The IACIS Enterprise Cyber Incident Response Forensics (E-CIFR) class is a natural follow-on for the IACIS CIFR class. It is an expansion of skills from analyzing a small number of systems using traditional imaging + manual analysis processes to introducing and building skills that allow the student to analyze systems at scale, building and implementing toolsets to analyze systems spread across the network. While attendance at CIFR is not a pre-requisite, E-CIFR builds on the CIFR skills of “what does intrusion or malware bad look like on a single system?” and provides the knowledge and skills to search for that same badness over hundreds or thousands of systems simultaneously.
Additionally, E-CIFR provides instruction on IR involving cloud architecture (AWS / Azure), endpoint security architecture such as Endpoint Detection and Response (EDR), log collection and analysis using ELK, common preparation concepts such as IR planning and hardening,
Throughout the week, students will cover topics and lab exercises that include:
| Intro to AWS IR | Intro to Azure IR | Log collection and analysis with ELK |
| Endpoint Detection and Response (EDR) | Use of TimeSketch for image and timeline analysis | Velociraptor for network investigations |
| IR Planning | Threat Intelligence concepts and tooling | Hardening Guidelines (ISO, PCI, CIS, etc.) |
| Group Tabletop exercise | Capstone Attack Exercise attack | Capstone Attack Exercise analysis |
WHEN: May 5 – 9, 2025
COST: $2,695.00 US Dollars
EQUIPMENT: Classroom laptops will be given to the students to take home and keep.
COURSE SYLLABUS:
COURSE COMPETENCIES:
REGISTRATION: 2025 Course Registration will open in August 2024.
Existing IACIS members, simply log in with your credentials and go to the Products page to purchase and register for the course.
For non-IACIS members, the membership fee is waived with the purchase of the training course; however, to register for the course, you must complete a membership application at the time of purchase. Purchase the training course HERE.
****Payment MUST BE RECEIVED at least 45 days prior to the first day of class. Any payment arrangements other than payment through the website or payment via invoice must be approved by the IACIS Treasurer prior to admittance into the course. Please contact the treasurer for questions and approval (treasurer@iacis.com)
Cancellations within 45 days from the start of class to 31 days from the start of class will be subject to a $150 cancellation fee. There will be no refunds within 30 days from the start of class.****
* On-Site Check-in Times (student pickup of equipment, ID card, IACIS info) are:
Sunday, May 4, 2025 : 1800 – 2000
Monday, May 5, 2025: 0700 – 0800
* Please make arrangements to arrive in time to check-in so that you may be in class promptly on the first day.
COURSE NOTES:
Please read the following notes regarding this class:
- Classes begin at 8:00 AM ET and conclude at 5:00 PM ET each day, with a one-hour lunch break. Classes will end at 4:00 PM ET on the last day of class. Please do not arrange for departing flights prior to 7:00 PM ET to allow time for travel to the airport and any security clearances.
- The dress code for the conference is business casual (collared shirts and slacks). The wearing of shorts, flip-flops, tank tops, etc., is not allowed in the classroom. Personal computers are not permitted in the classroom. Students are required to attend all classes to successfully complete the program. Students who fail to meet the attendance requirements will not be issued a certificate at the conclusion of the program.
HOTEL BOOKING: Hotel booking will open once classes have been opened for registration.
The course will be taught at the Caribe Royale Hotel, 8101 World Center Drive, Orlando, Florida 32821 (USA). This hotel is 16 miles from the Orlando International Airport; it has a large pool and spacious workout facility and is close to Disney World and Universal Studios.
Book via the Caribe Royale Hotel site here. Hotel booking will open once classes have been opened for registration. If you choose to stay at a different hotel and commute to the conference, you may be subject to parking fees per conference policy.
Or book via phone by calling the following numbers:
Reservations Toll-Free: 1-800-823-8300/1-888-258-7501 or the local number 407-238-8000.
CANCELLATION INFO: If IACIS is unable to hold the Orlando training event, then all students who have registered and paid will have the option of a full refund or a reserved seat at next year’s training event. IACIS is not responsible for any outside expenses (e.g., travel and accommodation) in the event of the training event being canceled. Anyone who paid for training will receive complimentary membership through the year that his/her training takes place.
