The International Association of Computer Investigative Specialists

E-CIFR: Enterprise Cyber Incident Forensic Response

E-CIFR Course Overview

The IACIS Enterprise Cyber Incident Response Forensics (E-CIFR) course is a natural follow-on for the IACIS CIFR course.  It is an expansion of skills from analyzing a small number of systems using traditional imaging + manual analysis processes to introducing and building skills that allow the student to analyze systems at scale, building and implementing toolsets to analyze systems spread across the network.  While attendance at CIFR is not a pre-requisite, E-CIFR builds on the CIFR skills of “what does intrusion or malware bad look like on a single system?” and provides the knowledge and skills to search for that same badness over hundreds or thousands of systems simultaneously.

Additionally, E-CIFR provides instruction on IR involving cloud architecture (AWS / Azure), endpoint security architecture such as Endpoint Detection and Response (EDR), log collection and analysis using ELK, common preparation concepts such as IR planning and hardening, 

  • Intro to AWS IR
  • Intro to Azure IR
  • Log collection and analysis with ELK
  • Endpoint Detection and Response (EDR)
  • Use of TimeSketch for image and timeline analysis
  • Velociraptor for network investigations
  • IR Planning
  • Threat Intelligence concepts and tooling
  • Hardening Guidelines (ISO, PCI, CIS, etc.)
  • Group Tabletop exercise
  • Capstone Attack Exercise attack
  • Capstone Attack Exercise analysis

Quick Details

Core Competencies / Details

There are nine competency areas addressed in the E-CIFR course

  1. SIEM
  2. Endpoint Detection & Response (EDR)
  3. Velociraptor – Ability to traverse networks (*velociraptor is the tool)*
  4. TimeSketch
  5. Azure
  6. AWS
  7. Enterprise Security Fundamentals
  8. Cyber Threat Intelligence (CTI)
  9. Capstone Exercise

Download PDFPlease click here to download the official E-CIFR Core Competencies document which includes details for each core competency.

Download DOcument

IACIS ChairGuided by industry-leading professionals, including a distinguished IACIS Chair, the E-CIFR course content stays consistently updated to reflect the latest cybersecurity and digital forensic best practices.

See Upcoming Events

Apply knowledge towards:

CFCE IACIS Certification

CFCE

Certified Forensic Computer Examiner Program

CAWFE IACIS Certification

ICMDE

Certified Mobile Device Examiner

CMDE IACIS Certification

CAWFE

Certified Advanced Windows Forensic Examiner

2025 Orlando Training Conference
2025
Orlando, FL
Learn More
See More Events
Upcoming events Details of the next event for this course

Where and When is the E-CIFR Course Offered?

IACIS offers the E-CIFR course at multiple locations, accommodating the varied schedules of our professional audience. For course dates and locations, please visit our EVENTS page.

How to Register for this Course

Existing IACIS members, simply log in with your IACIS credentials and go to the PURCHASE TRAINING page to purchase and register for the course.

For non-IACIS members, the membership fee is waived with the purchase of the training course; however, to register for the course you must complete a membership application at the time of purchase. Go to the PURCHASE TRAINING page to purchase and register for the course and complete your membership application.

Register Now
Skip to content