Preparing for and Executing Incident Recovery

Whenever an incident happens, you have to figure out the “Who, What, Where, When”. This course will help you understand how to conduct an investigation, eradicate the incident and how to build out your own CSI (Cyber-Security Investigator) Jump-Bag.
Course info
Level
Beginner
Updated
Mar 19, 2018
Duration
3h 25m
Table of contents
Course Overview
Your Objectives Here
What Should Be in Your “Jump-bag”?
What About the Digital “Jump-bag”
Understanding the Incident Recovery Process
The Techniques of Recovery: Containment
The Techniques of Recovery: Eradication
The Techniques of Recovery: Validation and Corrective Actions
That’s a Wrap
Description
Course info
Level
Beginner
Updated
Mar 19, 2018
Duration
3h 25m
Description

Cybersecurity investigations are used to determine what events, changes, and other actions have happened on a device, who or what performed them, and what data is stored there. In this course, Preparing for and Executing Incident Recovery, you'll leanr how to conduct an investigation, eradicate the incident and how to build out your own CSI (Cyber-Security Investigator) Jump-Bag. First you'll learn how to be ready to conduct your own forensic investigations. Next, you'll learn what computer forensic techniques are used in a variety of scenarios, including police investigations, system misuse, compromise and malware analysis, and investigations related to internal policy violations. Then, you'll learn about how to create your own forensics kit, their contents, and the use of these devices and tools. Finally, you'll be shown some forensic suites and tools that provide you what you'll need to capture and preserve forensics data and to perform forensic investigations. By the end of this course, you will have discovered and developed new skills to tackle many cyber-security scenarios.

About the author
About the author

Dale Meredith received his Certified Ethical Hacker and Certified EC-Counsel Instructor certifications back in 2006, as well as being a Microsoft Certified Trainer since 1998 (yes we had computers back then). Dale takes great pride in helping students comprehend and simplify complex IT concepts.

More from the author
More courses by Dale Meredith
Section Introduction Transcripts
Section Introduction Transcripts

Course Overview
Hi everyone, my name is Dale Meredith, and I'd like to welcome you to my course, Preparing for and Executing Incident Recovery. And this is an exciting course because it actually covers the domains from the CSA+, the GCIH, and ECIH certification path. I know, it's like a buy one, get two free deal. I've been a trainer since 1998, as well as a cybersecurity trainer and consultant. I've worked with several corporate 500 companies, as well as the Department of Homeland Security on several different projects, I'd love to tell you about them, but then I'd have to kill you. Today's world is a complex and different world from five years ago, it's one marked by increased cyber attacks, some of which are forcing us to rewrite new rules. Beyond the increase and frequency of the attack, we're also facing an increase of the type of organizations that have become targets. It goes well beyond the traditional financial or government organizations. It's spreading to places like health care, retailers, as well as really any organization that has access to customer information and data. Look, the hard truth is we can't stop all breaches, but a rapid response and recovery to a security event can go a long way when it comes to minimizing the impact. Whether it's a financial or a reputation based impact. So let's get you trained on how to recover from an incident, okay? Some of the major topics we'll cover in this course will include how to create your own incident response team as well as how to write an appropriate recovery plan. And I've got some fun stuff for you too. We'll look at how to make sure you have all the tools you need by creating a jump bag. Both a physical one and a digital one that'll be full of cool tools, brah. By the end of this course you should have a great understanding of how to prepare yourself and your organization on how to handle the recovery process from containment to eradication to validation and finally to take corrective action. I've got you covered, before beginning this course, you should be familiar with the basic network typologies like TCP/IP and devices like routers and switches. You should also be somewhat familiar with different operating systems, such as Windows and Linux. Listen, I hope you'll join me in this adventure in learning with preparing for and executing incident recovery. Here at Pluralsight.