incident response track

 
     

As the sophistication and threats caused by malicious attacks continue to increase, MANDIANT has raised the bar of effective detection, response, and remediation through our Incident Response (IR) courses.  

Courses Offered

Enterprise Incident Response

MANDIANT's  Enterprise Incident Response class is for information security professionals who respond to computer security incidents.  It is an operational course using case studies and hands-on lab xercises, ensuring attendees gain experience in each topic area.

Students will learn:

  • The different phases and activities of the incident response process
  • To rapidly detect or confirm attacks against Windows and Unix systems
  • To find, review, and interpret Windows and Unix log files
  • To perform live response on compromised Windows & UNIX systems
  • To collect the volatile evidence present on a live system prior to the system being powered down
  • To determine the function of unidentified executable processes
  • To recover deleted files from Kernel memory on UNIX systems
  • How to dump the memory associated with suspicious processes
  • To detect loadable kernel modules, rootkits, and trojaned files
  • Steps involved in the creation of a secure incident response toolkit
  • UNIX rootkits
  • To collect and post process critical logs and volatile information from UNIX and Microsoft environments with Log Parser
  • To find hidden files and export protected files such as hiberfil.sys and pagefile.sys from Windows systems with FTK imager

See full course description

Enterprise Incident Response Management

MANDIANT's  Enterprise Incident Response Management class is specifically designed for information security professionals who manage incidents and incident response teams.  This class introduces tried and true technical response methods and proven incident management techniques used every day by MANDIANT consultants. 

Students will learn:

  • The different phases and activities of the Incident Response process
  • To properly staff and prepare an Incident Response Team
  • To create working documentation and checklists usable during battle
  • How to prepare an enterprise network for agile incident response
  • To rapidly detect and confirm attacks against Windows and Unix systems
  • To find, review, and interpret Windows and Unix log files
  • To perform live response on compromised Windows & UNIX systems
  • To collect the volatile evidence present on a live system must prior to the system being powered down
  • To recover deleted files from Kernel memory on UNIX systems
  • How to dump the memory associated with suspicious processes
  • To detect loadable kernel modules, rootkits, and trojaned files
  • Steps involved in the creation of a secure Incident Response toolkit
  • To find hidden files and export protected files such as hiberfil.sys and pagefile.sys from Windows systems with FTK imager

See full course description

Incident Response - Lessons from the Cyber Battlefield

This interactive seminar is led by industry veteran Kevin Mandia. Kevin highlights the top threats facing your IT infrastructure, how these incidents have affected similar organizations and what you can do to minimize the risk to your organization. 

Course topics include:

  • Recent case studies
  • The Top 10 challenges when a security incident occurs
  • Incident response preparation - overcoming the challenges
  • An overview of applicable information security standards such as the PCI DSS, ISO, FISMA and SB 1386
  • How these standards and ever-changing legislation and regulations impact your information security program

See full course description

 

Contact education@mandiant.com to find out where our award-winning courses are being offered or to set-up a private class.

 

back to education

 

close window