Overview
-
This course prepares you for the Operations and Incident Response domain of the Security+ exam, covering incident responses and investigations, as well as digital forensic techniques.
Syllabus
-
Introduction
- Operations and incident response
- What you need to know
- Study resources
- Build an incident response program
- Creating an incident response team
- Incident communications plan
- Incident identification
- Escalation and notification
- Mitigation
- Containment techniques
- Incident eradication and recovery
- Validation
- Post-incident activities
- Incident response exercises
- MITRE ATT&CK
- Diamond Model of Intrusion Analysis
- Cyber kill chain analysis
- Logging security information
- Security information and event management
- Cloud audits and investigations
- Conducting investigations
- Evidence types
- Introduction to forensics
- System and file forensics
- File carving
- Creating forensic images
- Digital forensics toolkit
- Operating system analysis
- Password forensics
- Network forensics
- Software forensics
- Mobile device forensics
- Embedded device forensics
- Chain of custody
- Ediscovery and evidence production
- Exploitation frameworks
- Continuing your studies
