IR280 - EnCase Endpoint Security Training
Duration: 4 Days
**Formerly EnCase Cybersecurity and Analytics
Please note that this course is product-specific for OpenText™ EnCase™ Endpoint Security. Students should have a good understanding of using OpenText EnCase Endpoint Investigator (formerly EnCase Enterprise) for incident response investigations. Advance preparation for this course is not required.
This hands-on course is designed to instruct computer investigation and information security professionals’ incident analysis and response, data risk mitigation, and data policy compliance techniques, using the EnCase Endpoint Security.
The EnCase Endpoint Security solution provides powerful network-enabled incident response capabilities and forensic-grade data risk assessments to expose and remediate any undiscovered threat — whether it be the latest custom malware, suspicious insider activity, or errant sensitive data. Upon completion of this course you will be able to use EnCase Endpoint Security to:
- Reduce data-security noncompliance risk and cost.
- Reduce the risk and cost of damage that advanced malware causes to data assets.
- Reduce the time associated with successfully resolving security incidents.
- Understand how to integrate the various participants to ensure a cohesive response to threats.
Delivery method: Classroom. NASBA defined level: basic.
CPE Credits - 32
This course will teach students how to rapidly respond to high-priority events and focus in on malicious code designed to evade traditional layered security solutions and perimeter defenses. Students will learn how to expose zero-day threats and other hard-to-expose advanced hacking techniques, including iterations of morphing malware, injected .dll files, covert root kits, and insider threats — whether inadvertent or malicious. Students will learn how to triage for, identify, analyze, remediate, and recover from these threats.
Students will also learn how to assess and control endpoint risk. Students will be able to search across networks, targeting sensitive or confidential data of interest (such as credit card numbers, account numbers, intellectual property, or classified data). Students will have the ability to understand where and how sensitive data is stored and enforce data policy by wiping sensitive data from unauthorized locations.
This course will cover the following topics:
- Cybersecurity issues currently facing corporations and organizations
- The capabilities provided with EnCase Endpoint Security
- Setting up and configuring EnCase Endpoint Security to begin investigations
- Creating investigations using the EnCase Endpoint Security web interface
- Navigating through an investigation
- Preparing detections for escalation to the next level of investigation
- Using the Memory Acquisition module
- Using preconfigured policy rules to detect malicious or suspicious activity
- Creating and importing white and black lists
- Using conditions to focus searches
- Creating snapshots and using snapshot technology
- Creating a job to acquire RAM
- Conducting searches of the Windows® Registry
- Conducting a timeline analysis using the real-time monitoring tools included with EnCase Endpoint Security
- Searching indicators of compromise (IOC)
- Finding Items of Interest (IoI)
- Collecting and reviewing data
- Remediation techniques
This course is intended for corporate and government investigators and network security personnel. Incident response supervisors and team members are encouraged to attend as are individuals working in a data audit, policy enforcement, or network intrusion investigation role. An understanding of the concepts of computer forensics and familiarity with the EnCase Endpoint Investigator (formerly EnCase Enterprise) software is required. Knowledge of computer networking hardware, protocols, and concepts is helpful, but not required. Class curriculum is designed to provide a good overview of using EnCase Endpoint Security as a data-centric, cyberforensic solution for incident response and risk management.
Please note that this course is product-specific for EnCase Endpoint Security. Students should have a good understanding of using EnCase Endpoint Investigator (formerly EnCase Enterprise) for incident response investigations. Advance preparation for this course is not required.