The Intermediate Incident Response course develops hands-on skills for identifying, investigating, and responding to security incidents in enterprise environments. Students learn to apply structured incident response methodology to real-world intrusions affecting Windows and Linux systems, including unauthorized access, malware execution, persistence, and lateral movement. The course emphasizes evidence handling, live response, artifact analysis, timeline reconstruction, and scoping impact while maintaining forensic integrity. Students conclude with a Culmination Exercise (CULEX) requiring them to investigate an active intrusion and produce structured investigative findings.
Intended Audience: Cyber defenders, incident responders, threat hunters, and security practitioners who possess foundational networking and operating system knowledge and are ready to develop practical, hands-on incident response skills.