GCIH Certification Training Boot Camp
Infosec offers this five-day accelerated GCIH Boot Camp to train and prepare you for the GIAC® Certified Incident Handler (GCIH) certification exam, the prestigious security certification created and administered by the Global Information Assurance Certification.
Become a GIAC Certified Incident Handler (GCIH)
Boot camp overview
Our GCIH Boot Camp helps you fully understand how systems are compromised and what traces are left behind by attackers on the network, on disk and in volatile memory. Security incidents are a way of life in the modern world, and how organizations respond to them makes a massive difference in how much damage is ultimately done.
In this five-day training, you learn how cutting-edge attack vectors and tried-and-true methods are used for compromise, the ins and outs of incident response, and the tools of the trade used by incident responders on a daily basis. You will leave with the knowledge of how to prevent incidents and the skills to defend against a security incident if it does happen.
Skill up and get certified, guaranteed
Exam Pass Guarantee
If you don’t pass your exam on the first attempt, get a second attempt for free. Includes the ability to re-sit the course for free for up to one year.
100% Satisfaction Guarantee
If you’re not 100% satisfied with your training at the end of the first day, you may withdraw and enroll in a different Flex Pro or Flex Classroom course.
Knowledge Transfer Guarantee
If an employee leaves within three months of obtaining certification, Infosec will train a different employee at the same organization tuition-free for up to one year.
What's included?
- Five days of the best hands-on incident response training in the industry
- Infosec digital courseware (physical textbooks available to purchase)
- GCIH sample exam questions
- Pre-paid card to cover the cost of exam fees
- 90-day access to replays of daily lessons (Flex Pro)
- 100% Satisfaction Guarantee
Hands-on labs
Our custom hands-on labs will let you play the part of a forensic examiner. More than 20 labs containing over a hundred exercises follow a cohesive scenario, providing you with a complete experience of a forensic investigation, from identifying evidence in a crime scene to extracting and examining artifacts from the suspect’s and victim’s computers. You will use popular commercial and open-source tools to practice and learn new skills in forensics image creation and analysis, examining file signatures and metadata, memory forensics, browser and email forensics, examining social media and cloud artifacts, and many other areas of forensic analysis.
Who should attend?
- Law enforcement professionals looking to expand into computer crime investigations
- Legal professionals
- IT/infosec pros being tasked with corporate forensics and incident handling
Prerequisites
- Basic understanding of computer networking and fundamental security concepts
- General knowledge of networking protocols
- Working knowledge of the Windows OS and command line
- Basic exposure to Linux
What you'll learn
After attending our GCIH Boot Camp, you will have the ability to:
- Firmly understand the provisions of IT law
- Successfully define evidence-handling procedures
- Comprehend the general rules of evidence
- Apply fundamental computer and mobile forensics concepts to forensic investigations
- Identify key technologies relevant to computer forensics
- Acquire forensic evidence
- Locate forensic artifacts in various operating systems
- Analyze extracted evidence and properly report findings
Incident response stages
The boot camp focuses on the five key incident response stages:
- Planning – Preparing the right process, people and technology enables organizations to effectively respond to security incidents
- Identification – Scoping the extent of the incident and determining which networks and systems have been compromised and to what degree
- Containment – Preventing the incident from further escalation using information gathered in identification stage
- Eradication – Removing intruder access to internal and external company resources
- Recovery and lessons learned – Restoring fully operational system capability and closing out the incident by proper reporting and lessons learned meetings
Can’t get away for a week?
Learn cybersecurity on-demand.
Get the cybersecurity training you need at a pace that fits your schedule with a subscription to Infosec Skills. Includes unlimited access to hundreds of additional on-demand courses — plus cloud-hosted cyber ranges where you can practice and apply knowledge in real-world scenarios — all for just $34 a month!
