Certified Incident Handler (ECIH) v2

ECIH v219 H 34 M

Just you? Training a whole team? There's an ITProTV plan that fits.

Start Training Today
  • Introduction to Incident Handling and Response
    • Overview
    • ECIHv2 EC-Council Certification Overview
    • Information Security and Incident Management
    • What is Vulnerability Management
    • What are Threat Assessments
    • Risk Management - Vocabulary
    • Risk Management - The Process
    • Risk Management - The NIST RMF
    • Incident Handling best practices, std., frameworks
    • Incident Handling and Legal Compliance
  • Incident Handling and Response Process
    • Step 1: Prepare for Incident Handling, Response
    • Step 2: Incident Recording and Assignment
    • Step 3: Incident Triage
    • Step 4: Notification
    • Step 5: Containment
    • Step 6: Evidence Gathering and Forensic Analysis
    • Step 7: Eradication
    • Step 8: Recovery
    • Step 9: Post-Incident Activities
  • Forensic Readiness and First Response
    • Forensics and first response
    • Principles of Digital Evidence Collection
    • Data Acquisition
    • Volatile Evidence Collection
    • Static Evidence Collection and Anti-Forensics
  • Handling and Responding to Malware Incidents
    • Preparation for Handling Malware Incidents
    • Detection of Malware Incidents
    • Containment of Malware Incidents
    • Eradication of Malware Incidents
    • Recovery after Malware Incidents
  • Handling and Responding to Email Security Incidents
    • Handling Email Security Incidents
  • Handling and Responding to Network Security Incidents
    • Preparation Handling Network Security Incidents
    • Detection, Validation Network Security Incidents
    • Handling Unauthorized Access Incidents
    • Handling Inappropriate Usage Incidents
    • Handling Denial-of-Service Incidents
    • Handling Wireless Network Security Incidents
  • Handling and Responding to Web Application Security Incidents
    • Preparation to Handle Web App Security Incidents
    • Detecting, Analyzing Web App Security Incidents
    • Containment of Web Application Security Incidents
    • Eradication of Web Application Security Incidents
    • Recovery from Web Application Security Incidents
    • Web Application Security Threats and Attacks
  • Handling and Responding to Cloud Security Incidents
    • Cloud Computing Concepts
    • Best Practices Against Cloud Security Incidents
  • Handling and Responding to Insider Threats
    • Best Practices Against Insider Threats
  • Hands-On with E|CIH Tools
    • Security checks using buck-security on Linux
    • Volatile evidence collection - Linux, Windows
    • Using OSForensics to find hidden material
    • Analyzing non-volatile data using Autopsy
    • Malware analysis
    • Collecting information by tracing emails
    • Using OSSIM
    • Using Wireshark and NMAP
    • Using Suricata IDS
    • What does a SQL Injection Attack look like
    • What does a XSS Attack look like


4 M

itprotv course thumbnailitprotv course thumbnailitprotv course thumbnail
  • Episode Description
  • Transcript

This course covers the exam objectives of EC-Council's Certified Incident Handler v2 (E|CIH) program. It discusses the basic skills to handle and respond to security events and addresses various underlying principles and techniques for detecting and responding to current and emerging computer security threats. The incident handling skills taught in E|CIH are complementary to the job roles below as well as many other cybersecurity jobs: Penetration Testers Vulnerability Assessment Auditors Risk Assessment Administrators Network Administrators Application Security Engineers Cyber Forensic Investigators/ Analyst and SOC Analyst System Administrators/Engineers Firewall Administrators and Network Managers/IT Managers

You're watching ITProTV. [MUSIC] >> Greetings and welcome to the ECIH series here at ITProTV. I will be your host throughout the series and my name is Daniel Lowry. I've got a little over 20 years experience and I've got quite a few certifications underneath my belt that are security focused. Joining us will also be a one Mr Adam Gordon. Adam, welcome to the show, sir. How are you? >> I'm good. How are you? >> I'm good. Tell us a little bit about yourself sir. >> I am Adam, I am me, you are not. So I also work with Daniel here at ITProTV. I'm an edutainer and I focus on anything and everything related to infrastructure and security. You've certainly probably seen both of us in many courses here at ITProTV. But if this is your first time watching any of our content or perhaps watching a course related to security, I want to welcome you and also tell you it's going to be a really interesting journey. You're gonna get to learn a lot of really cool things, both hands on as well as discussion based. We're gonna spend a lot of time showing you how to become a successful incident handler and response team member. As well as hopefully taking and passing the ECIH exam, if that's what your ultimate goal is. >> Awesome, I guess that's a great first question. Who is this course designed to reach? >> So when we think about potential audience, right, associated with ECIH, it can be anybody that's looking to become an incident handler, whether you're a forensics expert who perhaps is part of an IH&R team. You may be a network administration or system administration professional that's been asked to bring your expertise of infrastructure into this response effort, either perhaps virtually, perhaps full time, perhaps on demand. But whatever you do, whoever you are, if you're a manager, if you're an operator, if you're a professional just starting out and looking to learn more about incident handling and response, we welcome all of you because any and all of you can benefit from this information. >> Awesome, I guess that lends us to the what. So what exactly, at least in a condensed format, are we going to be learning in this series? >> So when we think about generally the coverage, right, the knowledge associated with ECIH and what it is involving, we're gonna be focusing on the methodologies associated with incident handling and response. How we deal with the overall process, really, at a high level, what it means to respond to an incident, what it means to ultimately identify the issues and concerns associated with that. To set up containment, to ultimately understand how to analyze, to respond, to mitigate, and then to document, tell that story through reporting and ultimately recover those systems, hopefully back to full functionality. We'll take a look at how to do that all up as a process flow. We'll look at that in different areas of our network or data center and infrastructure, organizational, operational landscapes in email, in the cloud, using web applications, talking about networking and network traffic, both wireless and wired. We'll take a look at the forensics aspects of IH&R, of incident handling and response. And we've got a special hands on section dedicated to the use of tools that are going to make you more successful and hopefully help you to understand how to implement those skills. And Dan and I are gonna walk you through showing you how to use those in a specific focused environment where you can play with them and see everything about them. >> Well, I guess that actually touches on my last question which will be, how will this information be presented to the viewer? >> So we're going to do a variety of things. We're gonna chat just like we are now. This is our normal way of interacting with you and presenting information. You'll see me and/or Daniel discuss concepts, we'll certainly engage you and show you some information on the screen. You'll see me use some PowerPoint slide decks that will magically appear highlighting information. There will be detailed episode notes for all the episodes we go through, I encourage you to take a look at those, especially if you're going to be studying for the ECIH exam. And as I mentioned, that super duper special section at the end of the course called the hands on section where Daniel and I actually open up one or more virtual machines, trot out these tools, implement them and walk you through how to use them, specifically the ones that are most likely to be asked about on the exam. So you're going to be able to not only hear about how these things work, be told about them, interact with us and hear from us and share our experiences with you about how we do this in the real world, but you're going to see both of us show you what we do and how we do it. So it's gonna be a nice mix of different capabilities and modalities. >> Well thanks so much for that Adam, I know that I'm super excited about this series. Hopefully you are now as well, and we look forward to seeing you in those upcoming episodes. >> Thank you for watching ITProTV.