You will be able to investigate end-to-end the incident involving notorious ransomware.
Contact us
Ask a question?
If you want to know anything about the course, we’re here to help.
Windows Incident Response
Course Overview
Are you looking to improve the expertise of your in-house digital forensics and incident response team? Or do you want to train yourself in the area of incident response to identify the complex attacks? This Kaspersky Windows Incident Response course brings you concentrated knowledge from the company’s Global Emergency Response Team (GERT) experts.
The course’s curriculum is heavily focused on practicing. Our experts will take you through all the stages of responding to an incident based on a real-life ransomware case.
You will master incident detection, evidence acquisition, log file analysis, network analysis and creation of IoCs, and also get introduced to memory forensics. You will be working in a simulated virtual environment with all the necessary tools to practice IR. Your coaches Ayman Shaaban and Kai Schuricht have handled security incidents for Kaspersky incident response customers around the globe. You will get not only super-clear theoretical knowledge but also tap into their up-to-date experience, skills and tips.
A Kaspersky report shows malware can survive in a company’s digital environment for months and even years under the radar. After completing the course you will be able to verify and handle threats quicker in order to minimize the impact and contain the damage.
Practice on real-life incident case
Master specialized IR tools
Master different tools including: ELK stack, PowerShell, Suricata, YARA and more in the fully configured virtual lab environment.
Learn with the best
Learn from Kaspersky incident responders with more than 10 years of experience in the field.
Training objectives
By the end of the course you will:
- Gain new skills through a practical challenge in virtual environment
- Understand the phases of incident response
- Know how to identify and respond to a cyber incident
- Understand various attack techniques and targeted attack anatomy through the Cyber Kill Chain
- Differentiate APTs from other threats
- Apply live analysis on victim machines
- Acquire evidence in a forensically sound environment
- Upgrade your memory forensics skills
- Apply log file analysis with regular expressions and ELK
- Enhance cyber threat intelligence knowledge
- Be able to create better network and host-based IoCs (Indicators of Compromise)
- Test your network traffic forensics skills
Your course instructors
Ayman Shaaban (@AymanShaaban)
Digital Forensics and Incident Response Manager
Ayman joined Kaspersky in 2014 as a security researcher and member of GERT. Currently, Ayman works as DFIR manager in GERT. He started his cyber security career in 2009. During his career, he has participated in building digital forensics labs and providing response and analysis for cyber incidents in different industries. He developed training courses on DFIR and delivered these courses to different entities around the globe. Ayman has a BSc in communication engineering and an MSc in cyber security. Ayman obtained different DFIR certificates and in 2016 he published his book “Practical Windows Forensics”.
Kai Schuricht (@kai_schuricht)
Senior Incident Response Specialist
Kai started his career in the information security domain in 2010 as a security consultant and joined GERT in 2016 as an incident response specialist. Throughout his career, he has been involved in building digital forensic labs and providing responses to different variants of cyber incidents around the world. Beside the development and delivering of DFIR training globally, he also designs, conducts and evaluates tabletop exercises. Kai holds several international certifications like GCFA, GCFE, ECIR, ECTHP, CCSK, CISM and ISO/IEC 27035) and also a Diploma in Business Informatics (FH) and a M.Sc. in Digital Forensics.
Who it's for
InfoSec professionals
For cybersecurity professionals who would like to upgrade technical analysis skills in the incident response domain.
Enterprises
For incident response and digital forensics teams, who are continuously enhancing their practical skills in incident remediation.
How you'll learn
Guided video lectures
Learn from Incident Response experts Ayman and Kai from the Global Emergency Response Team, GERT, who have years of experience working on real-live investigations.
Hands-on virtual lab
Practice in our fully configured virtual lab on real-life incident case.
Iterative learning
The course is structured around progressive learning with a consistent module framework based on specialist overviews of each task, practical work in the virtual lab and detailed solution walk-throughs.
Syllabus
Introduction
Foundation of information security. Cyber kill chain. Open-source intelligence.
Incident response process
Incident response process: from preparation to post-incident.
Incident detection: Network & System based
Live analysis on the victim machines with IRCD and PowerShell.
Evidence acquisition
Triage approach. Triage acquisition with Kape, Paladin, FTK-imager and Velociraptor. Applied sessions with FTK imager and Velociraptor.
Memory analysis
Memory forensics with the volatility framework.
Log file analysis
Log file analysis using command line tools up to ELK.
Network analysis
Network IOCs: Dumping network traffic. Network intrusion detection with Suricata. Network analysis tools.
Cyber Threat Intelligence (CTI)
Scanning for Indicators of Compromise (IOC). Host-based IOC scanning with YARA.
Benefits for you
 |
6 months to complete your course from activation of your access code |  |
 |
Courses delivered in English with subtitles | |
 |
Self-guided learning that fits around your life | |
 |
It will take you approximately 15 hours to finish the course | |
 |
PDF downloads of training materials & tips | |
 |
Browser-based via desktop, mobile & tablet (excludes virtual lab which requires an RDP client) | |
 |
Members of Kaspersky Global Emergency Response Team | |
 |
Over 40 videos to guide you through the course | |
 |
100 hours of virtual lab time for hands-on learning | |
 |
Available by email 0900 - 1730 UK time on standard business days via help.kasperskyxtraining.com | |
 |
PDF document on a Kaspersky letterhead certifying the completion of the course, signed by the course leader(s) | |
$1,400 inc. tax per learner