- 70+ learning paths
- 500+ courses
- Cloud-hosted cyber ranges and hands-on projects
- Skill assessments and certification practice exams
- Infosec community peer support
GCIH Boot Camp details
Day 1: Incident response overview
- Course introduction
- Responding to incidents
- Incident response today
- Incident response needs
- Current cyber threat landscape
- IR definitions
- The stages of incident response
- Planning/preparation
- Identification
- Containment
- Eradication
- Recovery
- Post-incident activity (lessons learned)
- Incident response team members
- Incident evidence
- Chain of custody
- Evidence types
- Incident evidence
- Evidence handling
- Incident response tools
- File system navigation tools
- Hashing tools
- Binary search tools
- Imaging tools for bit-stream image copies
- Deep retrieval tools
- File chain and directory navigation tools
- IR case management tools
Day 2: Common attacks, anatomy and coordination
- Commonly used attacks
- Precursors and indicators
- Types of attacks
- Network attacks
- Botnets
- Denial-of-service (DDoS) attacks
- Email attacks
- Malicious code (malware)
- Overflow attacks
- Ransomware
- Client attacks
- Compromise of privileged accounts
- Insider attacks
- Web application attacks
- Anatomy of an attack
- Reconnaissance
- Scanning
- Exploit
- Maintaining access
- Covering tracks on networks and systems
- Incident response coordination
- IR coordination benefits
- Trusted communication paths
- Information sharing techniques
Day 3: Network forensics, tools and analysis
- Network forensics
- Internet and networking basics
- IP addressing
- Understanding protocols (TCP, UDP, ICMP, DHCP)
- Approach to network forensics
- Network logs
- Network security tools
- Network devices and appliances
- Port scanners
- Packet sniffers and traffic analyzers
- Network scanners
- Firewalls
- IDS/IPS
- Remote access technologies
- File integrity tools
- Anti-malware
- Log analysis
- Importance of logs
- Top 10 logging practices
- Log management and control
- SIEM
- Main sources of data
- Log analysis tools
- Normal traffic signatures
- Abnormal traffic signatures
- Protocol analysis
- TCP/IP concepts
- TCP deep dive
- Ports and sockets
- Understanding headers
- Wireless analysis
- Wireless networking fundamentals
- Wireless security solutions
- Wireless attacks
- Wireless PKI
- Live analysis
- Live forensics overview
- Order of volatility
- Live forensics tools
- Web traffic analysis
- Web signatures
- DNS record types
- Browser data locations
- Email analysis
- Email structure
- Email protocols
- Message analysis techniques
- Outlook files
- Email analysis tools
Day 4: CFE role, disk forensics, passwords and more
- Role of the computer forensics examiner
- Scope of authority
- 4 steps to success
- SWGDE
- Legal aspects
- Disk forensics
- Image copy of disks
- Imaging process and tools
- Image analysis
- Deleted files and other recovery areas
- Slack
- Data hiding techniques
- Passwords and encryption
- Protected storage
- Password protected vs. password encrypted
- Password recovery tools
- Windows passwords
- Password cracking
- Memory forensics
- Memory forensics definition and objectives
- Memory artifacts
- Dumping memory
- Memory forensics tools
- Windows swap file
- Pagefile.sys
- Policy and registry setting
- Recovering the swap file
Day 5: Other forensics areas and exam review
- Cell phone forensics
- Cell phone technologies and operating systems
- Cell phone communications
- Android forensics challenges
- Common tools
- iOS forensics challenges
- Common tools
- Reverse engineering
- Reverse engineering definition and objectives
- Assembly language and machine code
- Disassemblers
- Hardcoded data
- Exploit kits
- Malware development kits
- Evasion techniques
- GCIH exam review
GCIH Certification Training Boot Camp
Infosec offers this five-day accelerated GCIH Boot Camp to train and prepare you for the GIAC® Certified Incident Handler (GCIH) certification exam, the prestigious security certification created and administered by the Global Information Assurance Certification.
Become a GIAC Certified Incident Handler (GCIH)
Boot camp overview
Our GCIH Boot Camp helps you fully understand how systems are compromised and what traces are left behind by attackers on the network, on disk and in volatile memory. Security incidents are a way of life in the modern world, and how organizations respond to them makes a massive difference in how much damage is ultimately done.
In this five-day training, you learn how cutting-edge attack vectors and tried-and-true methods are used for compromise, the ins and outs of incident response, and the tools of the trade used by incident responders on a daily basis. You will leave with the knowledge of how to prevent incidents and the skills to defend against a security incident if it does happen.
Skill up and get certified, guaranteed
Exam Pass Guarantee
If you don’t pass your exam on the first attempt, get a second attempt for free. Includes the ability to re-sit the course for free for up to one year.
100% Satisfaction Guarantee
If you’re not 100% satisfied with your training at the end of the first day, you may withdraw and enroll in a different Flex Pro or Flex Classroom course.
Knowledge Transfer Guarantee
If an employee leaves within three months of obtaining certification, Infosec will train a different employee at the same organization tuition-free for up to one year.
What's included?
- Five days of the best hands-on incident response training in the industry
- Infosec digital courseware (physical textbooks available to purchase)
- GCIH sample exam questions
- Pre-paid card to cover the cost of exam fees
- 90-day access to replays of daily lessons (Flex Pro)
- 100% Satisfaction Guarantee
Hands-on labs
Our custom hands-on labs will let you play the part of a forensic examiner. More than 20 labs containing over a hundred exercises follow a cohesive scenario, providing you with a complete experience of a forensic investigation, from identifying evidence in a crime scene to extracting and examining artifacts from the suspect’s and victim’s computers. You will use popular commercial and open-source tools to practice and learn new skills in forensics image creation and analysis, examining file signatures and metadata, memory forensics, browser and email forensics, examining social media and cloud artifacts, and many other areas of forensic analysis.
Who should attend?
