Masterclass: Forensics and Incident Handling with Paula Januszkiewicz

Live Virtual Class – Super Intensive Remote Training with Labs!
February 15th – 19th, 2020 (9:00am – 4:00pm CEST Monday to Friday)

Registration is Closed - Ask about the next Class


This is an international Live Virtual Class, which means you will share the learning experience in a group of IT pros from around the world! The class is taught in English by Paula Januszkiewicz, who is a world-renowned cybersecurity Expert, the founder of CQURE and CQURE Academy, and Microsoft Regional Director and MVP. Remember that this course is limited to 12 participants total to ensure the highest quality and unique learning experience! During this course you will have an opportunity to interact with the instructor and get Paula’s help with any problems you might encounter, just as if it was a regular class.

Loads of Knowledge
Forensics and Incident Handling are constantly evolving and crucial topics in the area of cybersecurity. In order to stay on top of the attackers, the knowledge of Individuals and Teams responsible for collecting digital evidences and handling the incidents has to be constantly enhanced and updated. This advanced training provides skills necessary to find, collect and preserve data in a correct manner, analyze it and get to know as much about the incident as possible. This is an intense hands-on course covering the general approach to forensics and incident handling, network forensics, important aspects of Windows internals, memory and storage analysis, detecting indicators of compromise and a proper way of reporting. The course is limited to 12 participants, so reserve your spot today!

Intense exercises:
This course is packed with unique labs exercises! To get more practice we offer three extra weeks of labs online!After the training concludes, you may practice even more and repeat to consolidate newly gained skills and knowledge.

This course is ideal for:
IT professionals, Forensics and Incident Handling Specialists, Security Consultants, Enterprise Administrators, Infrastructure Architects, Security Professionals, Systems Engineers, Network Administrators and other people responsible for implementing network and perimeter security.

Platform and Technical Requirements:
To participate in the course you need a Stable internet connection. For the best learning experience we also need you to have a webcam, headphones and a microphone. Open RDP port 3391 for the connection to the Lab environment is needed as well. We will setup a secure Zoom classroom for every day of the course – we will send you a safe link to join the conference by e-mail.

After finishing the course, you will be granted a CQURE Certificate of Completion. Please note that after completing the course you will also be eligible to claim CPE points!

Tools, software and examples used during the course:

• Belkasoft RAM Capturer • StuxNet Memory Dump • Registry Explorer/RECmd • The Sleuth Kit® (TSK)
• Autopsy • DumpIt • DC3DD • Arsenal Image Mounter
• Reclaim Me • ReFS Images • SysInternals Toolkit • ShadowCopyView
• RegRipper • Rifiuti2 • Volatility • FullEventLogView
• EVTXtract • Loki IOC Scanner • Yara • LECmd
• LinkParser • PECmd • SkypeLogViewer • SQLiteBrowser
• NetWork Miner • Wireshark


Module 1

Introduction to Incident Handling

  • a) Types and Examples of Cybersecurity Incidents
  • b) Signs of an Incident
  • c) Incident Prioritization
  • d) Incident Response and Handling Steps
  • e) Procedures and Preparation

Module 2

Module 2: Securing Monitoring Operations

  • a) Industry Best Practices
  • b) Detecting Malware via DNS logs
  • c) Configuration Change Management
  • d) Leveraging Proxy and Firewall Data
  • e) Monitoring Critical Windows Events
  • f) Detecting Malware via Windows
    Event Logs

Module 3

Module 3: Network Forensics and Monitoring

  • a) Types and approaches to network monitoring
  • b) Network evidence acquisition
  • c) Network protocols and Logs
  • d) LAB: Detecting Data Thievery
  • e) LAB: Detecting WebShells
  • f) Gathering data from network security appliances
  • g) Detecting intrusion patterns and attack indicators
  • h) Data correlation
  • i) Hunting malware in network traffic
  • j) Encoding and Encryption

Module 4

Module 4: Windows Internals

a) Introduction to Windows Internals

b) Fooling Windows Task Manager

  • c) Processes and threads
  • d) PID and TID
  • e) Information gathering from the running operating system
  • f) Obtaining Volatile Data
  • g) A deep dive to Autoruns
  • h) Effective permissions auditing
  • i) PowerShell get NTFS permissions
  • j) Obtaining permissions information with AccessChck
  • k) Unnecessary and malicious services
  • l) Detecting unnecessary services with PowerShell


Module 5

Module 5: Memory Dumping and Analysis

  • a) Introduction to memory dumping and analysis
  • b) Creating memory dump – Belkasoft RAM Capturer and DumpIt
  • c) Utilizing Volatility to analyze Windows memory image
  • d) Analyzing Stuxnet memory dump with Volatility
  • e) Automatic memory analysis with Volatile

Module 6

Module 6: Indicators of compromise

  • a) Yara rules language
  • b) Malware detonation
  • c) Introduction to reverse engineering

Module 7

Module 7: Storage Acquisition and Analysis

  • a) Introduction to storage acquisition and analysis
  • b) Drive Acquisition
  • c) Mounting Forensic Disk Images
  • d) Introduction to NTFS File System
  • e) Windows File System Analysis
  • f) Autopsy with other filesystems
  • g) Building timelines

Module 8

Module 8: Reporting – Digital Evidence

This module covers the restrictions and important details about digital evidence gathering. Moreover, a proper structure of digital evidence report will be introduced.

Module 9

Registration is Closed - Ask about the next Class

Click here to browse the modules:


Paula Januszkiewicz

Founder & CEO of CQURE

The course is delivered by Paula Januszkiewicz, CEO of CQURE, a world-renowned expert in the cyber security field with practical knowledge from dozens of successful projects, years of real-world experience, great teaching skills, and no mercy for misconfigurations or insecure solutions.