Certified Incident Handler (ECIH) v2

Certified Incident Handler (ECIH) v2

by ACI Learning, Adam Gordon, Daniel Lowrie
Released January 2024
Publisher(s): Packt Publishing
ISBN: 9781835883006

Watch it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Video description

The course begins with an exploration of fundamental concepts in information security and incident management, covering topics such as Vulnerability Management, Threat Assessments, Risk Management, and the NIST RMF.

The course guides you through the incident handling process, from preparation to post-incident activities. Learn how to prepare for incident handling, record and assign incidents, perform incident triage, and handle notifications effectively. The curriculum covers incident containment, evidence gathering, forensic analysis, eradication, recovery, and post-incident activities. Gain hands-on experience with ethical hacking tools and techniques, preparing you to address real-world cybersecurity challenges.

The course explores various security incidents, including network security, unauthorized access, inappropriate usage, denial-of-service, and web application security incidents. Additionally, delve into cloud security, insider threats, and essential security checks.

Upon course completion, you'll possess critical security analysis and incident response skills, equipping you to identify, address, and prevent complex cyber threats effectively.

What you will learn

  • Develop a deep understanding of the incident handling process from preparation to post-incident activities
  • Gain practical experience in digital evidence collection and forensic analysis
  • Effectively manage various security incidents, including malware, network, and web application security incidents
  • Grasp essential cloud security concepts and best practices
  • Identify and mitigate insider threats effectively
  • Utilize tools like OSForensics, Wireshark, and NMAP for cybersecurity tasks

Audience

This course is suitable for cybersecurity professionals, ethical hackers, incident responders, and individuals seeking to enhance their cybersecurity skills. A basic understanding of information security concepts is recommended.

About the Authors

ACI Learning: ACI Learning trains leaders in Cybersecurity, Audit, and Information Technology. Whether starting an IT career, mastering a profession, or developing a team, they provide essential support at every step.

Adam Gordon: Adam Gordon has 30+ years as an IT instructor in the private and public sectors. He holds more than 160 IT certifications. He has trained thousands of IT pros over the course of his career. He has over 160 professional and IT certifications.

Daniel Lowrie: After working professionally as a systems administrator and as a network administrator, Daniel switched to IT education. His certifications include CompTIA A+, Network+, Linux+, CySA+, and PenTest+; CEH; MCSA; CFR; eJPT.

Table of contents

  1. Chapter 1 : Introduction to Information Security and Incident Management
    1. Overview
    2. ECIHv2 EC-Council Certification Overview
    3. Information Security and Incident Management
    4. What is Vulnerability Management
    5. What are Threat Assessments
    6. Risk Management - Vocabulary
    7. Risk Management - The Process
    8. Risk Management - The NIST RMF
    9. Incident Handling best practices, standards, frameworks
    10. Incident Handling and Legal Compliance
  2. Chapter 2 : Incident Handling and Response Process
    1. Step 1: Prepare for Incident Handling, Response
    2. Step 2: Incident Recording and Assignment
    3. Step 3: Incident Triage
    4. Step 4: Notification
    5. Step 5: Containment
    6. Step 6: Evidence Gathering and Forensic Analysis
    7. Step 7: Eradication
    8. Step 8: Recovery
    9. Step 9: Post-Incident Activities
  3. Chapter 3 : Digital Evidence and Forensics
    1. Forensics and first response
    2. Principles of Digital Evidence Collection
    3. Data Acquisition
    4. Volatile Evidence Collection
    5. Static Evidence Collection and Anti-Forensics
  4. Chapter 4 : Malware Incident Handling
    1. Preparation for Handling Malware Incidents
    2. Detection of Malware Incidents
    3. Containment of Malware Incidents
    4. Eradication of Malware Incidents
    5. Recovery after Malware Incidents
  5. Chapter 5 : Email Security Incident Handling
    1. Handling Email Security Incidents
  6. Chapter 6 : Network Security Incident Handling
    1. Preparation Handling Network Security Incidents
    2. Detection, Validation Network Security Incidents
    3. Handling Unauthorized Access Incidents
    4. Handling Inappropriate Usage Incidents
    5. Handling Denial-of-Service Incidents
    6. Handling Wireless Network Security Incidents
  7. Chapter 7 : Web Application Security Incident Handling
    1. Preparation to Handle Web App Security Incidents
    2. Detecting, Analyzing Web App Security Incidents
    3. Containment of Web Application Security Incidents
    4. Eradication of Web Application Security Incidents
    5. Recovery from Web Application Security Incidents
    6. Web Application Security Threats and Attacks
  8. Chapter 8 : Cloud Security Incidents
    1. Cloud Computing Concepts
    2. Best Practices Against Cloud Security Incidents
  9. Chapter 9 : Insider Threats Best Practices
    1. Best Practices Against Insider Threats
  10. Chapter 10 : Advanced Security Analysis and Tools
    1. Security checks using buck-security on Linux
    2. Volatile evidence collection - Linux, Windows
    3. Using OSForensics to find hidden material
    4. Analyzing non-volatile data using Autopsy
    5. Malware analysis
    6. Collecting information by tracing emails
    7. Using OSSIM
    8. Using Wireshark and NMAP
    9. Using Suricata IDS
    10. What does a SQL Injection Attack look like
    11. What does a XSS Attack look like

Product information

  • Title: Certified Incident Handler (ECIH) v2
  • Author(s): ACI Learning, Adam Gordon, Daniel Lowrie
  • Release date: January 2024
  • Publisher(s): Packt Publishing
  • ISBN: 9781835883006