Skip to Main Content
This website uses cookies. View our cookie policy
United Kingdom
Select regional store:
CSIS Computer Security Incident Investigation Hands-On Training Course

CSIS Computer Security Incident Investigation Hands-On Training Course

SKU: 2841
This 4 day course is designed to equip information security specialists with the knowledge and skills to deal effectively with incident response situations.

How to Book:

Simply book online to receive your booking confirmation and full joining instructions within 48 hours. We accept purchase orders from local authorities, government departments and other public-sector organisations, and will consider account facilities for large corporate customers. See our payment options page for details.

Book today

Course Locations

Cambridge CB22
Price: £1,998.00
ex vat
call to book via purchase order


This 4 day technical, highly practical course is designed to equip information security specialists with the knowledge and skills to deal effectively with incident response situations.

It also gives investigators valuable insight into forensic acquisition under difficult circumstances. Delegates will be guided through a real-world style scenario featuring extensive “hands-on” learning throughout.

Building on the knowledge gained from the CSTA, CSTP, CFIP & CMI courses, the CSIS training course provides delegates with the opportunity to extend their expertise beyond CMIMalware Investigation: Hands On and to gain the set of skills to efficiently manage incident response situations.

On this 4day technical, highly practical course, delegates will be guided through a real-world style scenario featuring extensive “hands-on” learning throughout.

Delegates will forensically investigate a compromised server from both an attacker’s and an investigator’s perspective.

Who is this course suitable for?

Those responsible or eager to become responsible for computer forensic investigation, including:

  • Forensic & Network Investigators
  • Information Security Professionals
  • IT Security Officers
  • Law Enforcement Officials
  • Crime Prevention Officers

What does this course cover?

  • The fundamentals of security incidents, and their impact on business continuity
  • Prevention techniques to protect a company from serious computer security incidents  
  • Principles and general guidelines surrounding incident response investigation
  • How to approach forensic investigation from an incident response perspective, including live analysis of servers
  • The most up¬to¬date incident investigation techniques
  • Information Gathering, Remote Acquisition, External Scanning, Internal Scanning, Analysis and Containment techniques

During the course, you will learn:

1. Introduction to Incident Response

  • Define an incident within the context of Computer Security
  • Explain how incidents are commonly identified
  • Describe the potential business impact of an incident occurring
  • Describe the requirements of an Incident Response Plan
  • Describe the need for an Incident Response Team
  • Discuss the issues involved in developing Incident Response procedures and techniques

2. Introduction to Incident Investigation

  • Discuss reasons why an incident investigation is needed
  • Discuss the objectives of an incident investigation
  • Describe the skill sets required for incident investigators
  • Explain how the investigation process needs to be balanced against business continuity
  • Describe the process of an investigation
  • Discuss potential lines of enquiry within a given scenario

3. Incident Investigation Techniques

  • Define the stages of a typical incident investigation
  • Describe the purpose of each stage of incident investigation
  • Discuss the relevance of each stage of the investigation
  • Discuss issues that could affect the order in which an incident investigation may proceed

4. Incident Investigation Preparation

  • List technical equipment that may be required to respond to a security incident
  • Discuss data security considerations associated with an onsite incident investigation
  • List further preparations that may be necessary for a computer security incident investigation.

5. Information Gathering

  • Describe the purpose of information gathering
  • Describe common methods of information gathering
  • Discuss the benefits of information gathering methods
  • List the type of information that should be sought during the information gathering stage
  • Consider appropriate sources of relevant information

6. Assessing Network Security

  • Define common security assessment techniques
  • Discuss the purpose of network security assessments
  • Describe the issues surrounding network security assessments
  • Describe the 7 stage hacking methodology
  • Discuss the evidential implications of security assessments
  • Demonstrate the use of common network scanning and vulnerability assessment tools on the case study environment

