ISAC Cambodia (InfoSec)

SD0108-Basic Incident Analyst

1. Introduction 

Cyber attack is an attack launched from one or more computers against another computer, multiple computers or networks. Cyber attacks can be broken down into two broad types: attacks where the goal is to disable the target computer or knock it offline, or attacks where the goal is to get access to the target computer’s data and perhaps gain admin privileges on it. 

Your online services will definitely getting hit by one day and as in cybersecurity official in charge, you need to have at least basic skill for cyber incident investigation. 

2. Course Objective 

 The objective of this course is to equipped students with the basic knowledge how to gather initial digital footprint as part of the whole investigation case. 

  • Understanding the basic function of incident response unit
  • Familiar with basic Domain and IP address investigation
  • Understanding OWASP 
  • Understanding Log analysis 
  • Basic email investigation 

3. Course outcome 

After completed this course, the participants will be able to:

  • Describe the basic function of incident response team 
  • Find the origin of domain name and IP address 
  • Familiar with basic log analysis for web attack and their protection 
  • Investigate the source of email attack 
  • And Hand-on case study on cyber investigation 

4. Pre-requirement of the participants 

The participant needs to have:

  • Basic knowledge on Information Technology and Operation System (Windows and Linux)
  • Familiar with networking, Internet and e-mail concept 
  • Basic knowledge in Linux command 
  • Bring your own laptop 

5. Course Outline 

Day 1 

Time ContentOthers
08.30 – 10:00Module 1 – Cyber Threat Trend 
10:00 – 10:20Coffee Break  
10:20 – 12:00Module 2 – CSIRT & Its Operation  
12:00 – 13:30Lunch Break  
13:30 – 15:00Module 3 – Basic Investigation on IP, Service and Domain Name  
15:00 – 15:20Coffee Break 
15:20 – 16:45Lab Practice on Basic Investigation  
16:45 – 17:00 End of Day 1 

Day 2 

Time ContentOthers
08.30 – 10:00Module 4 – Top Ten OWASP 
10:00 – 10:20Coffee Break  
10:20 – 12:00Module 5 – Understanding Web Log 
12:00 – 13:30Lunch Break  
13:30 – 15:00Module 6 – Basic Linux and Analyst Tools  
15:00 – 15:20Coffee Break 
15:20 – 16:45Lab Practice on Web Attack analysis  
16:45 – 17:00 End of Day 2 

Day 3

Time ContentOthers
08.30 – 10:00Module 7 – Email Analysis  
10:00 – 10:20Coffee Break  
10:20 – 12:00Lab Practice on Email Trace Analysis 
12:00 – 13:30Lunch Break  
13:30 – 15:00Module 8 – Network Packet Analysis  
15:00 – 15:20Coffee Break 
15:20 – 16:45Lab Practice on Network Analysis   
16:45 – 17:00 End of Day 3 

Back to top button