This specialist-level course is for professionals who are looking to develop and improve their knowledge or ability in the Cyber Security Incident Response (CSIR) field. Ths course follows the CREST incident response model and focuses on the knowledge required to effectively respond to a cyber incident.

Key Benefits:-

This course will enable you to:

  • Learn the knowledge required to undertake incident response activities
  • Gain confidence to identify and capture live Operating System artefacts

Upon successful completion of the exam, you will be awarded the Certified Cyber Security Incident Response (CSIR) qualification.

The course will also provide underpinning knowledge required to undertake the CREST CRIA certification.

Who Should Attend

Cyber security professionals or digital forensic investigators who want to extend their knowledge and skills in the CSIR field.


You will need some experience or a good understanding of:-

  • The CSIR process
  • Windows Operating Systems
  • Command line interface
  • Computer networks
  • Forensic investigations
  • Malware investigations

Delegates will learn how to

The Skills You Will Learn:-

  • You will learn the knowledge required to respond to a cyber incident
  • You will practice all the fundamental skills needed to be an effective member of a CSIR team



The course syllabus follows the CREST CRIA knowledge requirement. A sample of course content includes:

  1. Engagement Lifecycle Management
    1. Benefits of Incident Response & preparation
    2. Incident Response engagements, procedures & processes
  1. Threat Assessment
    1. Understand threat assessments and attacker motivation
  1. Law & Compliance
    1. Knowledge of pertinent legislation & regulatory requirements
  1. Windows Operating System
    1. Windows NT architecture
    2. Registry & start-up locations
    3. Removable storage
    4. Account types & access Control
    5. Executed files and associated processes
  1. Networking
    1. Understanding network architectures
    2. IP routing
    3. Windows domain
    4. IEEE 802.11
    5. Traffic capture
  1. Cryptography
    1. Encryption types
    2. Hashing
    3. Encryption Protocols
  1. Common Data Formats
    1. Understand common data formats
  1. Storage Media
    1. Storage media types
    2. RAID basics
  1. NTFS File System
    1. File structures
    2. ACL’s and SID’s
    3. File carving
  1. Open Source Investigations
    1. Whois records
    2. Search engines
    3. Social media
    4. Other online resources
  1. Host Based Acquisition
    1. File & Data Extraction
    2. Memory Extraction
  1. Malware & Investigations
    1. Understanding web based attacks
    2. Infection vectors, rootkits & hiding techniques
    3. Live malware analysis
    4. Traffic capture and unusual protocol behaviour
    5. Reporting requirements