Incident Response Cyber Security Incident Response (CSIR)

Provided by

Enquire about this course

About the course

This specialist-level course is for technical professionals who are looking to develop or improve their knowledge or ability in the Cyber Security Incident Response (CSIR) field.



This five-day course follows the CREST incident response model and focuses on the knowledge and key skills required to effectively respond to a cyber incident. You will spend a good proportion of the course practising and honing your CSIR skills and methodologies utilising virtualised environments which replicate real-life scenarios and the unique challenges face dby CSIR consultants.

You will learn and practice core level and advanced CSIR skills needed to effectively respond to a cyber breach together with methods to identify and examine relevant artefacts of interest. Upon completion of the course you will have learnt: Advanced use of PowerShell and exploitation of WMI
Writing of bespoke PowerShell scripts and parsers Identification of suspect processes Advanced detection and analysis of injected processes Identification and analysis of infected documents (MS Office e & PDF) Infection vector analysis Rebuilding network traffic Breakdown and examination of log files

This course will enable you to learn new methodologies for responding to CSIR events and practice both core and advanced techniques. You will also gain confidence and improve your CSIR skills for when responding to a cyber event.

This is an intensive training course designed for CSIR practitioners and cyber security practitioners involved in the discipline or forensic practitioners who wish to extend their knowledge and skills in this unique
field. These include:Cyber security incident response team members
System/network administrators/engineers IT security personnel/security officers Forensic practitioner Law enforcement officers & agents

You will need an understanding or experience of:The CSIR process Forensic investigations Windows operating system CLI We strongly recommend completion of the7Safe CFIP and CMI courses or similar as a
minimum before attending this course.


Start date Location / delivery
No fixed date Cambridge

Related article

As we become more reliant on digital technologies, the cyber security industry has grown in order to protect organisations against online attacks. ...