Register for Network Security-Vegas by Sept. 3 for $250 discount. >> More Info
the most trusted source for computer security training, certification and research
select a course
Norfolk, VA - June 27, 2008
Global Information Assurance Certification

This is the real deal - no fluff!
-Nancy Rice, Capital Blue Cross

SECURITY 551

First Responder

Friday, June 27, 2008 : 9am - 4pm
Jeffrey Palatt, IBM Internet Security Systems
6 CPE Credis

This is a special dry run of this course whose materials are still being fine-tuned. We are offering it at a discount at this event in exchange for the students' feedback and critique, which will help us improve and finalize the course's content and exercises.


This is an introductory course in incident handling and the basics of system forensics that is designed to help participants function as first responders. First responders are typically system administrators, network administrators, application administrators, or security professionals who are often tasked with daily duties that do not usually involve incident response or digital forensics. This course is recommended for those individuals that share this responsibility or that are interested in learning more about incident response and forensics. We cover some theory; however, it is primarily technical in nature and will show the student what to do and how to do it. Although this course covers some material that is covered in SEC 504 & SEC 508, it is not intended to be considered a replacement, as those courses are more comprehensive and designed for individuals who lead or are part of an incident response team and those responsible for detailed forensic analysis, respectively.
  • Who Should Attend
    • Administrators and security professionals who are responsible for identifying or explaining unusual occurrences on networks or systems
    • Anyone interested in understanding the basics of incident response and forensics
    • Managers who want to understand the legal implications and technical limitations associated with incident response
  • Course Objectives
    • Master the principles of incident response and digital forensics
    • Understand the operational framework for incident response and the role of the first responder
    • Become familiar with the ramifications of first responder actions
    • Become familiar with technical limitations and common challenges faced by first responders
    • Illustrate best practices and procedures through the use of tools (lab exercises) and technical demonstration
  • SANS First Responder Course Topics
    • Forensic Methodology
    • Incident Response Methodology
    • Forensic Response Tools & Techniques
Author Statement

When adverse conditions affect a system or network, there is often little time to make decisions. Quite often there is a desire to restore operations immediately, regardless of whether a breach is suspected or confirmed. This course was written and revised for those individuals who are responsible for understanding and explaining adverse conditions such that the actions taken to understand the events of interest are not problematic.
- Jeff Palatt