RSS feed logo header graphic

Black Hat USA 2008 Training

Caesars Palace Las Vegas • August 2-3 & August 4-5

Incident Response Black Hat Edition

MANDIANT and Kevin Mandia

registration button

Course Description

As the sophistication and threats caused by malicious attacks continue to increase, Mandiant has raised the bar of effective detection, response, and remediation by introducing our Incident Response (IR) class.  This two-day Special Edition class has been specifically designed for information security professionals and analysts who respond to computer security incidents.  It is designed as an operational course, using case studies and hands-on lab exercises to ensure attendees are gaining experience in each topic area. Hands on exercises and labs in Windows Intrusion and UNIX Intrusion as well as the following topics are covered:

  • The different phases and activities of the IR process
  • The roles and responsibilities of each member of the IR team
  • Create IR checklists and notification lists
  • How to rapidly detect or confirm attacks
  • How to find, review, and interpret Windows and Unix log files
  • Perform live response on a compromised server
  • Learn what volatile evidence is present on a live system before it is powered down
  • Determine the function of unidentified executable processes
  • Detect loadable kernel modules, rootkits, and trojaned files
  • Run rootkits to learn their impact on a live system, and how to respond

What You Will Get:

  • Student Manual
  • Class handouts
  • MANDIANT gear
  • Free Tools CD with course tools and scripts

Who Should Attend the Class:
Information technology staff, information security staff, corporate investigators, or other staff that require an understanding of how networks work, how to capture network traffic, how to investigate network use, how to identify and escalate suspected computer security incidents, and how to safeguard corporate assets via network defense

Basic knowledge of computer, network, and operating system fundamentals is required.


Kevin Mandia is an internationally recognized expert in the field of information security. He has over fifteen years experience, beginning in the military as a computer security officer at the Pentagon. He has assisted attorneys, corporations, and government organizations with matters involving information security compliance, complex litigation support, computer forensics, expert testimony, network attack and penetration testing. Mr. Mandia established Mandiant specifically to bring together a core group of industry leaders in this field and solve client’s most difficult information security challenges.

Prior to forming Mandiant, Kevin built the computer forensics and investigations group at Foundstone from its infancy to a multi-million dollar global practice that performed civil litigation support and incident response services.  As technical and investigative lead, Mr. Mandia responded on-site to dozens of computer security incidents yearly. He assisted numerous financial services and large organizations in handling and discretely resolving computer security incidents. He also led Foundstone’s computer forensic examiners in supporting numerous criminal and civil cases. He has provided expert testimony on matters involving theft of intellectual property and international computer intrusion cases.

During his career, Mr. Mandia has become an extremely experienced instructor. He has developed specialized classes for the Federal Bureau of Investigations, and personally trained over four-hundred FBI agents in investigating computer crime. He has also developed specialized training for the United States Attorney’s Office, United States Secret Service, United States Air Force, State Department, the Royal Canadian Mounted Police, and other government agencies. He has trained at the FBI Academy, the National Advocacy Center, and the Federal Law Enforcement Training Center. He developed classes approved by the Continuing Legal Education (CLE) boards in the States of Virginia, New York, and California, and has trained hundreds of attorneys in the technical aspects of computer forensics and network intrusions. In addition to training law enforcement and attorneys, Kevin has provided on-site training at numerous Fortune 500 organizations. He has been a professorial lecturer at Carnegie Mellon University and currently teaches courses at The George Washington University.

Mr. Mandia is co-author of "Incident Response: Performing Computer Forensics" (McGraw-Hill, 2003) and "Incident Response: Investigating Computer Crime" (McGraw-Hill, 2001). He has also written articles for SC Magazine and The International Journal of Cyber Crime. As a noted expert and author, Mr. Mandia is frequently invited to speak at a variety of forums, from legal conferences to technical security forums.  He is regularly scheduled to present at Black Hat, Networld+Interop, TechnoSecurity, and the High Technology Crime Investigators Association.  Mr. Mandia continues to advance the state-of-the-industry by presenting well-received articles and books.

Kevin holds a Master of Science in Forensic Science from The George Washington University. He is a Certified Information Systems Security Professional, and has held government security clearances at the Top Secret and higher levels. 

registration button

Ends May 1

Ends July 1

Ends July 31

Begins August 1

$2200 USD

$2400 USD

$2600 USD

$2900 USD
1997-2009 Black Hat ™