Back to trainings
Cybersécurité
Endpoint Forensics – Investigation and Remediation on Compromised Workstations
5 jour(s) • 35h
Description
Training objective: Master advanced forensic analysis tools and techniques for workstations to identify, understand, and counter sophisticated attacks (APT, ransomware, persistent threats). Learn to use memory, system files, logs, Windows artifacts, and open-source tools to conduct comprehensive, large-scale investigations on infected workstations.
Learning Objectives
- Identify evidence of compromise on a Windows workstation
- Conduct advanced memory and system analysis using open-source tools
- Reconstruct attack steps through temporal artifacts
- Detect subtle persistence mechanisms used by advanced adversaries
- Automate incident response and collection at scale (Velociraptor, PowerShell)
- Develop remediation recommendations based on field analysis
Target Audience
Forensic analysts, incident responders, Blue Team, CERT members
Security administrators handling infected systems
Incident response security consultants
Prerequisites
Strong knowledge of Windows systems.
Basic knowledge of cybersecurity and IT architecture.
Familiarity with command-line interfaces (PowerShell, CMD).
Program Outline
Informations
Duration
5 jour(s)
35h
Tarif
3450 € HT
HT