IR280 - EnCase Endpoint Security Training

Duration: 4 Days

**Formerly EnCase Cybersecurity and Analytics

Please note that this course is product-specific for OpenText™ EnCase™ Endpoint Security. Students should have a good understanding of using EnCase Endpoint Investigator (formerly EnCase Enterprise) for incident response investigations. Advance preparation for this course is not required.

The EnCase Endpoint Security solution provides powerful network-enabled incident response capabilities and forensic-grade data risk assessments to expose and remediate threats, unauthorized software, and software misuse — whether it be the latest malware, suspicious insider activity, or errant use of known good binaries.

This hands-on course is designed to provide computer investigation and information security professionals with the skills to conduct incident analysis and response, data risk mitigation, and with data policy compliance techniques using the EnCase Endpoint Security solution.

Upon completion of this course, you will be able to use EnCase Endpoint Security to:

• Reduce the risk and cost of damage that advanced malware causes to data assets
• Reduce the time associated with successfully resolving security incidents
• Understand how to integrate the various participants to ensure a cohesive response to threats

Delivery method: Classroom. NASBA defined level: basic.

CPE Credits - 32

Students will also learn how to assess and control endpoint risk. Students will be able to identify anomalous processes across the network, targeting processes that pose potential risk to sensitive data.

This course will cover the following topics:

• Cybersecurity issues currently facing corporations and organizations
• The capabilities provided with EnCase Endpoint Security
• Setting up and configuring EnCase Endpoint Security to begin investigations
• Creating investigations using the EnCase Endpoint Security web interface
• Navigating through an investigation
• Detection and analysis of processes running on the endpoints – hidden or not
• Creating a job to acquire RAM using the Memory Acquisition module
• Using preconfigured and custom-built policy filters to detect malicious or suspicious activity
• Creating and importing hash lists for better process categorization
• Using conditions to focus searches
• Creating snapshots and using snapshot technology Using preconfigured and custom-built policy filters to detect malicious or suspicious activity
• Conducting searches of the Windows® Registry

Course Syllabus

Audience

This course is intended for corporate and government investigators and network security personnel who own the OpenText™ EnCase™ Endpoint Security product. Incident response supervisors and team members are encouraged to attend as are individuals working in a data audit, policy enforcement, or network intrusion investigation role. An understanding of the concepts of computer forensics is required. Knowledge of computer networking hardware, protocols, and concepts is helpful, but not required. Class curriculum is designed to provide a good overview of using EnCase Endpoint Security as a data-centric, cyber-forensic solution for incident response and risk management.

Prerequisites

Please note that this course is product-specific for EnCase Endpoint Security. Students should have a good understanding of using EnCase Endpoint Investigator (formerly EnCase Enterprise) for incident response investigations. Advance preparation for this course is not required.