IT forensics have become a vital part in handling security incidents, with system administrators often left alone with detection of incidents, initiating an investigation and aiding investigators in the collection of required evidence. Furthermore, many administrators are not trained in their role of forensic investigation and do not receive the necessary guidance before they are thrown in at the deep end.
The first module showed system administrators the basic organisational steps to forensic incident handling and introduced methods and tools to collect the various forms of evidence data.
The upcoming second module will focus on the analysis part of the forensic process, using open-source to dissect obfuscated or encoded bits of information, search disk and memory images for indicators of compromise (IOCs), and create super-timelines.
This training programme consists of five live online sessions. Please note that you only need to register once in order to attend all or selected training sessions from this programme.
The Zoom link will be sent to participants the week before the first event.
PLEASE NOTE: ALL SESSIONS WILL BE RECORDED AND RECORDINGS PUBLISHED ON THE WEB PAGES OF GEANT AND DFN-CERT.
Registrants will be notified when session recordings become available. You are advised to register even if you cannot attend all sessions so that you can watch recordings.