cyber revision
cyberrev

Module objectives

Forensics & Incident Response

When prevention fails, this is the work that takes over: handle the incident calmly, preserve the evidence, and reconstruct what the attacker actually did. This module covers both the reactive forensic craft and the continuous defensive operation behind it.

By the end you will be able to:

  • Run an incident through the IR lifecycle, from preparation to lessons learned, and place any action in the right phase.
  • Handle evidence defensibly: chain of custody, integrity hashing, write blockers, and the order of volatility.
  • Work disk, memory and network evidence, and carve data back out of raw bytes.
  • Triage logs to find the attacker: brute-force attempts, encoded commands, cleared audit trails and persistence.
  • Explain how a SOC runs, how SIEM and SOAR cut through alert volume, and how findings map to MITRE ATT&CK.

The exam is practical: ten pieces of evidence to work, graded in your browser. Get seven of ten and the certificate is yours.