The most trusted source for computer security training, certification and research.

select a course
Las Vegas, NV - October 10 - 20, 2008
Global Information Assurance Certification

Provided more depth on available tools than any other conference!
-Eric Moriak, Flowserve

SECURITY 551

First Responder

Saturday, October 11, 2008 : 9am - 5pm
David Hoelzer, SANS Faculty Fellow
6 CPE Credis

Last chance to take this course as a one-day stand-alone course!

This is an introductory course in incident handling and the basics of system forensics that is designed to help participants function as first responders. First responders are typically system administrators, network administrators, application administrators, or security professionals who are often tasked with daily duties that do not usually involve incident response or digital forensics. This course is recommended for those individuals that share this responsibility or that are interested in learning more about incident response and forensics. We cover some theory; however, it is primarily technical in nature and will show the student what to do and how to do it. Although this course covers some material that is covered in SEC 504 & SEC 508, it is not intended to be considered a replacement, as those courses are more comprehensive and designed for individuals who lead or are part of an incident response team and those responsible for detailed forensic analysis, respectively.
  • Who Should Attend
    • Administrators and security professionals who are responsible for identifying or explaining unusual occurrences on networks or systems
    • Anyone interested in understanding the basics of incident response and forensics
    • Managers who want to understand the legal implications and technical limitations associated with incident response
  • Course Objectives
    • Master the principles of incident response and digital forensics
    • Understand the operational framework for incident response and the role of the first responder
    • Become familiar with the ramifications of first responder actions
    • Become familiar with technical limitations and common challenges faced by first responders
    • Illustrate best practices and procedures through the use of tools (lab exercises) and technical demonstration
  • SANS First Responder Course Topics
    • Forensic Methodology
    • Incident Response Methodology
    • Forensic Response Tools & Techniques

SANS is without a doubt the best technical training organization out there. If I had to limit my training budget to one course per year, it would be from SANS.
-Anthony DiMarco, Osteotech, Inc.

Author Statement

When adverse conditions affect a system or network, there is often little time to make decisions. Quite often there is a desire to restore operations immediately, regardless of whether a breach is suspected or confirmed. This course was written and revised for those individuals who are responsible for understanding and explaining adverse conditions such that the actions taken to understand the events of interest are not problematic.
- Jeff Palatt