CompTIA Security+ (SY0-601) Cert Prep: 9 Operations and Incident Response

This course prepares you for the Operations and Incident Response domain of the Security+ exam, covering incident responses and investigations, as well as digital forensic techniques.

Introduction

• Operations and incident response
• What you need to know
• Study resources

1. Incident Response Programs

• Build an incident response program
• Creating an incident response team
• Incident communications plan
• Incident identification
• Escalation and notification
• Mitigation
• Containment techniques
• Incident eradication and recovery
• Validation
• Post-incident activities
• Incident response exercises

2. Attack Frameworks

• MITRE ATT&CK
• Diamond Model of Intrusion Analysis
• Cyber kill chain analysis

3. Incident Investigation

• Logging security information
• Security information and event management
• Cloud audits and investigations

4. Forensic Techniques

• Conducting investigations
• Evidence types
• Introduction to forensics
• System and file forensics
• File carving
• Creating forensic images
• Digital forensics toolkit
• Operating system analysis
• Password forensics
• Network forensics
• Software forensics
• Mobile device forensics
• Embedded device forensics
• Chain of custody
• Ediscovery and evidence production
• Exploitation frameworks

Conclusion

• Continuing your studies