Does anyone know if there is any good hands-on training for incident response and digital forensics, or certification I need to take in order to gain more hands-on experience? Thanks and any helpful information is appreciated.
Asked
Active
Viewed 312 times
4
-
In the workplace or on your own time? – KDEx Feb 20 '16 at 04:40
-
I guess in my own time. SANS is just too expensive -- around $5000 for each course and I am still not sure if the company will pay for me. So are there other choices? Thanks. – Yang Yu Feb 22 '16 at 18:57
3 Answers
2
One good place to start is Open Security Training. Despite the site design, they have some quality material there for you to work through.
As you noted, you'll want some hands-on experience as well. Finding challenges online can help with this. You can look at test images (some will be old but still useful!) or, if you're looking more into incident response than digital forensics, the Honeynet Challenges and Malware Traffic Analysis exercises.
Kyle Maxwell
- 191
- 4
1
On IronGeek (or YouTube, and free):
- http://www.irongeek.com/i.php?page=videos/louisvilleinfosec2015/04-memory-acquisition-in-digital-forensics-and-incident-response-jason-hale
- http://www.irongeek.com/i.php?page=videos/derbycon2/brett-cunningham-beyond-strings-memory-analysis-during-incident-response
- http://www.irongeek.com/i.php?page=videos/grrcon2015/bumper-massage00-security-incident-response-derek-milroy
- http://www.irongeek.com/i.php?page=videos/derbycon3/s206-diy-forensics-when-incident-response-morphs-into-digital-forensics-john-sammons
- http://www.irongeek.com/i.php?page=videos/bsidescleveland2012/automating-incident-response-mick-douglas
- http://www.irongeek.com/i.php?page=videos/centralohioinfosec2015/modern-approach-to-incident-response-james-carder-and-jessica-hebenstreit
- http://www.irongeek.com/i.php?page=videos/circlecitycon2014/215-ten-commandments-of-incident-response-for-hackers-lesley-carhart
- http://www.irongeek.com/i.php?page=videos/derbycon4/t322-advanced-incident-response-with-bro-liam-randall-hectaman
- http://www.irongeek.com/i.php?page=videos/bsidescleveland2012/netflow-for-incident-response-jamison-budacki
- http://www.irongeek.com/i.php?page=videos/bsidesboston2015/205-next-gen-incident-management-building-out-a-modern-incident-management-capability-john-mcdonald
- http://www.irongeek.com/i.php?page=videos/derbycon2/3-2-4-jamie-murdock-how-to-create-a-one-man-soc
- http://www.irongeek.com/i.php?page=videos/circlecitycon2015/300-operationalizing-yara-chad-robertson
- http://www.irongeek.com/i.php?page=videos/converge2015/track102-adaptive-monitoring-and-detection-for-todays-landscape-jamie-murdock
- http://www.irongeek.com/i.php?page=videos/securewv2015/securewv06-the-art-of-post-infection-response-and-mitigation-caleb-j-crable
On SafariBooksOnline Videos (monthly-pay access):
- http://my.safaribooksonline.com/video/networking/forensic-analysis/9780132853835
- http://my.safaribooksonline.com/video/networking/forensic-analysis/9781466695917
- http://my.safaribooksonline.com/video/networking/forensic-analysis/9781771370615
- http://my.safaribooksonline.com/video/networking/security/9781466695979
On Udemy (one-time-pay access):
- https://www.udemy.com/ifci-expert-cybercrime-investigators-course/
- https://www.udemy.com/surviving-digital-forensics-memory-analysis-1/
- https://www.udemy.com/digital-evidence-acquisition-protecting-your-case/
- https://www.udemy.com/surviving-digital-forensics-ram-extraction-fundamentals/
- https://www.udemy.com/surviving-digital-forensics-memory-analysis-2/
- https://www.udemy.com/surviving-digital-forensics-imaging-a-mac-fusion-drive/
- https://www.udemy.com/draft/94110/
- https://www.udemy.com/reconcertification/
On PluralSight (one-time-pay access or monthly):
On Lynda (through LinkedIn, one-time-pay, or monthly-pay access):
atdre
- 18,885
- 6
- 58
- 107
0
SANS training is excellent: https://www.sans.org/course/advanced-incident-response-threat-hunting-training
Even just taking GCUX which had a 1 day IR training was very impactful.
Free blog : https://digital-forensics.sans.org/blog
james6125
- 211
- 1
- 8