GIAC Certified Incident Handler (GCIH) Training
Get the skills you need to detect, respond to and resolve computer security incidents in just 5 days. On this accelerated GIAC Certified Incident Handler (GCIH) Training course, you’ll develop the skills and knowledge needed to manage sensitive security incidents.
As organisations strive to improve their cyber security, Incident Handlers are increasingly in demand and the GCIH certification qualifies you for this critical role. Our GCIH training will prepare you for the GIAC Certified Incident Handler (GCIH) exam.
Incident response stages
The GIAC Certified Incident Handler (GCIH) Workshop focuses on the five key incident response stages:
- Planning – Preparing the right process, people and technology enables organizations to effectively respond to security incidents
- Identification – Scoping the extent of the incident and determining which networks and systems have been compromised and to what degree
- Containment – Preventing the incident from further escalation using information gathered in identification stage
- Eradication – Removing intruder access to internal and external company resources
- Recovery and lessons learned – Restoring fully operational system capability and closing out the incident by proper reporting and lessons learned meetings
Your Registration Includes
- Five days of the best hands-on incident response training in the industry
- GCIH Courseware and Study Guide
- GCIH Sample Exam questions
- 100% Satisfaction Guarantee
Exam Information
- Questions: 100 – 150 Questions
- Duration: 4 Hours
- Passing score: 70%
- 1 proctored exam
Duration: 5 days
RESOURCES
- GIAC Certified Incident Handler (GCIH) Training – https://www.wiley.com/
- GIAC Certified Incident Handler (GCIH) Training – https://www.packtpub.com/
- GIAC Certified Incident Handler (GCIH) Training – https://store.logicaloperations.com/
- GIAC Certified Incident Handler (GCIH) Training – https://us.artechhouse.com/
- GIAC Certified Incident Handler (GCIH) Training – https://www.amazon.com/
RELATED COURSES
- GIAC Certified Intrusion Analyst (GCIA) Training
- GIAC Security Essentials Certification (GSEC) Training
- GIAC Security Leadership Certificate (GSLC) Training
CUSTOMIZE It
- We can adapt this GIAC Certified Incident Handler (GCIH) Training course to your group’s background and work requirements at little to no added cost.
- If you are familiar with some aspects of this GIAC Certified Incident Handler (GCIH) course, we can omit or shorten their discussion.
- We can adjust the emphasis placed on the various topics or build the GIAC Certified Incident Handler (GCIH) Course around the mix of technologies of interest to you (including technologies other than those included in this outline).
- If your background is nontechnical, we can exclude the more technical topics, include the topics that may be of special interest to you (e.g., as a manager or policy-maker), and present the GIAC Certified Incident Handler (GCIH) course in manner understandable to lay audiences.
AUDIENCE/TARGET GROUP
The target audience for this GIAC Certified Incident Handler (GCIH) course:
- Incident handlers
- Incident handling team leads
- System administrators
- Security practitioners
- Security architects
- Any security personnel that are first responders
CLASS PREREQUISITES
The knowledge and skills that a learner must have before attending this GIAC Certified Incident Handler (GCIH) course are:
- Basic understanding of computer networking and fundamental security concepts
- General knowledge of networking protocols
- Working knowledge of the Windows OS and command line
- Basic exposure to Linux
GIAC Certified Incident Handler (GCIH) Training - OBJECTIVES
Upon completing this GIAC Certified Incident Handler (GCIH) course, learners will be able to meet these objectives:
- Firmly understand the provisions of IT law
- Successfully define evidence-handling procedures
- Comprehend the general rules of evidence
- Apply fundamental computer and mobile forensics concepts to forensic investigations
- Identify key technologies relevant to computer forensics
- Acquire forensic evidence
- Locate forensic artifacts in various operating systems
- Analyze extracted evidence and properly report findings
GIAC Certified Incident Handler (GCIH) Training - COURSE SYLLABUS
Day 1: Incident response overview
- Course introduction
- Responding to incidents
- Incident response today
- Incident response needs
- Current cyber threat landscape
- IR definitions
- The stages of incident response
- Planning/preparation
- Identification
- Containment
- Eradication
- Recovery
- Post-incident activity (lessons learned)
- Incident response team members
- Incident evidence
- Chain of custody
- Evidence types
- Incident evidence
- Evidence handling
- Incident response tools
- File system navigation tools
- Hashing tools
- Binary search tools
- Imaging tools for bit-stream image copies
- Deep retrieval tools
- File chain and directory navigation tools
- IR case management tools
Day 2: Common attacks, anatomy and coordination
- Commonly used attacks
- Precursors and indicators
- Types of attacks
- Network attacks
- Botnets
- Denial-of-service (DDoS) attacks
- Email attacks
- Malicious code (malware)
- Overflow attacks
- Ransomware
- Client attacks
- Compromise of privileged accounts
- Insider attacks
- Web application attacks
- Anatomy of an attack
- Reconnaissance
- Scanning
- Exploit
- Maintaining access
- Covering tracks on networks and systems
- Incident response coordination
- IR coordination benefits
- Trusted communication paths
- Information sharing techniques
Day 3: Network forensics, tools and analysis
- Network forensics
- Internet and networking basics
- IP addressing
- Understanding protocols (TCP, UDP, ICMP, DHCP)
- Approach to network forensics
- Network logs
- Network security tools
- Network devices and appliances
- Port scanners
- Packet sniffers and traffic analyzers
- Network scanners
- Firewalls
- IDS/IPS
- Remote access technologies
- File integrity tools
- Anti-malware
- Log analysis
- Importance of logs
- Top 10 logging practices
- Log management and control
- SIEM
- Main sources of data
- Log analysis tools
- Normal traffic signatures
- Abnormal traffic signatures
- Protocol analysis
- TCP/IP concepts
- TCP deep dive
- Ports and sockets
- Understanding headers
- Wireless analysis
- Wireless networking fundamentals
- Wireless security solutions
- Wireless attacks
- Wireless PKI
- Live analysis
- Live forensics overview
- Order of volatility
- Live forensics tools
- Web traffic analysis
- Web signatures
- DNS record types
- Browser data locations
- Email analysis
- Email structure
- Email protocols
- Message analysis techniques
- Outlook files
- Email analysis tools
Day 4: CFE role, disk forensics, passwords and more
- Role of the computer forensics examiner
- Scope of authority
- 4 steps to success
- SWGDE
- Legal aspects
- Disk forensics
- Image copy of disks
- Imaging process and tools
- Image analysis
- Deleted files and other recovery areas
- Slack
- Data hiding techniques
- Passwords and encryption
- Protected storage
- Password protected vs. password encrypted
- Password recovery tools
- Windows passwords
- Password cracking
- Memory forensics
- Memory forensics definition and objectives
- Memory artifacts
- Dumping memory
- Memory forensics tools
- Windows swap file
- Pagefile.sys
- Policy and registry setting
- Recovering the swap file
Day 5: Other forensics areas and exam review
- Cell phone forensics
- Cell phone technologies and operating systems
- Cell phone communications
- Android forensics challenges
- Common tools
- iOS forensics challenges
- Common tools
- Reverse engineering
- Reverse engineering definition and objectives
- Assembly language and machine code
- Disassemblers
- Hardcoded data
- Exploit kits
- Malware development kits
- Evasion techniques
- GCIH exam review
GIAC Certified Incident Handler (GCIH) Training Course Wrap-Up
Whether you are looking for general information or have a specific question, we want to help.
Request More Information