Kaspersky Cybersecurity Training

Level: Intermediate

This Track Includes

Windows Incident Response – 5 Days

Windows Incident Response


5 Days


Are you looking to improve the expertise of your in-house digital forensics and incident response team? Or do you want to train yourself in the area of incident response to identify the complex attacks? This Kaspersky Windows Incident Response course brings you concentrated knowledge from the company’s Global Emergency Response Team (GERT) experts.

The course’s curriculum is heavily focused on practicing. Our experts will take you through all the stages of responding to an incident based on a real-life ransomware case.

You will master incident detection, evidence acquisition, log file analysis, network analysis and creation of IoCs, and also get introduced to memory forensics. You will be working in a simulated virtual environment with all the necessary tools to practice IR. Your coaches Ayman Shaaban and Kai Schuricht have handled security incidents for Kaspersky incident response customers around the globe. You will get not only super-clear theoretical knowledge but also tap into their up-to-date experience, skills and tips.

A Kaspersky report shows malware can survive in a company’s digital environment for months and even years under the radar. After completing the course you will be able to verify and handle threats quicker in order to minimize the impact and contain the damage.

Course Outline

In a simulated real-life environment, an incident will take place and the course will cover the following topics on that specific scenario:

• Introducing the incident response process and its workflow
• Explaining the difference between normal threats and APTs
• Explaining APT Cyber Kill Chain
• Applying the incident response process to different incident scenarios
• Applying Cyber Kill Chain on the simulated environment
• Applying live analysis on victim machines for first responders
• Forensically sound evidence-acquisition techniques
• Introducing post-mortem analysis and digital forensics
• Introducing memory forensics
• Log file analysis with regular expressions and ELK
• Introducing cyber threat intelligence
• Creating IoCs (Indicators of Compromise), with YARA and Suricata
• Introducing malware analysis and sandboxing
• Introducing network traffic forensics
• Discussing incident analysis reporting and recommendations on building CSIRT
• Testing the newly gained skills with a practical challenge in another simulated scenario

• Understand the phases of incident response
• What to consider while responding to a cyber incident
• Understand various attack techniques and
targeted attack anatomy through the Cyber Kill Chain
• Respond to different incidents with the appropriate actions
• The ability to differentiate APTs from other threats
• Confirm cyber incidents using live analysis tools
• Understand the difference between live analysis and post-mortem – and when to apply each of them
• Identify digital evidence; HDD, memory and
network traffic with an introduction on their forensics analysis
• Write YARA and Suricata rules to detect IOCs for the investigated attack
• Log file analysis
• Understand the process involved in building an IR team


Basic knowledge & general troubleshooting experience with Windows OS, familiarity with Linux OS commands


Below is a Course Schedule for this:



Duration: 5 Days

Course Fee

Course FeeCall to Enquire
SME (Company Sponsored) – All Singaporean and Permanent Resident EmployeeNA
Singapore Citizens aged 40 years old and aboveNA
Singapore Citizen and Permanent Resident aged 21 years old and aboveNA

    Book Now