IR280 - EnCase Endpoint Security Training

Have questions about training?   Contact us

Duration: 4 Days

**Formerly EnCase Cybersecurity and Analytics

Please note that this course is product-specific for OpenText™ EnCase™ Endpoint Security. Students should have a good understanding of using OpenText EnCase Endpoint Investigator (formerly EnCase Enterprise) for incident response investigations. Advance preparation for this course is not required.

This hands-on course is designed to instruct computer investigation and information security professionals’ incident analysis and response, data risk mitigation, and data policy compliance techniques, using the EnCase Endpoint Security.

The EnCase Endpoint Security solution provides powerful network-enabled incident response capabilities and forensic-grade data risk assessments to expose and remediate any undiscovered threat — whether it be the latest custom malware, suspicious insider activity, or errant sensitive data. Upon completion of this course you will be able to use EnCase Endpoint Security to:

  • Reduce data-security noncompliance risk and cost.
  • Reduce the risk and cost of damage that advanced malware causes to data assets.
  • Reduce the time associated with successfully resolving security incidents.
  • Understand how to integrate the various participants to ensure a cohesive response to threats.

Delivery method: Classroom. NASBA defined level: basic.

CPE Credits - 32

Audience

This course is intended for corporate and government investigators and network security personnel. Incident response supervisors and team members are encouraged to attend as are individuals working in a data audit, policy enforcement, or network intrusion investigation role. An understanding of the concepts of computer forensics and familiarity with the EnCase Endpoint Investigator (formerly EnCase Enterprise) software is required. Knowledge of computer networking hardware, protocols, and concepts is helpful, but not required. Class curriculum is designed to provide a good overview of using EnCase Endpoint Security as a data-centric, cyberforensic solution for incident response and risk management.

Prerequisites

Please note that this course is product-specific for EnCase Endpoint Security. Students should have a good understanding of using EnCase Endpoint Investigator (formerly EnCase Enterprise) for incident response investigations. Advance preparation for this course is not required.

Summary

This course will teach students how to rapidly respond to high-priority events and focus in on malicious code designed to evade traditional layered security solutions and perimeter defenses. Students will learn how to expose zero-day threats and other hard-to-expose advanced hacking techniques, including iterations of morphing malware, injected .dll files, covert root kits, and insider threats — whether inadvertent or malicious. Students will learn how to triage for, identify, analyze, remediate, and recover from these threats.

Students will also learn how to assess and control endpoint risk. Students will be able to search across networks, targeting sensitive or confidential data of interest (such as credit card numbers, account numbers, intellectual property, or classified data). Students will have the ability to understand where and how sensitive data is stored and enforce data policy by wiping sensitive data from unauthorized locations.

This course will cover the following topics:

  • Cybersecurity issues currently facing corporations and organizations
  • The capabilities provided with EnCase Endpoint Security
  • Setting up and configuring EnCase Endpoint Security to begin investigations
  • Creating investigations using the EnCase Endpoint Security web interface
  • Navigating through an investigation
  • Preparing detections for escalation to the next level of investigation
  • Using the Memory Acquisition module
  • Using preconfigured policy rules to detect malicious or suspicious activity
  • Creating and importing white and black lists
  • Using conditions to focus searches
  • Creating snapshots and using snapshot technology
  • Creating a job to acquire RAM
  • Conducting searches of the Windows® Registry
  • Conducting a timeline analysis using the real-time monitoring tools included with EnCase Endpoint Security
  • Searching indicators of compromise (IOC)
  • Finding Items of Interest (IoI)
  • Collecting and reviewing data
  • Remediation techniques

Course Syllabus

Pricing

Format Currency Price
Per Student at OpenText Site 2,800.00
Per Student at OpenText Site GBP 2,200.00
Per Student at OpenText Site USD 3,200.00

Taxes: All prices exclude VAT or other taxes where applicable (all currencies).

Extra expenses: Customer site course prices do not include instructor travel expenses, which are billed separately.

Reservations: Please provide a minimum of 3 weeks advance notice when arranging courses at customer sites.

Course and workshop calendar

Below is a listing of all the currently available dates and locations for this course or workshop from OpenText.

Start Date End Date Start Time TimeZone Session Duration Language Location Price Currency Guaranteed To Run Add
Jun 07, 2022 Jun 10, 2022 08:00 (UTC-07:00) America/Los_Angeles (PDT) Full Day English Virtual Classroom - North America GSI Pacific Time 3,200.00 USD Add to cart
Jul 12, 2022 Jul 15, 2022 08:00 (UTC-04:00) America/New_York (EDT) Full Day English Virtual Classroom - North America GSI Eastern Time 3,200.00 USD Add to cart
Jul 12, 2022 Jul 15, 2022 08:00 (UTC-04:00) America/New_York (EDT) Full Day English GSI-Gaithersburg, MD 3,200.00 USD Add to cart
Sep 20, 2022 Sep 23, 2022 08:00 (UTC-04:00) America/New_York (EDT) Full Day English Virtual Classroom - North America GSI Eastern Time 3,200.00 USD Add to cart
Sep 20, 2022 Sep 23, 2022 08:00 (UTC-04:00) America/New_York (EDT) Full Day English GSI-Gaithersburg, MD 3,200.00 USD Add to cart
Nov 01, 2022 Nov 04, 2022 08:00 (UTC-07:00) America/Los_Angeles (PDT) Full Day English GSI-Pasadena, CA 3,200.00 USD Add to cart
Nov 01, 2022 Nov 04, 2022 08:00 (UTC-07:00) America/Los_Angeles (PDT) Full Day English Virtual Classroom - North America GSI Pacific Time 3,200.00 USD Add to cart