Digital Forensics and Incident Response Bootcamp

Mandiant is excited to offer a new learning opportunity combining our immersive, cutting-edge cyber range exercise, ThreatSpace, with our industry-leading cybersecurity training in a two-week bootcamp. To effectively defend data and intellectual property, organizations must have the ability to rapidly detect and respond to threats. This intensive, two-week bootcamp is designed to teach the fundamental investigative techniques needed to respond to today’s landscape of threat actors and intrusion scenarios. After eight days of classroom learning, students are then immersed in two days of hands-on exercises that take students through examples of real adversary activity and the process of responding all in a consequence-free environment. Students will perform triage and analysis, create timelines of activity, and report findings in real time. Experienced incident response practitioners facilitate the exercise and share practical experiences from the field. 

• Incident response process: Learn the threat landscape, targeted attack life cycle, initial attack vectors used by different threat actors, and phases of an effective incident response process
• Digital forensics fundamentals and methodologies: Gain a deep understanding of the principles, tools, and techniques used to collect and analyze digital evidence from various sources
• Operating system forensics (Windows, Linux, macOS): Learn how to identify and extract artifacts, log files, and other relevant data specific to different operating systems
• Network forensics: Acquire the skills to analyze network traffic, capture data, and identify security anomalies and attack patterns
• Cyber threat intelligence: Learn how to hunt for threats using threat intelligence, anomaly detection, and known threat actor techniques, tactics and procedures (TTPs)
• ThreatSpace: The exercise covers the most modern, sophisticated attacks used by advanced persistent threat (APT) actors and teaches students how to engage in effective analysis and incident response against real-world threats

Incident response team members, threat hunters, and information security professionals. Prerequisites include background in conducting forensic analysis, network traffic analysis, log analysis, security assessments and penetration testing, or security architecture and system administration. Learners must have a working understanding of the Windows operating system, file system, registry, and use of the command line. Familiarity with Active Directory and basic Windows security controls, plus common network protocols, is beneficial.

In-classroom instructor-led training.

• Ten days (in-person delivery)

Students are required to bring their own laptop that meets the following specs:

• Windows 7+
• Core i5 or equivalent processor
• 6 GB (preferably 8 GB) of RAM
• 25 GB free HDD space
• Virtual machines are acceptable provided at least 4 GB or RAM can be allocated
• Microsoft Office installed outside the VM
• Admin/install rights

Learners will receive a lab book and USB thumb drive containing all required class materials and tools.