CompTIA Security+: Incident Response, Digital Forensics, & Supporting Investigations

CompTIA Security+    |    Intermediate
  • 9 videos | 44m 4s
  • Includes Assessment
  • Earns a Badge
Likes 76 Likes 76
To best support a digital forensic investigation, incident response teams need to be aware of the various incident response plans and processes available to them. In this CompTIA Security+ SYO-601 course, you'll start by exploring various incident response exercises, such as tabletop sessions, walkthroughs, and simulations. Then, you'll outline three fundamental attack frameworks: MITRE, The Diamond Model of Intrusion Analysis, and the Cyber Kill Chain. Next, you'll examine different incident response plans types, including communication plans, disaster recovery plans, business continuity plans, and continuity of operation planning (COOP). You'll then identify key aspects of digital forensics, such as documentation/evidence, acquisition and integrity maintenance, preservation, e-discovery, data recovery, non-repudiation, and strategic intelligence and counterintelligence. Lastly, you'll outline how to utilize appropriate digital forensic data sources to support an investigation.


  • discover the key concepts covered in this course
    describe incident response plans and processes, such as preparation, identification, containment, eradication, recovery, and lessons learned
    survey various types of incident response exercises, including tabletop, walkthroughs, and simulations
    compare the following attack frameworks: MITRE ATT&CK, the Diamond Model of Intrusion Analysis, and Cyber Kill Chain
    define different incident response plan types used by the IRT, such as communication, disaster recovery, business continuity, and continuity of operation planning (COOP)
  • compare different types of forensic documentation and evidence, including legal holds, videos, admissibility issues, a chain of custody, and timelines of events in sequence
    describe the forensic acquisition concept, "order of volatility," and identify potential acquisition sources, such as disks, RAM, swap/pagefile, OS, firmware, and snapshots
    survey various forensic concepts, such as integrity, provenance, preservation, e-discovery, data recovery, non-repudiation, and strategic intelligence/counterintelligence
    summarize the key concepts covered in this course


  • 1m 51s
  • 8m 20s
  • Locked
    3.  Incident Response Exercises
    4m 20s
  • Locked
    4.  Attack Frameworks
    7m 48s
  • Locked
    5.  Plan Types for the Incident Response Team (IRT)
    7m 45s
  • Locked
    6.  Forensic Documentation and Evidence
    5m 18s
  • Locked
    7.  Forensic Acquisition Concepts and Sources
    3m 28s
  • Locked
    8.  Digital Forensic Techniques
    4m 29s
  • Locked
    9.  Course Summary


Skillsoft is providing you the opportunity to earn a digital badge upon successful completion on some of our courses, which can be shared on any social network or business platform.

Digital badges are yours to keep, forever.