GIAC Certified Incident Handler (GCIH) Training

Print Friendly, PDF & Email
Introduction

GIAC Certified Incident Handler (GCIH) Training Course with Hands-on Labs (Online, Onsite and Classroom Live)

Get the skills you need to detect, respond to and resolve computer security incidents in just 5 days. On this accelerated GIAC Certified Incident Handler (GCIH) course, you'll develop the skills and knowledge needed to manage sensitive security incidents.

As organisations strive to improve their cyber security, Incident Handlers are increasingly in demand and the GCIH certification qualifies you for this critical role. Our GCIH training will prepare you for the GIAC Certified Incident Handler (GCIH) exam and provides knowledge equivalent to the SANS SEC504: Hacker Tools, Techniques, Exploits and Incident Handling.

Incident response stages

The GIAC Certified Incident Handler (GCIH) Training Workshop focuses on the five key incident response stages:

  • Planning – Preparing the right process, people and technology enables organizations to effectively respond to security incidents
  • Identification – Scoping the extent of the incident and determining which networks and systems have been compromised and to what degree
  • Containment – Preventing the incident from further escalation using information gathered in identification stage
  • Eradication – Removing intruder access to internal and external company resources
  • Recovery and lessons learned – Restoring fully operational system capability and closing out the incident by proper reporting and lessons learned meetings

Duration: 5 days

Your Registration Includes

  • Five days of the best hands-on incident response training in the industry
  • GCIH Courseware and Study Guide
  • GCIH Sample Exam questions
  • 100% Satisfaction Guarantee

Exam Information

  • Questions: 100 – 150 Questions
  • Duration: 4 Hours
  • Passing score: 73%
  • 2 Practice Exams
Related Courses
Customize It!
  • We can adapt this GIAC Certified Incident Handler (GCIH) Training course to your group’s background and work requirements at little to no added cost.
  • If you are familiar with some aspects of this GIAC Certified Incident Handler (GCIH) Training course, we can omit or shorten their discussion.
  • We can adjust the emphasis placed on the various topics or build the GIAC Certified Incident Handler (GCIH) Training course around the mix of technologies of interest to you (including technologies other than those included in this outline).
  • If your background is nontechnical, we can exclude the more technical topics, include the topics that may be of special interest to you (e.g., as a manager or policy-maker), and present the GIAC Certified Incident Handler (GCIH) Training course in manner understandable to lay audiences.
GIAC Certified Incident Handler (GCIH) Training - Audience / Target Group
  • Incident Handlers
  • Legal professionals
  • Systems Administrator
  • Security Practitioners and Managers
  • Threat Hunters
  • Incident Response Team Members
  • Digital Forensics Engineers
  • Law enforcement professionals looking to expand into computer crime investigations
  • IT pros being tasked with corporate forensics and incident handling
GIAC Certified Incident Handler (GCIH) Training - Class Prerequisites
  • Basic understanding of computer networking and fundamental security concepts
  • General knowledge of networking protocols
  • Working knowledge of the Windows OS and command line
  • Basic exposure to Linux
GIAC Certified Incident Handler (GCIH) Training - Objectives:

After attending our GCIH Boot Camp, you will have the ability to:

  • Firmly understand the provisions of IT law
  • Successfully define evidence-handling procedures
  • Comprehend the general rules of evidence
  • Apply fundamental computer and mobile forensics concepts to forensic investigations
  • Identify key technologies relevant to computer forensics
  • Acquire forensic evidence
  • Locate forensic artifacts in various operating systems
  • Analyze extracted evidence and properly report findings
GIAC Certified Incident Handler (GCIH) Training - Course Content:

Day 1: Incident response overview

  • Course introduction
  • Responding to incidents
    • Incident response today
    • Incident response needs
    • Current cyber threat landscape
  • IR definitions
  • The stages of incident response
    • Planning/preparation
    • Identification
    • Containment
    • Eradication
    • Recovery
    • Post-incident activity (lessons learned)
  • Incident response team members
  • Incident evidence
    • Chain of custody
    • Evidence types
    • Incident evidence
    • Evidence handling
  • Incident response tools
    • File system navigation tools
    • Hashing tools
    • Binary search tools
    • Imaging tools for bit-stream image copies
    • Deep retrieval tools
    • File chain and directory navigation tools
    • IR case management tools

Day 2: Common attacks, anatomy and coordination

  • Commonly used attacks
    • Precursors and indicators
    • Types of attacks
      • Network attacks
      • Botnets
      • Denial-of-service (DDoS) attacks
      • Email attacks
      • Malicious code (malware)
      • Overflow attacks
      • Ransomware
      • Client attacks
      • Compromise of privileged accounts
      • Insider attacks
      • Web application attacks
    • Anatomy of an attack
      • Reconnaissance
      • Scanning
      • Exploit
      • Maintaining access
      • Covering tracks on networks and systems
  • Incident response coordination
    • IR coordination benefits
    • Trusted communication paths
    • Information sharing techniques

Day 3: Network forensics, tools and analysis

  • Network forensics
    • Internet and networking basics
    • IP addressing
    • Understanding protocols (TCP, UDP, ICMP, DHCP)
    • Approach to network forensics
    • Network logs
  • Network security tools
    • Network devices and appliances
    • Port scanners
    • Packet sniffers and traffic analyzers
    • Network scanners
    • Firewalls
    • IDS/IPS
    • Remote access technologies
    • File integrity tools
    • Anti-malware
  • Log analysis
    • Importance of logs
    • Top 10 logging practices
    • Log management and control
    • SIEM
    • Main sources of data
    • Log analysis tools
    • Normal traffic signatures
    • Abnormal traffic signatures
  • Protocol analysis
    • TCP/IP concepts
    • TCP deep dive
    • Ports and sockets
    • Understanding headers
  • Wireless analysis
    • Wireless networking fundamentals
    • Wireless security solutions
    • Wireless attacks
    • Wireless PKI
  • Live analysis
    • Live forensics overview
    • Order of volatility
    • Live forensics tools
  • Web traffic analysis
    • Web signatures
    • DNS record types
    • Browser data locations
  • Email analysis
    • Email structure
    • Email protocols
    • Message analysis techniques
    • Outlook files
    • Email analysis tools

Day 4: CFE role, disk forensics, passwords and more

  • Role of the computer forensics examiner
    • Scope of authority
    • 4 steps to success
    • SWGDE
    • Legal aspects
  • Disk forensics
    • Image copy of disks
    • Imaging process and tools
    • Image analysis
    • Deleted files and other recovery areas
    • Slack
    • Data hiding techniques
  • Passwords and encryption
    • Protected storage
    • Password protected vs. password encrypted
    • Password recovery tools
    • Windows passwords
    • Password cracking
  • Memory forensics
    • Memory forensics definition and objectives
    • Memory artifacts
    • Dumping memory
    • Memory forensics tools
  • Windows swap file
    • Pagefile.sys
    • Policy and registry setting
    • Recovering the swap file

Day 5: Other forensics areas and exam review

  • Cell phone forensics
    • Cell phone technologies and operating systems
    • Cell phone communications
    • Android forensics challenges
    • Common tools
    • iOS forensics challenges
    • Common tools
  • Reverse engineering
    • Reverse engineering definition and objectives
    • Assembly language and machine code
    • Disassemblers
    • Hardcoded data
  • Exploit kits
    • Malware development kits
    • Evasion techniques
  • GCIH exam review
Request More Information

Time Frame: 0-3 Months4-12 Months

0