Cyber Security

CyberSec First Responder™

Capture and analyse artifacts that are critical during an incident investigation.

Upcoming Course Dates

View all course dates

There are currently no dates scheduled for this course, or in the city selected.
Try viewing all dates & locations or else contact us for more information.



CyberSec First Responder™

The CyberSec First Responder™ Certificate Course is designed to equip the organisation’s IT staff members with the capability and knowledge to be able to respond to an incident in an effective and timely manner. Knowing how to act promptly during an incident can significantly reduce the incident’s negative impact and ensure that an incident response investigation can be performed without delay. 

The two-day training is a technical and hands on workshop that will introduce attendees to various open source and free tools that can be used to capture and analyse artifacts that are critical during an incident investigation.

Classes available both Face-to-Face (Melbourne and Sydney) and also Live Virtual.

Learning Outcomes

This course is designed to:

  • Ensure that staff members who are on the front lines of responding to incidents as they occur are well equipped to perform this critical role
  • Provide front line staff members the knowledge on how to satisfactorily collect forensic evidence

Who Should Attend

This course is intended for:

  • Technical staff members who are tasked to first respond to cyber security incidents. Typical roles include:
    • Systems Engineer
    • Systems Administrator
    • Systems Analyst
    • Network Engineer
    • Network Administrator
    • Network Analyst
    • Helpdesk Level 1 & 2
    • Security Analyst
    • Threat Analyst
    • Infrastructure Manager
    • IT Manager
  • Anyone involved in Governance or Risk and who needs to gain a better understanding of how an attacker thinks

Course Contents

Phase 1: Introduction to Incident Response

  • Common pitfalls
    • Common pain points that organisation make with regards to incidents
  • Prevalent threats/attacks
    • Who are the threat actors
    • What are the most common attack that are currently used
  • What is an incident and how to prepare for it
    • Incident life cycle
    • Regulatory bodies and Law
  • Evidence handling best practices
    • Chain of custody discussion
    • Forensics go kit
  • War stories and scenarios
    • Sharing of war stories and their root cause
    • What could have been done better to prevent the incident

Phase 2: How Hackers Do It

  • Introduction to malwares
    • Type of malwares
    • Common protection against malwares
  • Common attack techniques and lifecycle
    • Common attacker behavoiur
    • Typical attack lifecycle

Phase 3: Data Collection (demo / hands on)

  • Disk image gathering
    • Introduction to tools used for disk image creation
    • Demo and hands on workshop on creating disk images
  • Memory image gathering
    • Introduction to tools used for memory dump collection
    • Demo and hands on workshop on memory dump collection

Phase 4: Introduction to Forensic Analysis

  • Autopsy 101
    • Introduction to forensic analysis tools
    • Demo and hands on workshop on using the tool called Autopsy
  • Basics of memory forensics
    • Introduction to memory forensics analysis tools
    • Demo and hands on workshop on using memory analysis tools

Phase 5: Cloud IR

  • Triaging incidents in the cloud
    • Conducting M365 incident response

Phase 6: Google-Fu (optional, if time permits)

  • Using Open Source Intelligence (OSINT) in incident investigation
    • How can public data be used during an incident investigation
  • Excellent course for someone with minimal exposure to Cybersecurity. A large amount of data over a compressed timeframe but I cant think of a better way to present it.
    Based on the fact Zoom is not predominately a learning tool I believe this was probably the best training experience I have had with it and the training has been adapted well.
    Excellent courseware and communication from ALC.

    Live Virtual Training | 2022


CSF+P Cyber Security Foundation+Practitioner

read more


CyberSec First Responder™ Course (2 days) + Certificate Exam

  • Contact ALC

Fee Includes:

  • Comprehensive ALC course workbook
  • CyberSec First Responder Exam

Additional Requirements:

Attendees should bring a Windows-based notebook to be used as a test machine for the hands-on part of the course.

Exam Information

The exam comprises:

  • Multiple choice examination questions
  • 45 questions
  • 27 marks required to pass (out of 45 available) – 60%
  • 60 minutes duration
  • Closed book.

The exam will be held at the end of the course. For Face-to-Face classes it will be a paper-based exam and for Live Virtual classes it will be an online exam.

Private Training for Your Team

The CyberSec First Responder™ workshop is ideal for private presentation just for your own team. The course can be fully customised and can be presented in full 2-day format or one-day condensed format. Please contact us for more details.