Incident Response and Digital Forensics

This programme equips IT professionals and security teams with the structured skills to detect, contain, investigate, and recover from cybersecurity incidents. Covering the full incident response lifecycle and an introduction to digital forensics, participants will leave with practical procedures they can implement immediately in their organisation.

Programme Modules

Incident Response Fundamentals
The incident response lifecycle: preparation, detection, containment, eradication, recovery, and post-incident review. Building an incident response plan from scratch.

Threat Detection and Analysis
Identifying indicators of compromise (IoC), analysing logs and alerts, using SIEM tools, and distinguishing true positives from false positives.

Containment and Eradication
Short-term and long-term containment strategies. Removing malware, closing attack vectors, and restoring systems safely without destroying forensic evidence.

Introduction to Digital Forensics
Forensic principles, chain of custody, evidence preservation, disk imaging, memory forensics basics, and working with forensic tools including Autopsy and Volatility.

Ransomware and Malware Incident Handling
Step-by-step response to ransomware attacks including isolation, communication, recovery options, and post-incident hardening. Real Malaysian and regional case studies.

Reporting and Post-Incident Review
Writing an incident report, communicating with management and regulators, lessons learned documentation, and updating defences based on findings.

Final Activity: Incident Response Tabletop Exercise
Participants work through a simulated ransomware attack scenario in teams. Each team must detect, contain, investigate, and report the incident following proper procedures, with a full debrief at the end.

Key Outcomes:
Build and execute a structured incident response plan
Detect and analyse security incidents using log data and SIEM tools
Apply containment and eradication procedures without compromising evidence
Conduct a basic digital forensics investigation following chain of custody principles
Respond to ransomware and malware incidents using a structured playbook
Produce a professional incident report for management and regulatory audiences

Fee: RM 1,750 per participant (minimum 3 participants)
Duration: 2 Days
Training Hours: 9:00 AM to 5:00 PM
Level: Intermediate (basic IT security knowledge required)
Training Mode: Physical, Online, or Hybrid
HRD Corp Claimable
Certificate of Completion included

Frequently Asked Questions

Basic IT and networking knowledge. Security+ or equivalent experience is recommended. This is not suitable for complete beginners.

Yes.

Yes. Scenarios can be adapted for banking, healthcare, government, and manufacturing contexts where regulatory reporting obligations differ.

Yes, though physical delivery is preferred for the tabletop exercise.

Up to 20 participants.