This course will introduce the principles and general practice of incident response, including an overview of digital and network forensics. It will define what constitutes an incident, what is meant by the incident response, the attack lifecycle, and the goals of incident response. The course will discuss building an incident response team, the steps in the process, and preparing for incident response. attendees will understand the process of detecting and characterizing an incident, collecting and analyzing data, and the process of remediation. The course will then provide a deeper dive into the practice of digital forensics, specifically focusing on a computer, mobile, network, and database forensics. It will outline the investigative and analysis process, survey tools, digital evidence, and brie y touch on the law.
Upon completion of this course, attendees will be able to:
Discuss the basics of a disaster recovery plan.
Explain what resilience is and identify an environment in which it is important.
- Explain why backups pose a potential security risk.
- Identify the types of tools used in computer forensics and their limitations
- Successfully apply data recovery techniques as a forensic tool
- Apply reverse engineering techniques to binaries and compiled data: Hex editing and decompilation
- Implement anti-reverse engineering methods for data obfuscation and camouflaging
- Understand side-channel attacks primarily targeted at cryptographic algorithms, and the mitigation of such attacks
- Apply defensive techniques including leakage reduction, noise injection, frequent key updates, physical random functions, and secure scan chains.