Incident Response and Cyber Forensics

This program equips SOC analysts, incident responders, forensic investigators, and security operations professionals with the operational frameworks and investigative skills required to detect, analyze, contain, and recover from cybersecurity incidents. You will begin by exploring security monitoring principles, SIEM correlation workflows, and endpoint telemetry analysis to transform alerts into structured investigations. Through applied demonstrations, you will learn how to differentiate baseline activity from malicious behavior and interpret abnormal network patterns. Building on monitoring foundations, you will analyze denial-of-service and distributed denial-of-service attack patterns using packet capture tools such as Wireshark. You will investigate traffic anomalies, identify flooding behavior, and apply mitigation strategies to protect network availability. Next, the program advances into structured incident response planning. You will examine incident lifecycle stages, define roles and responsibilities, classify and prioritize incidents, and develop coordinated response playbooks. Through readiness simulations and structured exercises, you will learn how effective planning reduces response time and improves accountability. The course then introduces digital forensic principles, including evidence integrity, log and file analysis, timeline reconstruction, and memory capture simulations. You will learn how to document investigations, preserve evidence, and reconstruct events to support defensible reporting. Finally, you will integrate detection, response, forensic analysis, containment, eradication, and recovery processes in an end-to-end incident simulation project, demonstrating full lifecycle incident management aligned with enterprise standards. By the end of this program, you will be able to: -Apply SIEM correlation and endpoint monitoring techniques. -Detect and analyze DoS and DDoS attack patterns. -Structure incident classification and prioriti