Download Training Directory (2021) Download Now

Oct 2019

Professional Certificate in Cyber Forensic in Incident Response & Log Investigation

Course Information

Start Date16 Oct 2019, Wednesday
End Date18 Oct 2019, Friday
Time09:00 am - 05:00 pm
Venue100 Orchard Road, Concorde Hotel Singapore
Fee$1800 (Excluding GST) Inclusive of hotel buffet lunch, light refreshments and course materials
Contact6720 3333 (Ms Chye Fen) chyefen@asm.edu.sg
Register Now
Get Group Quote
LIVE Stream


Cyber criminals and disgruntled employees are using highly sophisticated tools and backdoor programmes to steal intellectual property and expose confidential information – and they can cover their tracks in the process. In this 3-day module, participants will be provided with the forensic techniques to uncover and identify a perpetrator’s tracks and to effectively recover from an attack. This course will provide a step by step guide to incident response framework and different cyber-attack vectors, the concept of base lining normal day-to-day activities in order to detect anomalies, which may point to potential cyber-attacks and containment and quarantine strategies. focuses on developing the skill sets and techniques to perform data and evidence extraction as part of identification and containment phase, and various methods to eradicate cyber threats as well as considerations for recovering production during a cyber incident.

Learning Objectives
At the end of this Advanced Certification, course participants are expected to be competent to do the following:

  • Windows OS investigation
  • Email Header Analysis
  • Internet Browser Analysis
  • Network Log Analysis
  • Understand the key components to building and preparing an effective incident response team.
  • Carry out triage and forensic imaging to extract relevant artefacts for investigation.
  • Apply forensically sound methods to identify, contain and eradicate cyber threats.
  • Draft report to account for investigation findings.
Key Takeaways
Day 1: Forensics Investigation of Windows Artefacts

This certification will focus on the inner workings of various Windows Operating Systems and how to carry out forensic investigation on Windows artefacts. Participants will learn to identify file executions and recover deleted files. They will analyse Windows logs to look for potentially malicious events, how email works and how-to analysis email headers to determine the source and authenticity of emails.

Day 2: Network Log Analysis

It focuses on analysing internet browser artefacts. Participants will learn to use artefacts store by browsers to determine sites that have been visited, the files accessed, and actions carried out by users. They will be introduced to the basics of network log analysis and common tools used by industry professionals in Network Log Analysis

Day 3: Developing Incident Response Framework

Given the frequency and complexity of today’s cyber-attacks, incident responders should be armed with the latest tools, memory analysis techniques, and enterprise methodologies in order to identify and assess the impact of incidents, track and contain advanced adversaries and to remediate incidents. This module will focus on the cyber security fundamentals relating to incident response.

Course Outlines - Day One
  • Windows Operation System components
    • Difference in Windows versions

    Advance Data Acquisition techniques

    • Advance cloning / Imagining
    • Physical vs Logical Acquisition
    • Write Blocker
    • RAM Acquisition
    • Registry Extraction
    • Detecting Encrypted Drives
    • SSD vs. Standard Platter-Based Hard Drives
    • SSD Acquisition Concerns
    • Linux / Mac data acquisition

    User Forensic Data analysis

    • Discover Usernames and the SID Mapped to Them
    • Last Login /Last Failed Login
    • Login Count
    • Evidence of File Downloads
    • Office and Office 365 File History Analysis
    • Windows 7, Windows 8/8.1, Windows 10 Search History
    • Typed Paths and Directories
    • Recent Documents (Recent Documents) / .Lnk Analysis

    USB & Removable Device Forensic Examinations

    • Vendor/Make/Version
    • Unique Serial Number
    • Last Drive Letter
    • MountPoints2 – Last Drive Mapping Per User (Including Mapped Shares)
    • Volume Name and Serial Number
    • Username that Used the USB Device
    • Time of First USB Device Connection
    • Time of Last USB Device Connection
    • Time of Last USB Device Removal

    Email Forensics

    • Evidence of User Communication
    • Email Header Examination
    • Email Authenticity
    • Determining a Sender’s Geographic Location
    • Host-Based Email Forensics
    • Recovering Deleted Emails
    • Web and Cloud-Based Email
    • Email Searching and Examination

    Browser History analysis

    • Internet Explorer / Chrome / Firefox
    • Cache, cookies, download history
    • SQLite analysis

