Incident Response Training

In this three day course, we will guide you through the basics of the incident response process. The course mainly focusses on technical aspects like data acquisition, filesystems, carving, log forensics and more. During the last day of this course, you will put all the learned skills to the test during an incident response challenge. During the challenge, you will be confronted with a realistic scenario of a serious cyber breach.

Day 1: Incident Response I

  • Digital Forensics Methodology

  • How to (not) handle evidence

  • Chain of custody

  • Processes

  • Acquiring data carriers

  • Hard drives

  • File system layer

  • Tooltime!

  • NTFS

  • Alternate Data Streams

  • Carving

  • Memory acquisition on Windows systems

Day 2: Incident Response II

  • Incident Response Methodology

  • Windows log file forensics

  • Other Windows log files

  • Timelining – Basics

  • Enterprise forensics & incident response

Day 3: Challenges
Hands-on challenges

After the training, the participant will be able to:

  • Perform triage of incidents

  • Perform a first analysis of compromised systems and networks

  • Know which stakeholders are involved within an incident


We recommend this course if you have experience with Windows Forensics - if not, we recommend to take our First Responder course first.

Participating Groups
System admins and people involved with cyber security (preferably with a technical background).

3 full days: 9.30-17.00

Talk with an expert. Contact us.

Need sparring on your challenges in IT Security? Feel free to contact us for an informal chat with one of our experts.

Contact us Get free IT Security sparring