Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.


Incident Response and Advanced Forensics

via Cybrary


In the Incident Response training course, students will be introduced to incident response, how to create and implement protection plans, how to investigate incidents forensically, insider and malware threats, and incident recovery.

What is Incident Response Training?

Incidence response refers to the strategized approach and processes that take place after an organization suffers some sort of security incident. The approach focuses on trying to minimize the negative impact of the cyberattack, as well as recovering any affected data and systems in the quickest and most effective way possible. Incident response usually also includes consideration for recovery costs.

What Does the Incident Response and Handling Course Cover?

In the Incident Response and Handling training course, students will focus on learning how to properly design, develop, and deploy security incident response plans. The course is designed to give all students a deep dive into incident response plans, with a skillset that they can take back to help their organizations immediately.

This is a self-paced course that will train students to make carefully considered, smart decisions after an incident has occurred. Students will learn about three important aspects of incident response: a business impact analysis, business continuity plan, and a disaster recovery plan. Upon completing the course, students should have an idea of how to become prepared for incidents and how to begin the mitigation process following them.

The Incident Response training is ideal for professionals working on an incident response team, system and network administrators, and anyone else who is interested in improving their incident management and network forensics skills.

This course has a total of 8 hours and 6 minutes of clock time, for which students earn 7 CEU/CPE. Students will receive a Certificate of Completion for the course.

Why is Incident Response and Handling Important?

Every organization needs professionals with incident response training because even the very best defenses can be breached. Organizations need a team of cybersecurity professionals who are up to date on the most current cyber threats and attacks, as well as security techniques. The proper training in incident response is the best way for organizations to achieve this. Severe attacks are occurring more frequently, and they are causing increasing amounts of damage. It is vital to be prepared, now more than ever before.

Not having an incident responder team in place can be extremely detrimental to an organization. Damage can range from loss of sensitive information, interrupted operations, costly fines, to a tarnished reputation and loss of customer trust. It’s important to remember that without training, new threats can strike, and no one will know what they are or how to defend against them.

The reality is, most cyberthreats can be mitigated when organizations employ an effective team of IT professionals. One of the most important parts of that team is incident response.

What Does and Incident Response Analyst Do?

An Incident Response Analyst can vary depending on the specific organization, its location, and size. However, there are some general duties that are usually assigned, including:

  • Investigating and reporting on cybersecurity trends and issues.
  • Conducting forensic collections, intrusion correlation, threat analysis, and tracking direct system remediation as incidents happen.
  • Providing consistent examination of potential threats and incidents, and train employees and shareholders.
  • Evaluating incidents in terms of priority, including potential and possible threats and impacts.
  • Employing incident data to identify exposures and suggest mitigation approaches.
  • Evaluating logs for tracing and remediating any likely security risks.
  • Act as a technical liaison with law enforcement when necessary.

The above are simply general duties. Depending on the organization, Incident Response Analysts may be responsible for more or fewer duties.

How is it Best to Learn about Incident Response and Handling?

Students who are interested in learning about incident response, the applicable concepts and skills, should enroll in a training course like Cybrary’s Incident Response and Handling course. All of our courses are online and self-paced. Students can take as long as they need to fully understand the course material and concepts. Even students with a busy schedule can take this course, as they are able to access it at the times that work best for them.

If you are interested in starting this course, enroll by clicking the Register button at the top of this screen.


  • Module 1 - Introduction to Incident Response
    • Part 1 - An Overall View of the Course
    • Part 2 - The Humans Behind Cyber Security Incidents
    • Part 3 - The Sony Hack Case Study
  • Module 2 - Incident Response Policy
    • Part 1 - An Overview of Incident Response Policy
    • Part 2 - The Elements of an Incident Response Policy
    • Part 3 - The Role of Communication with Law Enforcement when it comes to security
    • Part 4 - The Different Types of Incident Response Teams
    • Part 5 - Outsourcing Considerations
    • Part 6 - The Role of the Incident Response Manager
    • Part 7 - What does an Incident Response team do?
  • Module 3 - Incident Handling
    • Part 1 - An Introduction to Incident Handling
    • Part 2 - CIRC Team Composition
    • Part 3 - Incident Response Policies
    • Part 4 - The REACT Principle
    • Part 5 - Maintaining the Integrity of the Scene following an incident
    • Part 7 - The Respond Part of Incident Response
  • Module 4 - Legal Aspects of Incident Response
    • Part 1 - An Introduction to legal considerations of incident response
    • Part 2 - Expectation of Privacy
    • Part 3 - Personally Identifiable Information (PII)
    • Part 4 - Giving notice to individuals
    • Part 5 - Benefits of Information Sharing
  • Module 5 - Forensics of Incident Response
    • Part 1 - Forensics in Support of an Incident Response
    • Part 2 - The Phases of Investigation
    • Part 3 - The Preservation Phase of Investigation
    • Part 4 - Keys of Preservation
    • Part 5 - Volatile Data Considerations
    • Part 6 - Capturing the data
    • Part 7 - Imaging concepts
    • Part 8 - Volatile Memory Capture
    • Part 9 - Forensics in Support of Incident Response
    • Part 10 - Formatting a disk for Incident Response
    • Part 11 - Using the FTK Imaging Software
    • Part 12 - The Forensic Acquisition of Data from a PC
    • Part 13 - Navigating the H Drive
    • Part 14 - Obtaining the Windows Bitlocker Encryption Keys
    • Part 15 - Obtaining the Windows Bitlocker Encryption Keys (continued)
    • Part 16 - The Autopsy Program
  • Module 6 - Insider Threat
    • Part 1 - What is Insider Threat?
    • Part 2 - American Superconductor Case Study
    • Part 3 - Indicators to identify an insider threat
    • Part 4 - Using Automated processes to look for indicators of in insider threats
    • Part 5 - Policy Enforcement
    • Part 6 - Policies and procedures
    • Part 7 - Policies and procedures (continued)
    • Part 8 - Policies and procedures (continued)
  • Module 7 - Malware
    • Part 1 - Malware incidents
    • Part 2 - Setting up a Virtual Machine
    • Part 3 - Dynamic Analysis
  • Module 8 - Incident Recovery
    • Part 1- Incident Recovery
    • Part 2 - Resiliency: The Answer to the Cyber Security Paradox
  • Course Assessment
    • Course Assessment - Incident Response and Advanced Forensics

Taught by

Max Alexander


Start your review of Incident Response and Advanced Forensics

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.