Advanced · Course

Incident Response & Forensics

Detect, analyse, and respond to security incidents with hands-on forensic analysis and threat hunting techniques in realistic simulation environments.

36 hours Dr. Amara Okafor

Incident Response & Forensics prepares you to act when prevention fails. In 36 hours you learn to detect, contain, analyse, and recover from security incidents — and to gather the forensic evidence that explains exactly what happened and how to stop it recurring.

Who this course is for

It suits security analysts, SOC team members, and system administrators who may be first responders when something goes wrong. A foundation in networking and systems administration is recommended.

What you will be able to do

You will run the full incident lifecycle — preparation, detection, containment, eradication, recovery, and the post-incident review that prevents recurrence. You will perform host and network forensics, collect and preserve artefacts to a defensible standard, build accurate timelines, and proactively hunt for threats that evaded the first line of defence.

How it is taught

You work through realistic simulated breaches in the lab, practising both the technical analysis and the calm, methodical process that effective response demands. The course ends with a full incident scenario you handle end to end, from first alert to lessons-learned report.

You leave ready to be a dependable responder — the person who brings order and evidence to a chaotic situation.

Curriculum

01

The incident lifecycle

Preparation, detection, containment, eradication, recovery, lessons learned.

02

Triage & scoping

Quickly determining what happened and how far it spread.

03

Host & network forensics

Collecting and analysing artefacts; building defensible timelines.

04

Threat hunting

Proactively searching for adversaries that evaded detection.

05

Recovery & hardening

Restoring safely and closing the gaps that allowed the incident.

06

Simulated breach capstone

Respond to a full incident scenario, end to end.

Frequently asked questions

How is this different from the Digital Forensics course?

This course covers the full incident response lifecycle with forensics as one component. The Digital Forensics course goes deeper into evidence recovery and analysis for investigations and legal proceedings.

Will I work on realistic scenarios?

Yes. The course is built around simulated breaches, and the capstone is a full end-to-end incident you respond to under realistic conditions.

Enrol in this course All courses