Download Interent ExplorerDownload Apple SafariDownload OperaDownload FirefoxDownload Google Chrome

GIAC Certified Incident Handler (GCIH) Training

GIAC Certified Incident Handler (GCIH) Training

GIAC Certified Incident Handler (GCIH) Training:

GIAC Certified Incident Handler (GCIH) Training – Hands-On

Get the skills you need to detect, respond to and resolve computer security incidents in just 5 days. On this accelerated GIAC Certified Incident Handler Training (GCIH) course, you’ll develop the skills and knowledge needed to manage sensitive security incidents.

As organisations strive to improve their cyber security, Incident Handlers are increasingly in demand and the GCIH certification qualifies you for this critical role. Our GCIH training will prepare you for the GIAC Certified Incident Handler (GCIH) exam and provides knowledge equivalent to the SANS SEC504: Hacker Tools, Techniques, Exploits and Incident Handling.

GIAC Certified Incident Handler (GCIH) Training covers the following topics:

  • GIAC Certified Incident Handler (GCIH): Incident response overview
  • GIAC Certified Incident Handler (GCIH): Common attacks, anatomy and coordination
  • GIAC Certified Incident Handler (GCIH): Network forensics, tools and analysis
  • GIAC Certified Incident Handler (GCIH): CFE role, disk forensics, passwords and more
  • GIAC Certified Incident Handler (GCIH): Other forensics areas and exam review
  • And more…

Incident response stages

The GIAC Certified Incident Handler (GCIH) Training Workshop focuses on the five key incident response stages:

  • Planning – Preparing the right process, people and technology enables organizations to effectively respond to security incidents
  • Identification – Scoping the extent of the incident and determining which networks and systems have been compromised and to what degree
  • Containment – Preventing the incident from further escalation using information gathered in identification stage
  • Eradication – Removing intruder access to internal and external company resources
  • Recovery and lessons learned – Restoring fully operational system capability and closing out the incident by proper reporting and lessons learned meetings
Your Registration Includes
  • 5 days of GIAC Certified Incident Handler (GCIH) Training with an expert instructor
  • GCIH Courseware and Study Guide
  • GCIH Sample Exam questions
  • 100% Satisfaction Guarantee
Related Courses
GIAC Certified Incident Handler(GCIH) – Customize It:
  • We can adapt this GIAC Certified Incident Handler (GCIH) course to your group’s background and work requirements at little to no added cost.
  • If you are familiar with some aspects of this GIAC Certified Incident Handler (GCIH) course, we can omit or shorten their discussion.
  • We can adjust the emphasis placed on the various topics or build the GIAC Certified Incident Handler (GCIH) course around the mix of technologies of interest to you (including technologies other than those included in this outline).
  • If your background is nontechnical, we can exclude the more technical topics, include the topics that may be of special interest to you (e.g., as a manager or policy-maker), and present the GIAC Certified Incident Handler (GCIH) course in manner
GIAC Certified Incident Handler (GCIH) – Audience/Target Group:

The target audience for this GIAC Certified Incident Handler (GCIH) Workshop course:

  • Incident Handlers
  • Legal professionals
  • Systems Administrator
  • Security Practitioners and Managers
  • Threat Hunters
  • Incident Response Team Members
  • Digital Forensics Engineers
  • Law enforcement professionals looking to expand into computer crime investigations
  • IT pros being tasked with corporate forensics and incident handling
GIAC Certified Incident Handler (GCIH) – Prerequisites:

The knowledge and skills that a learner must have before attending this GIAC Certified Incident Handler (GCIH) are:

  • Basic understanding of computer networking and fundamental security concepts
  • General knowledge of networking protocols
  • Working knowledge of the Windows OS and command line
  • Basic exposure to Linux
GIAC Certified Incident Handler (GCIH) – Objectives:

After attending our GIAC Certified Incident Handler (GCIH) Workshop, you will have the ability to:

  • Firmly understand the provisions of IT law
  • Successfully define evidence-handling procedures
  • Comprehend the general rules of evidence
  • Apply fundamental computer and mobile forensics concepts to forensic investigations
  • Identify key technologies relevant to computer forensics
  • Acquire forensic evidence
  • Locate forensic artifacts in various operating systems
  • Analyze extracted evidence and properly report findings
GIAC Certified Incident Handler (GCIH) Training – Course Outline:

