E-CIFR: Enterprise Cyber Incident Forensic Response

The IACIS Enterprise Cyber Incident Forensic Response (E-CIFR) class is a natural follow-on for the IACIS CIFR class.  It is an expansion of skills from analyzing a small number of systems using traditional imaging + manual analysis processes, to introducing and building skills that allow the student to analyze systems at scale, building and implementing toolsets to analyze systems spread across the network.  While attendance at CIFR is not a pre-requisite, E-CIFR builds on the CIFR skills of “what does intrusion or malware bad look like on a single system?” and provides the knowledge and skills to search for that same badness over hundreds or thousands of systems simultaneously.

Additionally, E-CIFR provides instruction on IR involving cloud architecture (AWS / Azure), endpoint security architecture such as Endpoint Detection and Response (EDR), log collection and analysis using ELK, common preparation concepts such as IR planning and hardening,

Throughout the week students will cover topics and lab exercises that include:  

Intro to AWS IR Intro to Azure IR Log collection and analysis with ELK
Endpoint Detection and Response (EDR) Use of TimeSketch for image and timeline analysis Velociraptor for network investigations
IR Planning Threat Intelligence concepts and tooling Hardening Guidelines (ISO, PCI, CIS, etc.)
Group Tabletop exercise Capstone Attack Exercise attack Capstone Attack Exercise analysis


WHEN:  April 29 – May3, 2024

COST: $2,495.00 US Dollars

EQUIPMENT: Classroom laptops will be given to the students to take home and keep.




Existing IACIS members: Log in with your credentials and go to the Products page to purchase and register for the course.

Non-IACIS members: Membership fee is waived with the purchase of the training course; however, to register for the course you must complete a membership application at the time of purchase. Purchase training course HERE.

****Payment MUST BE RECEIVED at least 45 days prior to the first day of class. Any payment arrangements other than payment through the website or payment via invoice must be approved by the IACIS Treasurer prior to admittance into the course. Please contact the treasurer for questions and approval (treasurer@iacis.com)

Cancellations within 45 days from the start of class to 31 days from the start of class will be subject to a $150 cancellation fee. There will be no refunds within 30 days from the start of class.****

* On-Site Check-in Times (student pickup of equipment, ID card, IACIS info) are:

             Sunday, April 28, 2023 : 1800 – 2100

             Monday, April 29, 2023: 0700 – 0800

* Please make arrangements to arrive in time to check-in so that you may be in class promptly the first day.


Please read the following notes regarding this class:

  1. Classes begin at 8:00 AM ET and conclude at 5:00 PM ET, each day, with a one-hour lunch break. Classes will end at 4:00 PM ET on the last day of class. Please do not arrange for departing flights prior to 7:00 PM ET to allow time for travel to the airport and any security clearances.
  2. The dress code for the conference is business casual (collared shirts and slacks). The wearing of shorts, flip flops, tank tops, etc. is not allowed in the classroom. Personal computers are not permitted in the classroom. Students are required to attend all classes to successfully complete the program. Students who fail to meet the attendance requirements will not be issued a certificate at the conclusion of the program.


You can find information about hotel booking HERE

CANCELLATION INFO: If IACIS is unable to hold their 2024 Orlando training event, then all students who have registered and paid, will have the option of a full refund or a reserved seat at the 2025 training event.  IACIS is not responsible for any outside expenses (e.g. travel and accommodation) in the event of the training event being cancelled.  Anyone who paid for training will receive complimentary membership through the year that his/her training takes place.