Masterclass: System Forensics and Incident Handling

It is a must-go for enterprise administrators, security officers and architects. Delivered by one of the best people in the market in the security field – with practical knowledge from tons of successful projects, many years of real-world experience, great teaching skills and no mercy for misconfigurations or insecure solutions.

+ alv./VAT

Pahoittelemme mutta tiedossa ei ole seuraavia kurssipäiviä.
Ole hyvä ja ole yhteydessä myyntiin: 020 7776 670 tai

This is a deep dive course on security operations

The secure infrastructure configuration should be the most important line of defense in every organization. Unfortunately, people, the most valuable resource, are not always aware of the level of security in their companies, possible points of entry, how operating systems are attacked, and how to protect the infrastructure from successful attacks which are sometimes caused by configuration mistakes. Understanding internal OS protection mechanisms and services/roles completely provides a huge impact on the whole infrastructure security level. Unfortunately, the problem is… rarely anyone has this impact!

This course is a must-go for enterprise administrators, security officers and architects.

This is a deep dive course on security operations: vulnerability management, anomalies detection, discovery of industry attacks and threats, understanding how compromised system or solution looks like, defining the indicators of the attack, incident handling also daily servicing on SIEM platform. We will also walk through the advanced access rights, password mechanisms, windows internals, PowerShell usage for security purposes, gaining unauthorized access, advanced DNS configuration and common configuration mistakes, forensics techniques, Active Directory security, IIS Security, debugging, advanced monitoring and troubleshooting and much more! Topics covered during this training will help you to walk in hackers’ shoes and evaluate your infrastructure from their point of view.

What to expect:

The training focuses on detecting, responding, and resolving computer security incidents and covers the following security techniques:

▪ The steps of the incident handling process
▪ Detecting malicious applications and network activity
▪ Common attack techniques that compromise hosts
▪ Detecting and analyzing system and network vulnerabilities
▪ Continuous process improvement by discovering the root causes of incidents

It is a must-go for enterprise administrators, security officers and architects. Delivered by one of the best people in the market in the security field – with practical knowledge from tons of successful projects, many years of real-world experience, great teaching skills and no mercy for misconfigurations or insecure solutions.

Target audience:

Enterprise administrators, infrastructure architects, security professionals, systems engineers, network administrators, IT professionals, security consultants and other people responsible for implementing network and perimeter security.


Author’s unique tools, over 300 pages of exercises, presentations slides with notes.


Module 1: Introduction to Incident Response and Handling
1. Types of Computer Security Incidents
2. Examples of Computer Security Incidents
3. Signs of an Incident
4. Incident Prioritization
5. Incident Response
6. Incident Handling

Module 2: System and Network Security Mechanisms
1. Integrity Levels
2. Anti-malware & Firewalls
3. Application Whitelisting, Application Virtualization
4. Privileged Accounts, Authentication, Monitoring, and UAC
5. Whole Disk Encryption
6. Browser Security
8. Dangerous Endpoint Applications Session Zero
9. Privileges, permissions and rights
10. Passwords security (techniques for getting and cracking passwords
11. Registry Internals
12. Monitoring Registry Activity
13. Boot configuration
14. Services architecture
15. Access tokens
16. Web Application Firewall
17. HTTP Proxies, Web Content Filtering, and SSL Decryption
18. SIMs, NIDS, Packet Captures, and DLP
19. Honeypots/Honeynets
20. Network Infrastructure – Routers, Switches, DHCP, DNS
21. Wireless Access Points

Module 3: Incident Response and Handling Steps
1. How to Identify an Incident
2. Handling Incidents Techniques
3. Incident Response Team Services
4. Defining the Relationship between Incident Response, Incident Handling, and Incident Management
5. Incident Response Best Practices
6. Incident Response Policy
7. Incident Response Plan Checklist

Module 4: Handling Network Security Incidents
1. Denial-of-Service Incidents
2. Distributed Denial-of-Service Attack
3. Detecting DoS Attack
4. Incident Handling Preparation for DoS
5. DoS Response and Preventing Strategies
6. Following the Containment Strategy to Stop DoS
7. Detecting Unauthorized Access Incident
8. Incident Handling Preparation
9. Incident Prevention
10. Following the Containment Strategy to Stop Unauthorized Access
11. Eradication and Recovery
12. Detecting the Inappropriate Usage Incidents
13. Multiple Component Incidents
14. Containment Strategy to Stop Multiple Component Incidents
15. Network Traffic Monitoring Tools

Module 5: Handling Malicious Code Incidents
1. Count of Malware Samples
2. Virus, Worms, Trojans and Spywares
3. Incident Handling Preparation
4. Incident Prevention
5. Detection of Malicious Code
6. Containment Strategy
7. Evidence Gathering and Handling
8. Eradication and Recovery

Module 6: Securing Monitoring Operations
1. Industry Best Practices
2. Critical Security Controls
3. Host, Port and Service Discovery
4. Vulnerability Scanning
5. Monitoring Patching, Applications, Service Logs
6. Detecting Malware via DNS logs
7. Monitoring Change to Devices and Appliances
8. Leveraging Proxy and Firewall Data
9. Configuring Centralized Windows Event Log Collection
10. Monitoring Critical Windows Events
11. Detecting Malware via Windows Event Logs
12. Scripting and Automation
13. Importance of Automation
14. PowerShell

Module 7: Forensics Basics
1. Computer Forensics
2. Objectives of Forensics Analysis
3. Role of Forensics Analysis in Incident Response
4. Forensic Readiness And Business Continuity
5. Types of Computer Forensics
6. Computer Forensic Investigator
7. Computer Forensics Process
8. Collecting Electronic Evidence
9. Challenging Aspects of Digital Evidence
10. Forensics in the Information System Life Cycle
11. Forensic Analysis Guidelines
12. Forensics Analysis Tools
13. Memory acquisition techniques
14. Finding data and activities in memory
15. Tools and techniques to perform memory forensic

System Forensics and Incident Handling is delivered by our partner CQURE:

CQURE Team consists of highly talented Experts, who collectively have over 300 years of experience in the IT security field.

Our passion makes us hard workers and our curiosity push us to solve difficult problems or to keep trying till we do. Basically, we are always tracking current threats. We proudly use our knowledge to make sure your infrastructure stays tight and secure.

CQURE logo

This masterclass is proudly presented together with CQURE.


Avainsanat: ,


Paikkoja jäljellä:
Ei paikkarajoitusta
3900,00  + alv./VAT


Mika Seitsonen

Mika Seitsonen

Mika on kouluttanut ja konsultoinut Microsoft-teknologioita Soveltolla ja maailmalla jo yli kaksikymmentä vuotta. Viime vuodet Mika on keskittynyt Microsoftin identiteetti- ja tietoturvateknologioiden (Azure AD, AD FS, PKI) ja pilvipalveluiden (Microsoft Azure ja Microsoft 365) koulutukseen ja konsultointiin. Mika vastaa Sovelton teknologiat-osaamisalueen kehittämisestä.

DI, M.Sc., MCSE: Productivity, Microsoft Certified: Azure Fundamentals, Azure Administrator Associate, MCT, ITIL Foundation 2011.

Älä lennä suojelusenkeliäsi kovempaa!