- Law enforcement professionals looking to expand into computer crime investigations
- Legal professionals
- IT/infosec pros being tasked with corporate forensics and incident handling
Prerequisites
- Basic understanding of computer networking and fundamental security concepts
- General knowledge of networking protocols
- Working knowledge of the Windows OS and command line
- Basic exposure to Linux
What you'll learn
After attending our GCIH Boot Camp, you will have the ability to:
- Firmly understand the provisions of IT law
- Successfully define evidence-handling procedures
- Comprehend the general rules of evidence
- Apply fundamental computer and mobile forensics concepts to forensic investigations
- Identify key technologies relevant to computer forensics
- Acquire forensic evidence
- Locate forensic artifacts in various operating systems
- Analyze extracted evidence and properly report findings
Incident response stages
The boot camp focuses on the five key incident response stages:
- Planning – Preparing the right process, people and technology enables organizations to effectively respond to security incidents
- Identification – Scoping the extent of the incident and determining which networks and systems have been compromised and to what degree
- Containment – Preventing the incident from further escalation using information gathered in identification stage
- Eradication – Removing intruder access to internal and external company resources
- Recovery and lessons learned – Restoring fully operational system capability and closing out the incident by proper reporting and lessons learned meetings
Can’t get away for a week?
Learn cybersecurity on-demand.
Get the cybersecurity training you need at a pace that fits your schedule with a subscription to Infosec Skills. Includes unlimited access to hundreds of additional on-demand courses — plus cloud-hosted cyber ranges where you can practice and apply knowledge in real-world scenarios — all for just $34 a month!
- 70+ learning paths
- 500+ courses
- Cloud-hosted cyber ranges and hands-on projects
- Skill assessments and certification practice exams
- Infosec community peer support
GCIH Boot Camp details
Day 1: Incident response overview
- Course introduction
- Responding to incidents
- Incident response today
- Incident response needs
- Current cyber threat landscape
- IR definitions
- The stages of incident response
- Planning/preparation
- Identification
- Containment
- Eradication
- Recovery
- Post-incident activity (lessons learned)
- Incident response team members
- Incident evidence
- Chain of custody
- Evidence types
- Incident evidence
- Evidence handling
- Incident response tools
- File system navigation tools
- Hashing tools
- Binary search tools
- Imaging tools for bit-stream image copies
- Deep retrieval tools
- File chain and directory navigation tools
- IR case management tools
Day 2: Common attacks, anatomy and coordination
- Commonly used attacks
- Precursors and indicators
- Types of attacks
- Network attacks
- Botnets
- Denial-of-service (DDoS) attacks
- Email attacks
- Malicious code (malware)
- Overflow attacks
- Ransomware
- Client attacks
- Compromise of privileged accounts
- Insider attacks
- Web application attacks
- Anatomy of an attack
- Reconnaissance
- Scanning
- Exploit
- Maintaining access
- Covering tracks on networks and systems
- Incident response coordination
- IR coordination benefits
- Trusted communication paths
- Information sharing techniques
Day 3: Network forensics, tools and analysis
- Network forensics
- Internet and networking basics
- IP addressing
- Understanding protocols (TCP, UDP, ICMP, DHCP)
- Approach to network forensics
- Network logs
- Network security tools
- Network devices and appliances
- Port scanners
- Packet sniffers and traffic analyzers
- Network scanners
- Firewalls
- IDS/IPS
- Remote access technologies
- File integrity tools
- Anti-malware
- Log analysis
- Importance of logs
- Top 10 logging practices
- Log management and control
- SIEM
- Main sources of data
- Log analysis tools
- Normal traffic signatures
- Abnormal traffic signatures
- Protocol analysis
- TCP/IP concepts
- TCP deep dive
- Ports and sockets
- Understanding headers
- Wireless analysis
- Wireless networking fundamentals
- Wireless security solutions
- Wireless attacks
- Wireless PKI
- Live analysis
- Live forensics overview
- Order of volatility
- Live forensics tools
- Web traffic analysis
- Web signatures
- DNS record types
- Browser data locations
- Email analysis
- Email structure
- Email protocols
- Message analysis techniques
- Outlook files
- Email analysis tools
Day 4: CFE role, disk forensics, passwords and more
- Role of the computer forensics examiner
- Scope of authority
- 4 steps to success
- SWGDE
- Legal aspects
- Disk forensics
- Image copy of disks
- Imaging process and tools
- Image analysis
- Deleted files and other recovery areas
- Slack
- Data hiding techniques
- Passwords and encryption
- Protected storage
- Password protected vs. password encrypted
- Password recovery tools
- Windows passwords
- Password cracking
- Memory forensics
- Memory forensics definition and objectives
- Memory artifacts
- Dumping memory
- Memory forensics tools
- Windows swap file
- Pagefile.sys
- Policy and registry setting
- Recovering the swap file
Day 5: Other forensics areas and exam review
- Cell phone forensics
- Cell phone technologies and operating systems
- Cell phone communications
- Android forensics challenges
- Common tools
- iOS forensics challenges
- Common tools
- Reverse engineering
- Reverse engineering definition and objectives
- Assembly language and machine code
- Disassemblers
- Hardcoded data
- Exploit kits
- Malware development kits
- Evasion techniques
- GCIH exam review
