Windows incident response

You will be able to investigate end-to-end the incident involving notorious ransomware.

Master different tools including: ELK stack, PowerShell, Suricata, YARA and more in the fully configured virtual lab environment.

Learn from Kaspersky incident responders with more than 10 years of experience in the field.

Built for Tier 2 Analysts

Intermediate

$1,400 inc. tax per learner

Intermediate

$1,400 inc. tax per learner

Background

Are you looking to improve the expertise of your in-house digital forensics and incident response team? Or do you want to train yourself in the area of incident response to identify the complex attacks? This Kaspersky Windows Incident Response course brings you concentrated knowledge from the company’s Global Emergency Response Team (GERT) experts.

The course’s curriculum is heavily focused on practicing. Our experts will take you through all the stages of responding to an incident based on a real-life ransomware case.

You will master incident detection, evidence acquisition, log file analysis, network analysis and creation of IoCs, and also get introduced to memory forensics. You will be working in a simulated virtual environment with all the necessary tools to practice IR. Your coaches Ayman Shaaban and Kai Schuricht have handled security incidents for Kaspersky incident response customers around the globe. You will get not only super-clear theoretical knowledge but also tap into their up-to-date experience, skills and tips.

A Kaspersky report shows malware can survive in a company’s digital environment for months and even years under the radar. After completing the course you will be able to verify and handle threats quicker in order to minimize the impact and contain the damage.

Course leaders

Ayman Shaaban (@AymanShaaban)

Digital Forensics and Incident Response Group Manager

Ayman joined Kaspersky in 2014 as a security researcher and member of GERT. Currently, Ayman works as DFIR manager in GERT. He started his cyber security career in 2009. During his career, he has participated in building digital forensics labs and providing response and analysis for cyber incidents in different industries. He developed training courses on DFIR and delivered these courses to different entities around the globe. Ayman has a BSc in communication engineering and an MSc in cyber security. Ayman obtained different DFIR certificates and in 2016 he published his book “Practical Windows Forensics”.

Kai Schuricht (@kai_schuricht)

Cybersecurity expert

Kai started his career in the information security domain in 2010 as a security consultant and joined GERT in 2016 as an incident response specialist. Throughout his career, he has been involved in building digital forensic labs and providing responses to different variants of cyber incidents around the world. Beside the development and delivering of DFIR training globally, he also designs, conducts and evaluates tabletop exercises. Kai holds several international certifications like GCFA, GCFE, ECIR, ECTHP, CCSK, CISM and ISO/IEC 27035) and also a Diploma in Business Informatics (FH) and a M.Sc. in Digital Forensics.

Overview & objectives

Identify a cyber incident and how to respond to it
Understand various attack techniques
Differentiate between APTs and other threats
Apply live analysis on victim machines
Acquire evidence in a forensically sound environment
Upgrade your memory forensics skills
Apply log file analysis with regular expressions and ELK
Create better network and host-based IoCs
Test your network traffic forensics skills

Syllabus

Introduction

Foundation of information security. Cyber kill chain. Open-source intelligence.

Incident response process

Incident response process: from preparation to post-incident.

Incident detection: Network & System based

Live analysis on the victim machines with IRCD and PowerShell.

Evidence acquisition

Triage approach. Triage acquisition with Kape, Paladin, FTK-imager and Velociraptor. Applied sessions with FTK imager and Velociraptor.

Memory analysis

Memory forensics with the volatility framework.

Log file analysis

Log file analysis using command line tools up to ELK.

Network analysis

Network IOCs: Dumping network traffic. Network intrusion detection with Suricata. Network analysis tools.

Cyber Threat Intelligence (CTI)

Scanning for Indicators of Compromise (IOC). Host-based IOC scanning with YARA.

Who it's for

InfoSec professionals

For cybersecurity professionals who would like to upgrade technical analysis skills in the incident response domain.

Enterprises

For incident response and digital forensics teams, who are continuously enhancing their practical skills in incident remediation.

How you'll learn

Guided video lectures

Learn from Incident Response experts Ayman and Kai from the Global Emergency Response Team, GERT, who have years of experience working on real-live investigations.

Hands-on virtual lab

Practice in our fully configured virtual lab on real-life incident case.

Iterative learning

The course is structured around progressive learning with a consistent module framework based on specialist overviews of each task, practical work in the virtual lab and detailed solution walk-throughs.

Securelist

The home for all of Kaspersky’s cyberthreat research and reports.

Find out more

BrightTALK’s Kaspersky channel

Discover and learn with Kaspersky’s brightest professional.

Find out more

Kaspersky Threat Intelligence Portal

Scan files, domains, IP addresses & URLs for threats, malware and viruses.

Find out more

KLARA on GitHub

KLara helps Threat Intelligence researchers hunt for new malware using Yara.

Find out more

Team training

With a constantly evolving threat landscape it’s vital IT security specialists keep their skills up to date. With our online training, you can learn effective threat detection and mitigation strategies from the comfort if you’re home with highly practical hands-on courses.

Let’s talk