ECIH Cert Prep: Certified Incident Handler v2 (212-89)

Learn the skills you need to become a successful incident handler and response team member, with an eye on passing the Certified Incident Handler v2 (E|CIH) exam.

Introduction

• Overview
• ECIH v2 EC-Council certification overview

1. Incident Handling and Response Process

• Information security and incident management
• What is vulnerability management?
• What are threat assessments?
• Risk management: Vocabulary
• Risk management: The process
• Risk management: The NIST RMF
• Incident handling best practices, standards, and frameworks
• Incident handling and legal compliance

2. Forensic Readiness and First Response

• Step one: Prepare for incident handling and response
• Step two: Incident recording and assignment
• Step three: Incident triage
• Step four: Notification
• Step five: Containment
• Step six: Evidence gathering and forensic analysis
• Step seven: Eradication
• Step eight: Recovery
• Step nine: Postincident activities

3. Handling and Responding to Malware Incidents

• Forensics and first response
• Principles of digital evidence collection
• Data acquisition
• Volatile evidence collection
• Static evidence collection and anti-forensics

4. Handling and Responding to Email Security Incidents

• Preparation for handling malware incidents
• Detection of malware incidents
• Containment of malware incidents
• Eradication of malware incidents
• Recovery after malware incidents

5. Handling and Responding to Network Security Incidents

• Handling email security incidents

6. Handling and Responding to Web Application Security Incidents

• Preparation handling network security incidents
• Detection and validation of network security incidents
• Handling unauthorized access incidents
• Handling inappropriate usage incidents
• Handling denial-of-service incidents
• Handling wireless network security incidents

7. Handling and Responding to Cloud Security Incidents

• Preparation to handle web app security incidents
• Detecting and analyzing web app security incidents
• Containment of web app security incidents
• Eradication of web app security incidents
• Recovery from web app security incidents
• Web app security threats and attacks

8. Handling and Responding to Insider Threats

• Cloud computing concepts
• Best practices against cloud security incidents

9. Hands-On with ECIH Tools

• Best practices against insider threats

Conclusion

• Security checks using buck-security in Linux
• Volatile evidence collection in Linux and Windows
• Using OSForensics to find hidden material
• Analyzing nonvolatile data using the Autopsy tool
• Malware analysis
• Collecting information by tracing emails
• Using OSSIM
• Using Wireshark and Nmap
• Using Suricata IDS
• What does a SQL injection attack look like?
• What does a XSS attack look like?