Windows Enterprise Incident Response

Cybersecurity Discipline:
Windows Enterprise Incident Response

What does crime scene investigation look like if the scene is virtual? This Mandiant course teaches the fundamental investigative techniques you need to respond to cyber threats. You'll learn to conduct rapid triage on a system to determine whether it is compromised, uncover evidence of initial attack vectors, recognize persistence mechanisms and investigate an incident throughout an enterprise. Discover how attackers move around in a compromised Windows environment and explore information management that enriches the investigative process and bolsters an enterprise security program.

Length
4 modules (self-paced)
Cost
$3,000
Next Start
Continuous Enrollment

Installment payments are now available on all course purchases!

Knowledge Areas

Incident response process
System triage
Threat intelligence
Anomaly detection
Threat hunting
Known threat actor TTPs
Remediation phase in an enterprise investigation
percent icon

100% Online

timer icon

4 Live Hands-On Labs

module icon

4 Modules

pencil and paper icon

4-6 Hours of Work per Module

digital badge for Windows Enterprise Incident Response from EmergingEd powered by FireEye

Digital Badge

Joseph Perry

Your Subject Matter Expert:

Joseph Perry


“When you’re looking for how to get better as an incident responder, you’re looking for certain assumptions on the part of the attacker. You’re asking yourself  what evidence is being created, what investigative tools do I have that the attacker is just not aware of, or might not be aware of?”

Course Modules

This cybersecurity course provides a thorough understanding of fundamental investigative techniques needed to respond to today’s cyber threats. Although this course is focused on Windows-based systems and servers, the techniques and investigative processes can be applied to all systems and applications. Join Mandiant experts in detailed discussions of common forms of endpoint, network and file-based forensic evidence collection and their limitations.

Module 1: Single System Analysis

Identify core sources of evidence and then analyze the collected evidence. Determine which IoCs will provide the most value to an investigation. Construct a timeline of events to build a narrative of an attack.

Module 2: Enterprise Response

Differentiate single system and enterprise evidence. Combine evidence from multiple systems to construct a more complete narrative of an attack. Scope the incident through the attack lifecycle.

Module 3: Response Management

Outline investigation management plans and detail the considerations for remediation actions and timing. Explain the importance of validating remediation.

Module 4: Threat Hunting

Differentiate threat hunting from incident response. Describe the threat hunting process and develop and implement a threat hunting program.

Ready to redefine your future?

Get started with EmergingEd today.


Joseph Perry

Joseph Perry is a Senior Technical Instructor at FireEye Mandiant with more than a decade's worth of experience working in cybersecurity. He began his career as a Cryptographic Technician in the U.S. Navy, where he was the youngest Sailor ever offered a position at the Navy's elite Cyber Warfare Development Group. During his time there, he learned programming in four languages, worked on the development of the Navy's most sophisticated Cyberwarfare assets and became the first Enlisted Sailor in history to be accepted the National Security Agency's CNODP/GDP. After graduating from the program, Perry went on to work in the Research and Development arm of the National Security Agency.

After leaving the federal government, he began his career in cybersecurity education for the private sector, providing education to more than half a million people worldwide.

Today, Perry works as the Senior Technical Instructor for Mandiant and provides technical, professional and awareness training and consultation to organizations ranging from gaming clubs and Fortune 50 companies to national and international agencies.

Ashley Frazer

Ashley Frazer holds a degree in electrical engineering and started her professional career designing electrical production wiring diagrams for military aircraft. After four years as an electrical engineer, Frazer joined the FBI as a Special Agent. Following graduation from the FBI Academy, she served on the St. Louis Division's Cyber Squad and was a member of the Evidence Response and Crisis Negotiation Teams. She transferred to the FBI's Honolulu Division after five years in St. Louis and continued to investigate Cyber Crimes with a focus on national security and financially-motivated computer intrusions. In this role, she was responsible for the management of investigations, interviews of victims, subjects, sources, digital evidence collection, and host and network-based forensic analysis.

Frazer is currently a Senior Incident Response Consultant in Mandiant's Denver office. As part of the Incident Response Team, Ashley leads Incident Response, Compromise Assessment, and Computer forensic engagements. She also serves as an instructor for Mandiant's Windows and Linux Enterprise Incident Response courses.