Level 3: Qualified DFIR Practitioner (DFIRP)

Level 3: Qualified DFIR Practitioner (DFIRP)

This six day Digital Forensics and Incident Response course gives delegates the skills and knowledge required to work effectively as a certified forensic and incident response professional. It has been mapped against the International Institute of Security Professionals Cyber Security Skills Framework at Level 3.

What will you learn:

- How to containing potentially malicious software securely and safely.

- How to use tools and evidence to determine the malware used in an attack, including rootkits, backdoors, and Trojan horses, and choose appropriate defences and response tactics.

- How to use built-in command-line tools to detect an attacker's presence on a machine.

- How to use memory dumps and memory analysis tools to determine an attacker's activities, the malware installed, and the pivot points used by the attacker across the network.

- How to detect the artefacts and impact of exploitation through process, file, memory, and log analysis.

- How to find compromised machines, attacker-controlled accounts, sniffers, and backdoors.

- How to build an isolated, controlled laboratory environment for analysing the code and behaviour of malicious programs.

Certification:

GCHQ Certified Security Operations Centre Incident Responder

Prerequisite:

- Networking knowledge

- Windows Administration

- Linux

- Python Language

- Digital Forensics And incident response (DFIRA)