7. Introduction to Server Forensics

  • Discuss hardware related issues associated with server forensics
  • Describe the services provided by different types of network server
  • Describe typical forensic artefacts associated with Microsoft servers
  • Describe typical forensic artefacts associated with Linux servers
  • List evidentially significant files and folders that are core to the investigation of Microsoft and Linux operating systems

8. Data Harvesting Techniques

  • List electronic devices suitable for data acquisition
  • Define common data acquisition techniques
  • Discuss how acquisition of RAID devices can be achieved
  • Demonstrate acquisition and analysis of live server data
  • Demonstrate acquisition of a live server using FTK imager
  • Demonstrate acquisition of a local server using DD
  • Demonstrate acquisition of a remote server using DD
  • Explain considerations for prioritising acquisition of devices

9. Data Analysis Techniques

  • Describe the four analysis environments
  • Describe the malware analysis investigation methodology
  • Demonstrate malware analysis
  • Describe the requirements for log file analysis
  • Describe the requirements for source code analysis
  • Describe the requirements for database analysis
  • Demonstrate log file, source code and database analysis techniques

10. Incident Containment

  • Describe the purpose of incident containment
  • Discuss common containment issues
  • Describe techniques to achieve appropriate containment
  • Discuss the need to have knowledge of security best practices
  • Discuss the importance of testing containment solutions
  • Demonstrate containment within the course scenario

11. Incident Reporting

  • Describe the requirement for appropriate incident reporting
  • Describe the issues that affect report requirements
  • Discuss techniques that can assist report delivery
  • Discuss the importance of clear reporting requirements Are there entry requirements?
Forensic Acquisition
  • Deal with systems that cannot be shut down for a variety of reasons, including encryption, business criticality and lack of physical access
  • Acquire images of live Windows and Linux servers • across networks utilising a variety of tools
  • Harvest data from firewalls and routers, where traditional imaging often fails

Vulnerability Scanning

  • Communication protocols, hacking methodologies & techniques  
  • Advanced hacking techniques, including hacking web applications & client side attacks  
  • Commonly used vulnerability scanning & penetration testing tools


Advanced Data Analysis

  • Conduct analysis of Acquired Data, Live Data, Log Files, Database Structures and Source Code
  • Utilize a variety of tools to extract relevant data quickly • and effectively from complex technical sources
Containing The Incident

Applying newly acquired techniques to contain and risk manage the incident

  • Balance the containment of an incident with the forensic recovery of the associated data

Case Scenario

  • The scenario within this course has been influenced by incident response consultants, taking real world examples of investigations and applying them to the scenario for maximum realism and learning.
  • The scenario within this course requires delegates to apply all of their previous learning and experience to effectively investigate the incident and work towards a conclusive result

Are there entry requirements?

  • Sound experience with Microsoft Windows
  • Basic understanding of TCP/IP network concepts
  • Previous attendance on the CSTA & CSTP ethical hacking courses, or equivalent relevant experience
  • Previous attendance on the CFIP & CMI forensic investigation courses, or equivalent relevant experience

What's included?

Our package includes refreshments, and full course materials.

Although the course is non-residential, we offer help finding appropriate hotels, close to the training venue. To take advantage of this offer, drop us an email after you book your course.

Additional info

Delegates who successfully complete the exam included at the end of the training course will be awarded the Certified Security Incident Specialist (CSIS) qualification.

How to book?

There are three ways to book your course, either online, via fax, or telephone:

  • To book via telephone just call us on +44 (0)333 800 7000, and we’ll take of the details.
  • To book via fax download our booking form, complete it and fax to us on +44 (0) 1353 662667.
  • To book online simply enter the number of delegates you wish to send into the “Quantity” and select the course date from the drop down menu and click “Order now”.

We can also accept purchase orders from local authorities, government departments, and other public sector organisations and will consider account facilities for large corporate customers, follow this link to our payment options page for more information.

All bookings are subject to our terms and conditions.

Read what others have said about our training courses  

Customer Reviews

(0.00)stars out of 5
# of Ratings: 0