About the course
This hands-on training course aims to deliver fundamental theoretical and practical skills to handle and respond to computer security incidents. The course addresses underlying principles and techniques for detecting and responding to current and emerging computer security threats. Several different incident handling cases are simulated to students with a focus on: incident detection and description, information gathering, analysis tools and techniques, incident handling phases by using RTIR (or related) tool. All teaching material is based on illustrative real-life cases and their analysis.
This course was developed under NRD Cyber Security as ITU Center of Excellence work program. The training is designed for Computer Security Incident Response Team (CSIRT), Security Operation Centre (SOC) members, all incident handlers, IT professionals and anyone who is interested in incident handling and response.
After the course, participants will be able to:
- Apply incident response general workflow principles;
- Follow incident response procedure by using RTIR tool;
- Conduct basic analysis of email messages and retrieve actionable data from email headers;
- Investigate incidents by executing the system event log analysis;
- Carry out incident root cause analysis;
- Perform basic network forensics analysis.