<MASTERCLASS> System Forensics and Incident Handling

No.1 Security Expert, Paula Januszkiewicz

11 - 15 June 2018

  • Duration: 5 days
  • Location: Semos Education, Skopje
  • Language: English
  • Price: 999 EUR
  • Apply to the linkApplication

Target audience

Enterprise administrators, infrastructure architects, security professionals, systems engineers, network administrators, IT professionals, security consultants and other people responsible for implementing network and perimeter security.


Author’s unique tools, over 300 pages of exercises, presentations slides with notes.

Lecturer: Paula Januszkiewicz

Paula Januszkiewicz is the IT Security Auditor and Penetration Tester, Enterprise Security MVP and trainer (MCT) and Microsoft Security Trusted Advisor. She is also a top speaker at many well-known conferences including Microsoft Ignite, TechEd North America, TechEd Europe, TechEd Middle East, RSA, TechDays, CyberCrime, etc.
Paula has conducted hundreds of IT security audits and penetration tests, including those for governmental organizations. Her distinct specialization is definitely on security solutions, in which she holds multiple certifications, besides being familiar with and possessing certifications in other related technologies. Paula is passionate about sharing her knowledge with others.

Training Overview

  • Module 1: Introduction to Incident Response and Handling
    • Types of Computer Security Incidents
    • Examples of Computer Security Incidents
    • Signs of an Incident
    • Incident Prioritization
    • Incident Response
    • Incident Handling
  • Module 2: System and Network Security Mechanisms
    • Integrity Levels
    • Anti-malware & Firewalls
    • Application Whitelisting, Application Virtualization
    • Privileged Accounts, Authentication, Monitoring, and UAC
    • Whole Disk Encryption
    • Browser Security
    • EMET
    • Dangerous Endpoint Applications Session Zero
    • Privileges, permissions and rights
    • Passwords security (techniques for getting and cracking passwords
    • Registry Internals
    • Monitoring Registry Activity
    • Boot configuration
    • Services architecture
    • Access tokens
    • Web Application Firewall
    • HTTP Proxies, Web Content Filtering, and SSL Decryption
    • SIMs, NIDS, Packet Captures, and DLP
    • Honeypots/Honeynets
    • Network Infrastructure – Routers, Switches, DHCP, DNS
    • Wireless Access Points
  • Module 3: Incident Response and Handling Steps
    • How to Identify an Incident
    • Handling Incidents Techniques
    • Incident Response Team Services
    • Defining the Relationship between Incident Response, Incident Handling, and Incident Management
    • Incident Response Best Practices
    • Incident Response Policy
    • Incident Response Plan Checklist
  • Module 4: Handling Network Security Incidents
    • Denial-of-Service Incidents
    • Distributed Denial-of-Service Attack
    • Detecting DoS Attack
    • Incident Handling Preparation for DoS
    • DoS Response and Preventing Strategies
    • Following the Containment Strategy to Stop DoS
    • Detecting Unauthorized Access Incident
    • Incident Handling Preparation
    • Incident Prevention
    • Following the Containment Strategy to Stop Unauthorized Access
    • Eradication and Recovery
    • Detecting the Inappropriate Usage Incidents
    • Multiple Component Incidents
    • Containment Strategy to Stop Multiple Component Incidents
    • Network Traffic Monitoring Tools
  • Module 5: Handling Malicious Code Incidents
    • Count of Malware Samples
    • Virus, Worms, Trojans and Spywares
    • Incident Handling Preparation
    • Incident Prevention
    • Detection of Malicious Code
    • Containment Strategy
    • Evidence Gathering and Handling
    • Eradication and Recovery
  • Module 6: Securing Monitoring Operations
    • Industry Best Practices
    • Critical Security Controls
    • Host, Port and Service Discovery
    • Vulnerability Scanning
    • Monitoring Patching, Applications, Service Logs
    • Detecting Malware via DNS logs
    • Monitoring Change to Devices and Appliances
    • Leveraging Proxy and Firewall Data
    • Configuring Centralized Windows Event Log Collection
    • Monitoring Critical Windows Events
    • Detecting Malware via Windows Event Logs
    • Scripting and Automation
    • Importance of Automation
    • PowerShell
  • Module 7: Forensics Basics
    • Computer Forensics
    • Objectives of Forensics Analysis
    • Role of Forensics Analysis in Incident Response
    • Forensic Readiness And Business Continuity
    • Types of Computer Forensics
    • Computer Forensic Investigator
    • Computer Forensics Process
    • Collecting Electronic Evidence
    • Challenging Aspects of Digital Evidence
    • Forensics in the Information System Life Cycle
    • Forensic Analysis Guidelines
    • Forensics Analysis Tools
    • Memory acquisition techniques
    • Finding data and activities in memory
    • Tools and techniques to perform memory forensic