Mandiant: Incident Response Class
- ForenSec Canada Special Edition
Who Should Attend the Class
Information technology staff, information security staff, corporate
investigators, or other staff that require an understanding of how networks
work, how to capture network traffic, how to investigate network use, how to
identify and escalate suspected computer security incidents, and how to
safeguard corporate assets via network defense will greatly benefit from this
course.
Course Description
As the sophistication and threats caused by malicious attacks continue to
increase, Mandiant has raised the bar of effective detection, response, and
remediation by introducing our Incident Response (IR) class. This two-day
Special Edition class has been specifically designed for information security
professionals and analysts who respond to computer security incidents. It is
designed as an operational course, using case studies and hands-on lab exercises
to ensure attendees are gaining experience in each topic area. Course attendees
will obtain an understanding of the following:
-
Learn the different phases and activities of the Incident Response process
-
Learn the roles and responsibilities of each member of the Incident Response
team
-
Create Incident Response checklists and notification lists
-
Use the Metasploit Framework to understand the latest automated attack
processes
-
How to rapidly detect or confirm attacks against Windows and Unix systems
-
How to find, review, and interpret Windows and Unix log files
-
Perform live response on a compromised Windows server
-
Perform live response on a compromised Unix server
-
Learn what volatile evidence is present on a live system to before it is
powered down
-
Determine the function of unidentified executable processes
-
Detect loadable kernel modules, rootkits, and trojaned files
-
Run rootkits to learn their impact on a live system, and how to respond
About The Instructor
Jerry Pierce has worked in the information security field for over 15 years. He
was initially brought into the field to combat the hackers working to gain
access to the UNIX systems he supported at the RBOC (Regional Bell Operating
Company) where he was employed. He currently holds a GCFA advanced
forensics certification from the SANS institute, and is working on obtaining his
CCE.
Mr. Pierce has worked in the incident response & forensics field for just over 6
years, having been initially trained in this field while employed at VISA
International as one of their two Chief Information Security Analysts.
While at VISA, he was their central contact for FIRST (Forum of Incident
Response Security Teams) and provided testimony to various law enforcement
agencies including Scotland Yard.
Prior to joining Mandiant, Jerry was employed as a Sr. Instructor/Consultant at
Foundstone, where he was a member of their Incident Response practice and member
of FIRST (Forum of Incident Response Security Teams). Within this
capacity he performed incident response in the financial, health care &
manufacturing environments for a variety of clients.
While at Foundstone, he taught their Incident Response & Forensics course to a
wide variety of corporate clients, branches of the US military and other
government agencies (both foreign and domestic).
At previous employers he has held such wide-ranging positions as Sr. Security
Engineer at Providian Financial where he was the technical lead for their
intrusion detection/incident response efforts to Vice President of Internal
Audit at Wells Fargo Bank where he directed a team of auditors in performing
“deep” application & system audits to ensure compliance with various regulatory
agencies.
END
|