需要一些关于良好的IR动手训练的建议

Question

有没有人知道是否有任何良好的现场培训事件反应和数字取证，或认证，我需要采取，以获得更多的动手经验？谢谢，如有任何有用的信息，我们将不胜感激。

Answer 1

一个很好的起点是开放安全培训。尽管网站设计，他们有一些高质量的材料，为您工作通过。

正如你所提到的，你也需要一些亲身体验。在网上寻找挑战可以帮助解决这个问题。您可以查看测试图像 (有些将是旧的，但仍然有用！)或者，如果你比数字取证更多地关注事件反应，蜜网挑战和恶意软件流量分析练习。

Answer 2

在IronGeek (或YouTube，免费)上：

• http://www.irongeek.com/i.php?page=videos/louisvilleinfosec2015/04-memory-acquisition-in-digital-forensics-and-incident-response-jason-hale
• http://www.irongeek.com/i.php?page=videos/derbycon2/brett-cunningham-beyond-strings-memory-analysis-during-incident-response
• http://www.irongeek.com/i.php?page=videos/grrcon2015/bumper-massage00-security-incident-response-derek-milroy
• http://www.irongeek.com/i.php?page=videos/derbycon3/s206-diy-forensics-when-incident-response-morphs-into-digital-forensics-john-sammons
• http://www.irongeek.com/i.php?page=videos/bsidescleveland2012/automating-incident-response-mick-douglas
• http://www.irongeek.com/i.php?page=videos/centralohioinfosec2015/modern-approach-to-incident-response-james-carder-and-jessica-hebenstreit
• http://www.irongeek.com/i.php?page=videos/circlecitycon2014/215-ten-commandments-of-incident-response-for-hackers-lesley-carhart
• http://www.irongeek.com/i.php?page=videos/derbycon4/t322-advanced-incident-response-with-bro-liam-randall-hectaman
• http://www.irongeek.com/i.php?page=videos/bsidescleveland2012/netflow-for-incident-response-jamison-budacki
• http://www.irongeek.com/i.php?page=videos/bsidesboston2015/205-next-gen-incident-management-building-out-a-modern-incident-management-capability-john-mcdonald
• http://www.irongeek.com/i.php?page=videos/derbycon2/3-2-4-jamie-murdock-how-to-create-a-one-man-soc
• http://www.irongeek.com/i.php?page=videos/circlecitycon2015/300-operationalizing-yara-chad-robertson
• http://www.irongeek.com/i.php?page=videos/converge2015/track102-adaptive-monitoring-and-detection-for-todays-landscape-jamie-murdock
• http://www.irongeek.com/i.php?page=videos/securewv2015/securewv06-the-art-of-post-infection-response-and-mitigation-caleb-j-crable

关于SafariBooksOnline视频(月薪访问)：

• http://my.safaribooksonline.com/video/networking/forensic-analysis/9780132853835
• http://my.safaribooksonline.com/video/networking/forensic-analysis/9781466695917
• http://my.safaribooksonline.com/video/networking/forensic-analysis/9781771370615
• http://my.safaribooksonline.com/video/networking/security/9781466695979

关于Udemy (一次性付费访问)：

• https://www.udemy.com/ifci-expert-cybercrime-investigators-course/
• https://www.udemy.com/surviving-digital-forensics-memory-analysis-1/
• https://www.udemy.com/digital-evidence-acquisition-protecting-your-case/
• https://www.udemy.com/surviving-digital-forensics-ram-extraction-fundamentals/
• https://www.udemy.com/surviving-digital-forensics-memory-analysis-2/
• https://www.udemy.com/surviving-digital-forensics-imaging-a-mac-fusion-drive/
• https://www.udemy.com/draft/94110/
• https://www.udemy.com/reconcertification/

在PluralSight上(一次付费访问或每月访问)：

• https://www.pluralsight.com/courses/digital-forensics-tools-kali-linux-imaging-hashing

在Lynda上(通过LinkedIn，一次付费或月薪访问)：

• http://www.lynda.com/Developer-tutorials/Computer-Forensics-Essential-Training/170337-2.html

Answer 3

SANS培训是很棒的：https://www.sans.org/course/advanced-incident-response-threat-hunting-training

即使仅仅服用GCUX，经过1天的IR训练，也是非常有效的。

免费博客：https://digital-forensics.sans.org/blog