0345 4506120

Cyber Security Incident Response (CSIR)

This specialist-level course is for professionals who are looking to develop and improve their knowledge or ability in the Cyber Security Incident Response (CSIR) field. The course follows the CREST incident response model and focuses on the knowledge required to effectively respond to a cyber incident.

This course is the first of its kind to be available in the UK and is currently in development.


This course will enable you to:

  • Learn the knowledge required to undertake incident response activities

  • Gain confidence to identify and capturing live Operating System artefacts


Cyber security professionals or digital forensic investigators who want to extend their knowledge and skills in the CSIR field.

Learning Objectives

  • You will learn the knowledge required to respond to a cyber incident
  • You will practice all the fundamental skills needed to be an effective member of a CSIR team


You will need some experience or a good understanding of:

The CSIR process

Windows Operating Systems

Command line interface

Computer networks

Forensic investigations

Malware investigation

Course Content

The course syllabus follows the CREST CRIA knowledge requirement. A sample of course content includes:

1. Engagement Lifecycle Management

a. Benefits of Incident Response & preparation

b. Incident Response engagements, procedures & processes

2. Threat Assessment

a. Understand threat assessments and attacker motivation

3. Law & Compliance

a. Knowledge of pertinent legislation & regulatory requirements

4. Windows Operating System

a. Windows NT architecture

b. Registry & start-up locations

c. Removable storage

d. Account types & access Control

e. Executed files and associated processes

5. Networking

a. Understanding network architectures

b. IP routing

c. Windows domain

d. IEEE 802.11

e. Traffic capture

6. Cryptography

a. Encryption types

b. Hashing

c. Encryption Protocols

7. Common Data Formats

a. Understand common data formats

8. Storage Media

a. Storage media types

b. RAID basics

9. NTFS File System

a. File structures

b. ACL’s and SID’s

c. File carving

10. Open Source Investigations

a. Whois records

b. Search engines

c. Social media

d. Other online resources

11. Host Based Acquisition

a. File & Data Extraction

b. Memory Extraction

12. Malware & Investigations

a. Understanding web based attacks

b. Infection vectors, rootkits & hiding techniques

c. Live malware analysis

d. Traffic capture and unusual protocol behaviour

e. Reporting requirements

Exams & Certification

Upon successful completion of the exam, you will be awarded the Certified Cyber Security Incident Response (CSIR) qualification.  The course will also provide underpinning knowledge required to undertake the CREST CRIA certification.

Privacy Notice

In order to provide you with the service requested we will need to retain and use your contact information in accordance with our Privacy Notice. If you choose to provide us with this information you explicitly consent to us using the information as necessary to provide the request service to you. If you do not agree please do not proceed to request the service from us.

Marketing Permissions

Would you like to receive our newsletter and other information on products and services which we think will be of interest to you by email. We will always treat your information with care and in accordance with our Privacy Notice. You are free to withdraw this permission at any time.


Our Customers Include