IACIS Cyber Incident Forensic Response
- Joining a domain
- Use of net.exe commands
- Use Wireshark to reinforce network concepts
- Wireshark investigation scenario
- Using Linux for log analysis (cut, grep, egrep, regex, etc.)
- Remote imaging using ssh/dd (2 labs)
- Remote imaging using dd/netcat
- Remote imaging using FTKi CLI/netcat
- Remote imaging/analysis with NBD Server
- Remote analysis with Forensic Explorer (FEX)
- Remote analysis with Google Rapid Response (GRR)
- Compromised web server log analysis
- SSH attack scenario
- Windows event log analysis
- Compromised Windows image analysis (including registry analysis)
- Linux compromised image analysis (including bash history analysis)
- RAM acquisition
- RAM analysis with Bulk Extractor
- RAM analysis with Volatility
- Configure REMNUX system
- Dynamic malware analysis (malware metadata, malware runtime behavior, trojaned document analysis)
- Attack the systems (mimikatz, meterpreter back door shells with Empire, ransomware)
- Capstone attack exercise: remote imaging/analysis, RAM analysis, image analysis, malware runtime analysis, shellcode script decoding and analysis
LOCATION FOR THE APRIL 2018 CLASS:
The 2018 course will be taught at the Caribe Royale Hotel, 8101 World Center Drive, Orlando, Florida 32821 (USA). This hotel has much more conference space than our previous hotel. Additionally, it’s closer to the Orlando International Airport, has a much larger pool, spacious workout facility and is very close to Disney World and Universal Studios. Registration is now open! Please visit the “Book your Room” link at the bottom of the page.
You will find the information for your online reservation link below. If you have questions or need help with the link, please do not hesitate to ask. We appreciate your business and look forward to a successful event.
Rates are valid for the following dates:
4/21/18 thru 5/6/18
Caribe Royale is offering a special group rate of $121/night (US Government Rate)
Last day to book at the special group rate: 4/1/18
Existing IACIS members simply log in with your credentials and go to the products page to purchase and register for the course.
For non-IACIS members, the membership fee is waived with the purchase of the training course; however to register for the course you must complete a membership application at the time of purchase.
Apply for membership and purchase the course on the PRODUCTS PAGE.
COST: $2,795 US Dollars
- Cancellation of this class may occur if there are insufficient students registered. In the event of a cancellation, personnel will typically be notified by e-mail within 48 hours of the registration closure date. IACIS is not responsible for any individual expenses incurred as a result of a cancellation. The limit of IACIS financial liability is a full refund of the course fee.
****Payment for the April 2018 class MUST BE RECEIVED at least 45 days prior to the first day of class. Any payment arrangements other than payment through the website or payment via invoice must be approved by the IACIS Treasurer prior to admittance into the course. Please contact the treasurer for questions and approval (email@example.com). Cancellations within 45 days from the start of class to 30 days from the start of class will be subject to a $150 cancellation fee. There will be no refunds within 30 days from the start of class.****
COURSE SYLLABUS: CIFR Syllabus CIFR Course Competencies
COURSE NOTES: Please read the following notes regarding this class:
Classes begin at 8:00 AM ET and conclude at 5:00 PM ET, each day, with a one hour lunch break. Classes will end at 5:00 PM ET on the last day of class. Please do not arrange for departing flights prior to 7:00 PM ET to allow time for travel to the airport and any security clearances.
The dress code for the conference is business casual (collared shirts and slacks). The wearing of shorts, flip flops, tank tops, etc. is not allowed in the classroom. Personal computers are not permitted in the classroom. Students are required to attend all classes to successfully complete the program. Students who fail to meet the attendance requirements will not be issued a certificate at the conclusion of the program.