Windows Enterprise Incident Response
Request InformationCybersecurity Discipline:Windows Enterprise Incident Response
What does crime scene investigation look like if the scene is virtual? This Mandiant course teaches the fundamental investigative techniques you need to respond to cyber threats. You'll learn to conduct rapid triage on a system to determine whether it is compromised, uncover evidence of initial attack vectors, recognize persistence mechanisms and investigate an incident throughout an enterprise. Discover how attackers move around in a compromised Windows environment and explore information management that enriches the investigative process and bolsters an enterprise security program.Length
4 modules (self-paced)Cost
Installment payments are now available on all course purchases!
Knowledge AreasIncident response processSystem triageThreat intelligenceAnomaly detectionThreat huntingKnown threat actor TTPsRemediation phase in an enterprise investigation
4 Live Hands-On Labs
4-6 Hours of Work per Module
Your Subject Matter Expert:
“When you’re looking for how to get better as an incident responder, you’re looking for certain assumptions on the part of the attacker. You’re asking yourself what evidence is being created, what investigative tools do I have that the attacker is just not aware of, or might not be aware of?”
This cybersecurity course provides a thorough understanding of fundamental investigative techniques needed to respond to today’s cyber threats. Although this course is focused on Windows-based systems and servers, the techniques and investigative processes can be applied to all systems and applications. Join Mandiant experts in detailed discussions of common forms of endpoint, network and file-based forensic evidence collection and their limitations.
Module 1: Single System Analysis
Identify core sources of evidence and then analyze the collected evidence. Determine which IoCs will provide the most value to an investigation. Construct a timeline of events to build a narrative of an attack.
Module 2: Enterprise Response
Differentiate single system and enterprise evidence. Combine evidence from multiple systems to construct a more complete narrative of an attack. Scope the incident through the attack lifecycle.
Module 3: Response Management
Outline investigation management plans and detail the considerations for remediation actions and timing. Explain the importance of validating remediation.
Module 4: Threat Hunting
Differentiate threat hunting from incident response. Describe the threat hunting process and develop and implement a threat hunting program.
Joseph Perry is a Senior Technical Instructor at FireEye Mandiant with more than a decade's worth of experience working in cybersecurity. He began his career as a Cryptographic Technician in the U.S. Navy, where he was the youngest Sailor ever offered a position at the Navy's elite Cyber Warfare Development Group. During his time there, he learned programming in four languages, worked on the development of the Navy's most sophisticated Cyberwarfare assets and became the first Enlisted Sailor in history to be accepted the National Security Agency's CNODP/GDP. After graduating from the program, Perry went on to work in the Research and Development arm of the National Security Agency.
After leaving the federal government, he began his career in cybersecurity education for the private sector, providing education to more than half a million people worldwide.
Today, Perry works as the Senior Technical Instructor for Mandiant and provides technical, professional and awareness training and consultation to organizations ranging from gaming clubs and Fortune 50 companies to national and international agencies.
Ashley Frazer holds a degree in electrical engineering and started her professional career designing electrical production wiring diagrams for military aircraft. After four years as an electrical engineer, Frazer joined the FBI as a Special Agent. Following graduation from the FBI Academy, she served on the St. Louis Division's Cyber Squad and was a member of the Evidence Response and Crisis Negotiation Teams. She transferred to the FBI's Honolulu Division after five years in St. Louis and continued to investigate Cyber Crimes with a focus on national security and financially-motivated computer intrusions. In this role, she was responsible for the management of investigations, interviews of victims, subjects, sources, digital evidence collection, and host and network-based forensic analysis.
Frazer is currently a Senior Incident Response Consultant in Mandiant's Denver office. As part of the Incident Response Team, Ashley leads Incident Response, Compromise Assessment, and Computer forensic engagements. She also serves as an instructor for Mandiant's Windows and Linux Enterprise Incident Response courses.