Incident Response: Evidence Collection in Windows
English | 1h 46m | Video 720p | Subtitles
If your organization is the victim of a cyberattack, will you be ready to respond? An incident responder or digital forensics technician has to be prepared to properly collect digital evidence as soon as an event is reported. This course teaches you how to quickly triage affected systems, securely collect digital evidence, and create your collection report for further forensic analysis. Digital forensic examiner (DFE) Jason Dion explains how to build a portable toolkit of trusted tools, both proprietary and open source, to collect evidence from Windows machines: volatile data from workstations, non-volatile data from hard drives and USBs, and disk images. Jason also shows how to deal with encryption challenges, document your collection efforts, and build a finalized collection report.
Topics include: Preparing for an incident response event Installing the right tools Acquiring volatile and non-volatile data Acquiring memory images Documenting users, connections, processes, and files Collecting disk attributes Verifying data collection Imaging a drive BitLocker encryption Creating an evidence report Homepage: https://www.lynda.com/IT-tutorials/Incident-Response-Evidence-Collection-Windows/2804070-2.html
TO MAC USERS: If RAR password doesn't work, use this archive program:
RAR Expander 0.8.5 Beta 4 and extract password protected files without error.
TO WIN USERS: If RAR password doesn't work, use this archive program:
Latest Winrar and extract password protected files without error.