CBRFIR - Conducting Forensic Analysis and Incident Response Using Cisco Technologies for CyberOps v1.0

Demo videos

• Explore Adversarial Techniques, Tactics, and Common Knowledge (ATT&CK), Common Attack Pattern Enumeration and Classification (CAPEC), and National Institute of Standards and Technology (NIST) Common Weakness Enumeration Specification (CWE), and Common Vulnerabilities and Exposures (CVE) Frameworks
• Explore Available Incident-Related Information
• Examine Network Diagrams
• Examine Logs
• Examine Response Data Formats
• Discover Sources of Evidence in the Network
• Discover Sources of Evidence at Endpoints
• Discover Sources of Evidence in the Cloud
• Discover Syslog Facilities and Severity Levels
• Explore Gathered Intelligence
• Explore AccessData Forensic Toolkit (FTK) and Autopsy
• Explore Hex Encoding
• Explore Disassemblers and Debuggers
• Explore Deobfuscation Tools
• Explore Native Windows Tools Used in Digital Forensics and Incident Response
• Explore Native Linux Tools
• Explore Wireshark
• Create and Use a Yet Another Recursive Acronym (YARA) Rule
• Examine the Threat-Hunting Process
• Perform Data Acquisition
• Acquire Data from the Cloud
• Acquire Data Acquisition from Files, Disk, and Drive
• Analyze RAM and Fileless Malware Data
• Analyze Network Data
• Correlate Data from Different Sources
• Use Scripting for Forensics
• Analyze Web Application Logs
• Contain the Attack
• Remediate an Incident
• Analyze the Evidence and Propose the Solution