Conducting Forensic Analysis and Incident Response Using Cisco Technologies for Cybersecurity (CBRFIR) 

  • Duration: 5 days (40 hours)
  • Date: on request

Conducting Forensic Analysis and Incident Response Using Cisco Technologies for Cybersecurity (CBRFIR) 

This course will help:
  • Gain knowledge and skills in the field of Digital Forensics and Incident Response (DFIR)
  • Learn to identify and analyze cybersecurity threats, vulnerabilities, and security incidents
  • Study methods for collecting and analyzing digital evidence on electronic devices
  • Master approaches to threat response and prevention of repeated attacks using Cisco technologies
  • Prepare for the 300-215 CBRFIR exam
Sign up for a course
Add to cart

Course syllabus:

  • Introduction to Incident Response
  • Preparing for Incident Response
  • Gathering and Examining Digital Intelligence
  • Describing Detection, Analysis, and Investigation Forensics

You will learn:

  • Analyze the components needed for a root cause analysis report
  • Apply tools such as YARA for malware identification
  • Recognize the methods identified in the MITRE attack framework
  • Leverage scripting to parse and search logs or multiple data sources such as, Cisco Umbrella, Sourcefire IPS, AMP for Endpoints, AMP for Network, and PX Grid
  • Recommend actions based on post-incident analysis
  • Determine data to correlate based on incident type (host-based and network-based activities)
  • Evaluate alerts from sources such as firewalls, Intrusion Prevention Systems (IPS), data analysis tools (such as, Cisco Umbrella Investigate, Cisco Stealthwatch, and
  • Cisco SecureX), and other systems to responds to cyber incidents and recommend mitigation
  • Evaluate elements required in an incident response playbook and the relevant components from the ThreatGrid report
  • Analyze threat intelligence provided in different formats (such as, STIX and TAXII)

Pre-requisites:

To successfully complete this course, participants are recommended to have the following knowledge and skills:

  • Knowledge of network security and endpoint security monitoring concepts
  • Experience in network intrusion analysis
  • Understanding of information security policies and procedures
  • Experience in risk management
  • Experience in network traffic and log analysis
  • Familiarity with APIs
  • 2–3 years of experience working in a Security Operations Center (SOC) environment (Tier 1 or junior Tier 2 level)

Recommended skills can be obtained through the following Cisco training courses:

  • Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS)
  • Performing CyberOps Using Cisco Security Technologies (CBRCOR)
Sign up for a course Conducting Forensic Analysis and Incident Response Using Cisco Technologies for Cybersecurity (CBRFIR)