On This Page

Windows Enterprise Incident Response

Mandiant, A FireEye Company | August 4-5 & August 6-7



Overview

Attacks against computer systems continue to increase in frequency and sophistication. In order to effectively defend data and intellectual property, organizations must have the ability to rapidly detect and respond to threats. This intensive two-day course is designed to teach the fundamental investigative techniques needed to respond to today's threat. The class is built upon a series of hands-on labs that highlight the phases of a targeted attack, key sources of evidence, and the forensic analysis know-how required to analyze them. This class will primarily focus on analyzing Windows-based systems and servers; however, the techniques and investigative processes are applicable to all systems and applications. Students will learn how to conduct rapid triage on a system to determine if it is compromised, uncover evidence of initial attack vectors, recognize persistence mechanisms, investigate an incident throughout the enterprise, and much more.

Who Should Take this Course

This is a fast-paced technical course that is designed to provide hands-on experience with investigating targeted attacks and the analysis steps required to triage compromised systems. The content and pace is intended for students with some background in conducting forensic analysis, network traffic analysis, log analysis, security assessments, and penetration testing, or even security architecture and system administration duties. It is also well suited for those managing CIRT / incident response teams or in roles that require oversight of forensic analysis and other investigative tasks.

Student Requirements

Students must have:
a working understanding of the Windows operating system, file system, registry, and use of the command-line.
familiarity with Active Directory, basic Windows security controls, and common network protocols.

What Students Should Bring

Laptop or virtual machine running Windows 7 (32 or 64 bit). Students must possess Administrator rights to the system they will use during class and must be able to install software provided on a USB device.

What Students Will Be Provided With

Class handouts and slides
Thumb drive containing class materials, labs, and tools
Mandiant gear

Trainers

Instructors will be determined and bios will be provided as we near the event; however, they will be from the pool of seasoned instructors we use year after year.