Track 07 · Corporate Training
Incident Response and Digital Forensics
Prepare responders to contain, investigate and recover from incidents with sound evidence handling.
11 Modules
44–48 Hours
Instructor-Led / Virtual / Hybrid
Overview
An incident-response track covering the full lifecycle — preparation through recovery — with strong evidence handling, endpoint and network investigation, email and malware analysis, ransomware and cloud response, and structured documentation, ending in a tabletop exercise.
01
Incident Response Fundamentals
Preparation, identification, containment, eradication, recovery and lessons learned
4 Hours
02
Incident Classification
Severity, impact, priority and escalation
3 Hours
03
Evidence Handling
Evidence collection, preservation, documentation and chain of custody
4 Hours
04
Endpoint Investigation
Processes, persistence, user activity, files and system artefacts
6 Hours
05
Network Investigation
Connections, traffic, DNS, proxy, firewall and VPN evidence
5 Hours
06
Email Investigation
Headers, links, attachments, sender verification and phishing analysis
4 Hours
07
Malware Incident Handling
Isolation, analysis coordination, containment and recovery
4 Hours
08
Ransomware Response
Detection, isolation, communication, recovery and business continuity
5 Hours
09
Cloud Incident Response
Identity events, access logs, exposed resources and containment
4 Hours
10
Incident Documentation
Timeline creation, executive summaries, technical findings and corrective actions
3 Hours
11
Tabletop Exercise
Simulated security breach or ransomware incident
4 Hours
Delivery Formats
Instructor-Led ClassroomVirtual Instructor-LedHybrid TrainingWorkshop-BasedLaboratory-BasedExecutive BriefingTabletop ExerciseBootcampTrain-the-TrainerCustom Corporate Programme