We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.

Accept and Close

Contact us

Ask a question?

If you want to know anything about the course, we’re here to help.


Go to the Codebreakers competition here

Windows Incident Response

Course Overview

Are you looking to improve the expertise of your in-house digital forensics and incident response team? Or do you want to train yourself in the area of incident response to identify the complex attacks? This Kaspersky Windows Incident Response course brings you concentrated knowledge from the company’s Global Emergency Response Team (GERT) experts.

The course’s curriculum is heavily focused on practicing. Our experts will take you through all the stages of responding to an incident based on a real-life ransomware case.

You will master incident detection, evidence acquisition, log file analysis, network analysis and creation of IoCs, and also get introduced to memory forensics. You will be working in a simulated virtual environment with all the necessary tools to practice IR. Your coaches Ayman Shaaban and Kai Schuricht have handled security incidents for Kaspersky incident response customers around the globe. You will get not only super-clear theoretical knowledge but also tap into their up-to-date experience, skills and tips.

A Kaspersky report shows malware can survive in a company’s digital environment for months and even years under the radar. After completing the course you will be able to verify and handle threats quicker in order to minimize the impact and contain the damage.

Practice on real-life incident case

You will be able to investigate end-to-end the incident involving notorious ransomware.

Master specialized IR tools

Master different tools including: ELK stack, PowerShell, Suricata, YARA and more in the fully configured virtual lab environment.

Learn with the best

Learn from Kaspersky incident responders with more than 10 years of experience in the field.

All Levels

Level: Intermediate


$1,400 inc. tax per learner  

Enroll my team
Request demo access

Training objectives

By the end of the course you will:

  • Gain new skills through a practical challenge in virtual environment
  • Understand the phases of incident response
  • Know how to identify and respond to a cyber incident
  • Understand various attack techniques and targeted attack anatomy through the Cyber Kill Chain
  • Differentiate APTs from other threats
  • Apply live analysis on victim machines
  • Acquire evidence in a forensically sound environment
  • Upgrade your memory forensics skills
  • Apply log file analysis with regular expressions and ELK
  • Enhance cyber threat intelligence knowledge
  • Be able to create better network and host-based IoCs (Indicators of Compromise)
  • Test your network traffic forensics skills

Your course instructors

Ayman Profile Image

Ayman Shaaban (@AymanShaaban)

Digital Forensics and Incident Response Manager

Ayman joined Kaspersky in 2014 as a security researcher and member of GERT. Currently, Ayman works as DFIR manager in GERT. He started his cyber security career in 2009. During his career, he has participated in building digital forensics labs and providing response and analysis for cyber incidents in different industries. He developed training courses on DFIR and delivered these courses to different entities around the globe. Ayman has a BSc in communication engineering and an MSc in cyber security. Ayman obtained different DFIR certificates and in 2016 he published his book “Practical Windows Forensics”.

Kai Schuricht Profile Image

Kai Schuricht (@kai_schuricht)

Senior Incident Response Specialist

Kai started his career in the information security domain in 2010 as a security consultant and joined GERT in 2016 as an incident response specialist. Throughout his career, he has been involved in building digital forensic labs and providing responses to different variants of cyber incidents around the world. Beside the development and delivering of DFIR training globally, he also designs, conducts and evaluates tabletop exercises. Kai holds several international certifications like GCFA, GCFE, ECIR, ECTHP, CCSK, CISM and ISO/IEC 27035) and also a Diploma in Business Informatics (FH) and a M.Sc. in Digital Forensics.

Who it's for


InfoSec professionals
For cybersecurity professionals who would like to upgrade technical analysis skills in the incident response domain.


For incident response and digital forensics teams, who are continuously enhancing their practical skills in incident remediation.

How you'll learn


Guided video lectures
Learn from Incident Response experts Ayman and Kai from the Global Emergency Response Team, GERT, who have years of experience working on real-live investigations.

Active Learning

Hands-on virtual lab
Practice in our fully configured virtual lab on real-life incident case.

Virtual Lab

Iterative learning
The course is structured around progressive learning with a consistent module framework based on specialist overviews of each task, practical work in the virtual lab and detailed solution walk-throughs.


Benefits for you

Access Icon
6 months to complete your course from activation of your access code Bullet Tick
Pace Icon
Courses delivered in English with subtitles Bullet Tick
Course Duration
Self-guided learning that fits around your life Bullet Tick
Browser-based access to virtual lab
It will take you approximately 15 hours to finish the course Bullet Tick
Downloads Icon
PDF downloads of training materials & tips Bullet Tick
Mobile Access
Learning environment
Browser-based via desktop, mobile & tablet (excludes virtual lab which requires an RDP client) Bullet Tick
Course Author
Course author
Members of Kaspersky Global Emergency Response Team Bullet Tick
Guided Videos Icon
Guided videos
Over 40 videos to guide you through the course Bullet Tick
Virtual Lab Icon
Access to virtual lab
100 hours of virtual lab time for hands-on learning Bullet Tick
Technical Support Icon
Platform support
Available by email 0900 - 1730 UK time on standard business days via help.kasperskyxtraining.com Bullet Tick
Certification Icon
Certificate of completion
PDF document on a Kaspersky letterhead certifying the completion of the course, signed by the course leader(s) Bullet Tick

$1,400 inc. tax per learner  

Enroll my team
Request demo access