0845 450 6120

Cyber Security Incident Response (CSIR)

This specialist-level course is for professionals who are looking to develop and improve their knowledge or ability in the Cyber Security Incident Response (CSIR) field. The course follows the CREST incident response model and focuses on the knowledge required to effectively respond to a cyber incident.

This course is the first of its kind to be available in the UK and is currently in development.


This course will enable you to:

  • Learn the knowledge required to undertake incident response activities

  • Gain confidence to identify and capturing live Operating System artefacts


Cyber security professionals or digital forensic investigators who want to extend their knowledge and skills in the CSIR field.


Learning Objectives

  • You will learn the knowledge required to respond to a cyber incident
  • You will practice all the fundamental skills needed to be an effective member of a CSIR team


You will need some experience or a good understanding of:

The CSIR process

Windows Operating Systems

Command line interface

Computer networks

Forensic investigations

Malware investigation

Course Content

The course syllabus follows the CREST CRIA knowledge requirement. A sample of course content includes:

1. Engagement Lifecycle Management

a. Benefits of Incident Response & preparation

b. Incident Response engagements, procedures & processes

2. Threat Assessment

a. Understand threat assessments and attacker motivation

3. Law & Compliance

a. Knowledge of pertinent legislation & regulatory requirements

4. Windows Operating System

a. Windows NT architecture

b. Registry & start-up locations

c. Removable storage

d. Account types & access Control

e. Executed files and associated processes

5. Networking

a. Understanding network architectures

b. IP routing

c. Windows domain

d. IEEE 802.11

e. Traffic capture

6. Cryptography

a. Encryption types

b. Hashing

c. Encryption Protocols

7. Common Data Formats

a. Understand common data formats

8. Storage Media

a. Storage media types

b. RAID basics

9. NTFS File System

a. File structures

b. ACL’s and SID’s

c. File carving

10. Open Source Investigations

a. Whois records

b. Search engines

c. Social media

d. Other online resources

11. Host Based Acquisition

a. File & Data Extraction

b. Memory Extraction

12. Malware & Investigations

a. Understanding web based attacks

b. Infection vectors, rootkits & hiding techniques

c. Live malware analysis

d. Traffic capture and unusual protocol behaviour

e. Reporting requirements

Exams & Certification

Upon successful completion of the exam, you will be awarded the Certified Cyber Security Incident Response (CSIR) qualification.  The course will also provide underpinning knowledge required to undertake the CREST CRIA certification.

One Month
Two Months
Three Months
More than Three Months
PRINCE2 Foundation & Practitioner
MSP Foundation & Practitioner
APMP Certificate
ITIL Foundation
Scrum in One Day
Certified ScrumMaster
ISTQB Software Test Foundation
Microsoft Project
BCS Business Analysis Practice
Other - Please Specify Below

Our Customers Include