Day 1: Incident response overview

  • Course introduction
  • Responding to incidents
    • Incident response today
    • Incident response needs
    • Current cyber threat landscape
  • IR definitions
  • The stages of incident response
    • Planning/preparation
    • Identification
    • Containment
    • Eradication
    • Recovery
    • Post-incident activity (lessons learned)
  • Incident response team members
  • Incident evidence
    • Chain of custody
    • Evidence types
    • Incident evidence
    • Evidence handling
  • Incident response tools
    • File system navigation tools
    • Hashing tools
    • Binary search tools
    • Imaging tools for bit-stream image copies
    • Deep retrieval tools
    • File chain and directory navigation tools
    • IR case management tools

Day 2: Common attacks, anatomy and coordination

  • Commonly used attacks
    • Precursors and indicators
    • Types of attacks
      • Network attacks
      • Botnets
      • Denial-of-service (DDoS) attacks
      • Email attacks
      • Malicious code (malware)
      • Overflow attacks
      • Ransomware
      • Client attacks
      • Compromise of privileged accounts
      • Insider attacks
      • Web application attacks
    • Anatomy of an attack
      • Reconnaissance
      • Scanning
      • Exploit
      • Maintaining access
      • Covering tracks on networks and systems
  • Incident response coordination
    • IR coordination benefits
    • Trusted communication paths
    • Information sharing techniques

Day 3: Network forensics, tools and analysis

  • Network forensics
    • Internet and networking basics
    • IP addressing
    • Understanding protocols (TCP, UDP, ICMP, DHCP)
    • Approach to network forensics
    • Network logs
  • Network security tools
    • Network devices and appliances
    • Port scanners
    • Packet sniffers and traffic analyzers
    • Network scanners
    • Firewalls
    • IDS/IPS
    • Remote access technologies
    • File integrity tools
    • Anti-malware
  • Log analysis
    • Importance of logs
    • Top 10 logging practices
    • Log management and control
    • SIEM
    • Main sources of data
    • Log analysis tools
    • Normal traffic signatures
    • Abnormal traffic signatures
  • Protocol analysis
    • TCP/IP concepts
    • TCP deep dive
    • Ports and sockets
    • Understanding headers
  • Wireless analysis
    • Wireless networking fundamentals
    • Wireless security solutions
    • Wireless attacks
    • Wireless PKI
  • Live analysis
    • Live forensics overview
    • Order of volatility
    • Live forensics tools
  • Web traffic analysis
    • Web signatures
    • DNS record types
    • Browser data locations
  • Email analysis
    • Email structure
    • Email protocols
    • Message analysis techniques
    • Outlook files
    • Email analysis tools

Day 4: CFE role, disk forensics, passwords and more

  • Role of the computer forensics examiner
    • Scope of authority
    • 4 steps to success
    • SWGDE
    • Legal aspects
  • Disk forensics
    • Image copy of disks
    • Imaging process and tools
    • Image analysis
    • Deleted files and other recovery areas
    • Slack
    • Data hiding techniques
  • Passwords and encryption
    • Protected storage
    • Password protected vs. password encrypted
    • Password recovery tools
    • Windows passwords
    • Password cracking
  • Memory forensics
    • Memory forensics definition and objectives
    • Memory artifacts
    • Dumping memory
    • Memory forensics tools
  • Windows swap file
    • Pagefile.sys
    • Policy and registry setting
    • Recovering the swap file

Day 5: Other forensics areas and exam review

  • Cell phone forensics
    • Cell phone technologies and operating systems
    • Cell phone communications
    • Android forensics challenges
    • Common tools
    • iOS forensics challenges
    • Common tools
  • Reverse engineering
    • Reverse engineering definition and objectives
    • Assembly language and machine code
    • Disassemblers
    • Hardcoded data
  • Exploit kits
    • Malware development kits
    • Evasion techniques
  • GCIH exam review
GIAC Certified Incident Handler Training (GCIH) course Wrap-Up

GIAC Certified Incident Handler (GCIH) Training

Whether you are looking for general information or have a specific question, we want to help!

Request More Information

    Time frame: