  • Challenging Aspects of Digital Evidence
  • Forensics in the Information System Life Cycle
  • Forensic Analysis Guidelines
  • Forensics Analysis Tools
  • Memory acquisition techniques
  • Finding data and activities in memory
  • Tools and techniques to perform memory forensic


Chris Pietrzak is a system architect and consultant. He is designing and implementing solutions for Security, Network & Management area, mainly for Microsoft platform. The leader of the Microsoft Security Solutions User Group.


Paula Januszkiewicz is a word-renowned Security Expert. Paula loves to perform Penetration Tests, IT Security Audits, and after all she says: ‘harden’em all’! Enterprise Security MVP and trainer (MCT) and Microsoft Security Trusted Advisor.

Har du faglige spørgsmål så kontakt
Andre kurser