    Advance Data Recovery

    • Principles of Data Carving
    • Loss of File System Metadata / Metadata Carving
    • File Carving Tools
Course Outlines - Day Two
  • Network Forensics Basics 
    • Fundamentals
    • Strategies
    • Evidence Gathering techniques
    • Role of a web proxy
    • Proxy solutions – commercial and open source

    Network Evidence Acquisition

    • Three core types: full-packet / Logs / NetFlow
    • Pcap filtering
    • Tcpdump introduction
    • Wireshark introduction

    Data Sources and Network Log Sources

    • Proxy logs / syslogs / DHCP logs
    • Hypertext Transfer Protocol (HTTP): Protocol and Logs
    • Email Logs
    • Firewall logs / VPN logs
    • DHCP logs / DNS logs
    • Web server logs

    Intrusion Detection System and Network Security Monitoring

    • Rules and signatures
    • Families of IDS and NSM solutions
    • Open source Solutions
Course Outlines - Day Three
  • Introduction to incident response
    • Preparation & Scoping
    • Incident response frameworks
    • Creating Incident Response Requirements
    • Real time Incident Response Tactics

    Incident response scenarios and protocols

    • Malware / Ransomware attacks
    • Phishing Attack
    • Brute force attack
    • Denial-of-Service DoS attack
    • Exfiltration / Internal Attack

    Threat Hunting and cyber intelligence

    • Importance of threat hunting & Cyber Threat Intelligence
    • Building a Continuous Incident Response/Threat Hunting Capability
    • Identification of Compromised Systems
    • Finding Active and Dormant Malware

    Malware & Anti-Forensic Analysis

    • Introduction to Malware & Malicious code
    • Introduction to Anti Forensics
    • Malware Characteristics
    • Common Hiding Mechanisms
    • Evolution of Malware & Motivations
    • Infection methods & introduction to packers

    Memory Analysis

    • Acquisition of System Memory
    • Analyze Process DLLs and Handles & Code Injection
    • Acquire Suspicious Processes and Drivers
    • Live Memory Forensics

    Advanced persistent threat (APT)

    • APT introduction
    • Cyber Kill Chain
    • APT detection and protection


    • Incident Reporting Template
Who Must Attend?
  • Anyone who wishes to know what constitutes IT fraud and wants to avoid being a target;
  • Working professionals, such as managers and engineers in the IT, security and legal industries;
  • Corporate attorneys and legal professionals; Forensic Accountants Government Accountants; Investigators; Independent Auditors; Internal Auditors; Law Enforcement Officers; Recruitment Managers; Human Resource Managers Finance Managers Professional
“This was my second workshop with Ali. He is definitely still a great teacher and an irreplaceable resource for best practice tips and questions on current events in the industry. The number one quality that I like about Ali and his courses is that he is extremely patient, well-prepared and succinct.” – Juliana Low, Assistant Manager for Spotify Singapore

“Ali did an incredible job. I have been to hundreds of hours of training seminars and this is one of the best. I actually learned useful, practical materials and greatly improved my logic for my work and personal life. This is how corporate training should benefit participants.” – Mohammad Ismail, Business Development Manager for the Ministry of Manpower, Singapore

“The class size was kept to a moderate size which was a big relief – I was able to maximise my engagement and learning in this specialised course. Ali was also able to answer all my questions. He is definitely a subject expert in his field. I will be enrolling in the Graduate Diploma Programme that he is also facilitating.”  – Shruti Krishnan, IT Development Manager, Singapore Customs

Trainer Profile

Ali Fazeli has been involved in the information technology field since his younger days. He later pursued higher education in the field of Internet security and management from Curtin University, Australia. He is a highly interactive and innovative trainer, whose work is based on research and applied knowledge from extensive experiences in computer security, data recovery, digital forensic investigation, anti-forensic and cyber war.

For more than a decade in his career, Ali has assisted and trained numerous information technology security professional in Asia. He is accredited as a specialist in the successful investigation and prosecution of fraudsters from the dark and underworld of Internet.

Ali is one of the most versatile IT security professional and expert in the world, having taken on roles and responsibilities ranging from becoming an advisory expert to guidance consultant. Today, he spends a substantial amount of his time consulting, advising and training IT security professionals. Ali has also contributed extensively to helping numerous governments and private organizations face IT risks and provide security recommendations. Some of his clients include Nanyang Polytechnic, Grant Thornton, the Singapore Armed Forces (SAF) and the Singapore Police Force (SPF).