CPE: 32 créditos. Nivel: básico.
Método de enseñanza: grupo.
Nivel NASBA definido: básico.
Código: IR280.
Duración: 4 días.
Para más información, descargue el programa completo de los cuatro días en PDF:
Please note that this course is product-specific for OpenText™ EnCase™ Endpoint Security. Students should have a good understanding of using OpenText™ EnCase™ Endpoint Investigator (formerly EnCase Enterprise) for incident response investigations. Advance preparation for this course is not required.
This hands-on course is designed to instruct computer investigation and information security professionals’ incident analysis and response, data risk mitigation, and data policy compliance techniques, using the EnCase Endpoint Security.
The EnCase Endpoint Security solution provides powerful network-enabled incident response capabilities and forensic-grade data risk assessments to expose and remediate any undiscovered threat — whether it be the latest custom malware, suspicious insider activity, or errant sensitive data. Upon completion of this course you will be able to use EnCase Endpoint Security to:
This course is intended for corporate and government/ investigators and network security personnel. Incident response supervisors and team members are encouraged to attend, as are individuals working in a data audit, policy enforcement, or network intrusion investigation role. An understanding of the concepts of computer forensics and familiarity with the EnCase Endpoint Investigator (formerly EnCase Enterprise) software is required. Knowledge of computer networking hardware, protocols, and concepts is helpful, but not required. Class curriculum is designed to provide a good overview of using EnCase Endpoint Security as a data-centric, cyberforensic solution for incident response and risk management.
Please note that this course is product-specific for EnCase Endpoint Security. Students should have a good understanding of using EnCase Endpoint Investigator(formerly EnCase Enterprise) for incident response investigations. Advance preparation for this course is not required.
This course will teach students how to rapidly respond to high-priority events and focus in on malicious code designed to evade traditional layered security solutions and perimeter defenses. Students will learn how to expose zero-day threats and other hard-to-expose advanced hacking techniques, including iterations of morphing malware, injected .dll files, covert root kits, and insider threats — whether inadvertent or malicious. Students will learn how to triage for, identify, analyze, remediate, and recover from these threats.
Students will also learn how to assess and control endpoint risk. Students will be able to search across networks, targeting sensitive or confidential data of interest (such as credit card numbers, account numbers, intellectual property, or classified data). Students will have the ability to understand where and how sensitive data is stored and enforce data policy by wiping sensitive data from unauthorized locations.
This course will cover the following topics: