FOR508: Advanced Incident Response, Threat Hunting, and Digital Forensics
FOR508: Advanced Incident Response, Threat Hunting, and Digital Forensics Training (GCFA)
Threat hunting and Incident response tactics and procedures have evolved rapidly over the past several years. Your team can no longer afford to use antiquated incident response and threat hunting techniques that fail to properly identify compromised systems. The key is to constantly look for attacks that get past security systems, and to catch intrusions in progress, rather than after attackers have completed their objectives and done worse damage to the organization. For the incident responder, this process is known as ” threat hunting “. FOR508 teaches advanced skills to hunt, identify, counter, and recover from a wide range of threats within enterprise networks, including APT nation-state adversaries, organized crime syndicates, and hactivists.
Training at a glance
Level
Intermediate
Duration
6 Days
Experience
4 years: IT & Security
Average Salary
$140,000
Labs
Yes
Level
Intermediate
Duration
6 Days
Experience
4 years: IT & Security
Average Salary
$140,000
Labs
Yes
Training Details
Threat hunting and incident response tactics and procedures have evolved rapidly over the past several years. Your team can no longer afford to use antiquated incident response and threat hunting techniques that fail to properly identify compromised systems, provide ineffective containment of the breach, and ultimately fail to rapidly remediate the incident or contain propagating ransomware. Incident response and threat hunting teams are the keys to identifying and observing malware indicators and patterns of activity in order to generate accurate threat intelligence that can be used to detect current and future intrusions. This in-depth incident response and threat hunting course provides responders and threat hunting teams with advanced skills to hunt down, identify, counter, and recover from a wide range of threats within enterprise networks, including APT nation-state adversaries, organized crime syndicates, and ransomware operators.
FOR508: Advanced Incident Response and Threat Hunting Course will help you to:
- Understand attacker tradecraft to perform compromise assessments
- Detect how and when a breach occurred
- Quickly identify compromised and infected systems
- Perform damage assessments and determine what was read, stolen, or changed
- Contain and remediate incidents of all types
- Track adversaries and develop threat intelligence to scope a network
- Hunt down additional breaches using knowledge of adversary techniques
- Build advanced forensics skills to counter anti-forensics and data hiding from technical subjects
Lesson 1: Advanced Incident Response & Threat Hunting
Lesson 2: Intrusion Analysis
Lesson 3: Memory Forensics in Incident Response & Threat Hunting
Lesson 4: Timeline Analysis
Lesson 5: Incident Response & Hunting Across the Enterprise | Advanced Adversary & Anti-Forensics Detection
Lesson 6: The APT Threat Group Incident Response Challenge
Hands-On Cybersecurity Training
- Detect how and when attack happened
- Quickly identify compromised and infected systems
- Perform damage assessments and determine what was read, stolen, or changed
- Contain and remediate incidents
- Hunt down additional breaches using knowledge of the adversary
- Incident Response Team Members who regularly respond to complex security incidents/intrusions from APT groups/advanced adversaries and need to know how to detect, investigate, remediate, and recover from compromised systems across endpoints in the enterprise.
- Threat Hunters who are seeking to understand threats more fully and how to learn from them in order to more effectively hunt threats and counter their tradecraft.
- SOC Analysts looking to better understand alerts, build the skills necessary to triage events, and fully leverage advanced endpoint detection and response (EDR) capabilities.
- Experienced Digital Forensic Analysts who want to consolidate and expand their understanding of memory and timeline forensics, investigation of technically advanced individuals, incident response tactics, and advanced intrusion investigations.
- Detection Engineers requiring a better understanding of attacker tradecraft to build more effective intrusion detection mechanisms.
- Information Security Professionals who directly support and aid in responding to data breach incidents and intrusions.
- Federal Agents and Law Enforcement Professionals who want to master advanced intrusion investigations and incident response, and expand their investigative skills beyond traditional host-based digital forensics.
- Red Team Members, Penetration Testers, and Exploit Developers who want to learn how their opponents can identify their actions, how common mistakes can compromise operations on remote systems, and how to avoid those mistakes. This course covers remote system forensics and data collection techniques that can be easily integrated into post-exploit operating procedures and exploit-testing batteries.
- SANS FOR500 and SEC504 Graduates looking to take their skills to the next level.
NICE Framework Work Roles
- Cyber Defense Incident Responder (OPM 531)
- All Source-Collection Manager (OPM 311)
- All Source-Collection Requirements Manager (OPM 312)
- Cyber Operator (OPM 321)
- Cyber Crime Investigator (OPM 221)
- Law Enforcement /CounterIntelligence Forensics Analyst (OPM 211)
- Cyber Defense Forensics Analyst (OPM 212)
FOR508 is an advanced incident response and threat hunting course that focuses on detecting and responding to advanced persistent threats and organized crime threat groups.The course does not cover the basics of incident response policies or digital forensics.
We recommend that you should have a background in FOR500: Windows Forensics prior to attending this course.
Depending on your current role or future plans, one of these courses is a great next step in your cybersecurity journey:
Forensics Professionals Focused on Networks
- FOR528: Ransomware and Cyber Extortion
Malware Analysis & Threat Intelligence
- FOR578: Cyber Threat Intelligence
- FOR610: Reverse-Engineering Malware: Malware Analysis Tools and Techniques
Forensics & Media Exploitation
- FOR498: Digital Acquisition and Rapid Triage
Upcoming Classes
We Offer More Than Just SANS Training
Our successful training results keep our corporate and military clients returning. That’s because we provide everything you need to succeed. This is true for all of our courses.
Strategic Planning & Project Management
From Lean Six Sigma to Project Management Institute Project Management Professional, Agile and SCRUM, we offer the best-in-class strategic planning and project management training available. Work closely with our seasoned multi-decade project managers.
IT & Cybersecurity
ATA is the leading OffSec and Hack the Box US training provider, and a CompTIA and EC-Council award-winning training partner. We offer the best offensive and defensive cyber training to keep your team ahead of the technology skills curve.
Leadership & Management
Let us teach your team the high-level traits and micro-level tools & strategies of effective 21st-century leadership. Empower your team to play to each others’ strengths, inspire others and build a culture that values communication, authenticity, and community.
