Cyber Incident Forensics Response

IACIS Cyber Incident Forensic Response

The IACIS Cyber Incident Forensic Response (CIFR) Training Program is a 2-week course of instruction designed to provide students with detailed study of traces left behind on computers and networks unique to intrusions and malware incidents.  At the conclusion of this course, students will have a clear understanding of responding to and managing intrusions and malware incidents, what artifacts are left during these incidents, and how knowledge of these artifacts can play a significant role in the forensic and investigative processes.

Through a variety of lectures, instructor-led and independent hands-on practical exercises, and independent laboratory activities, students will learn how to find traces left behind on Windows and Linux operating systems and on network devices, focusing on identifying intrusion and malware artifacts.  Students will spend a week focusing their analysis at the network level, analyzing a variety of logs, investigating network traffic captures and conducting drive analysis and imaging across a network.  Additionally, students will spend a week at the host level, focusing on intrusion and malware artifacts on Windows and Linux hosts.  Finally, students will become familiar with RAM capture and analysis, and basic malware analysis concepts.

The CIFR Training Program is designed to build on and expand one’s existing forensic knowledge and skill set and is not an entry level class.  Prospective students are expected to be proficient with Windows forensics and common forensic concepts and tools.  Students should be competent with the use of virtualization software (VMWare, Virtualbox, etc.) and, since portions of the analysis are conducted with a Linux VM, students should be competent at basic Linux file system navigation commands (ls, mkdir, etc.)  Students will be provided an analysis system during the class but will be provided instructions for bringing Windows and Linux VMs with them for use during the class. 

PREREQUISITE: Membership Required.

WHEN:  May 1st – May 12th, 2017 Registration is closed

Location: This course is taught at the Orlando Marriott Hotel in Lake Mary, Florida (USA). See the link “Book your group rate” at bottom of page.


Existing IACIS members simply log in with your credentials and go to the products page to purchase and register for the course.

For non-IACIS members, the membership fee is waived with the purchase of the training course; however to register for the course you must complete a membership application at the time of purchase.

Apply for membership and purchase the course on the PRODUCTS PAGE.

COST: $2,795 US Dollars

  • Cancellation of this class may occur if there are insufficient students registered. In the event of a cancellation, personnel will typically be notified by e-mail within 48 hours of the registration closure date. IACIS is not responsible for any individual expenses incurred as a result of a cancellation. The limit of IACIS financial liability is a full refund of the course fee.  ***This class is confirmed and will be held.***

****Payment MUST BE RECEIVED at least 30 days prior to the first day of class. Any payment arrangements other than payment through the website or payment via invoice must be approved by the IACIS Treasurer prior to admittance into the course. Please contact the treasurer for questions and approval (

Cancellations within 45 days from the start of class to 30 days from the start of class will be subject to a $150 cancellation fee. There will be no refunds within 30 days from the start of class.****

COURSE SYLLABUS:    CIFR Syllabus  CIFR Course Competencies

COURSE NOTES: Please read the following notes regarding this class:

Classes begin at 8:00 AM ET and conclude at 5:00 PM ET, each day, with a one hour lunch break. Classes will end at 5:00 PM ET on the last day of class. Please do not arrange for departing flights prior to 7:00 PM ET to allow time for travel to the airport and any security clearances.

The dress code for the conference is business casual (collared shirts and slacks). The wearing of shorts, flip flops, tank tops, etc. is not allowed in the classroom. Personal computers are not permitted in the classroom.Students are required to attend all classes to successfully complete the program. Students who fail to meet the attendance requirements will not be issued a certificate at the conclusion of the program.

Hotel Booking
You will find the information for your online reservation link below. If you have questions or need help with the link, please do not hesitate to ask. We appreciate your business and look forward to a successful event.

Rates are valid for the following dates.
4/28/17 thru 5/13/17
Last day to book: 4/7/17
Marriott hotel(s) offering your special group rate:
> Orlando Marriott Lake Mary  for 91 USD  per night: Special rate sold out
Book your group rate for IACIS

Overflow nearby hotels

$91 Traditional Rooms Reservation Link:

$121 Executive Club Access Rooms Reservation Link:

IACIS / International Association of Computer Investigative Specialists
Start date: 4/28/17
End date: 5/14/17
Last day to book: 4/7/17
Marriott hotel(s) offering your special group rate:
Courtyard Orlando Lake Mary/North for 91.00 USD per night
Book your group rate for IACIS / International Association of Computer Investigative Specialists

Group Name: IACIS
Group Code: IAC
Check-in: 29-APR-2017
Check-out: 13-MAY-2017
Hotel Name: Homewood Suites by Hilton Lake Mary
Hotel Address: 755 Currency Circle
Lake Mary, Florida
Phone Number: 407-805-9111

Reserve Homewood Suites for IACIS rooms here