Digital Threat Digest Insights Careers Let's talk

SOC Incident Responder

Our SOC Incident Responder training provides the required advanced knowledge and skills to allow experienced Security Operations Centre practitioners to become competent in responding to security incidents within their organisation, or its stakeholders’.


The topics covered in this course include Incident Response Methodologies and Concepts, Attacker Approach, Memory Theory, Endpoint Analysis for Incident Response and Timelines in a Digital Age.

Training is aligned to support individuals seeking to undertake the GIAC Certified Forensic Analyst (GCFA) exam.

This training can be delivered virtually, at our London or Bristol facilities, or at our clients’ premises; training is typically for group bookings only.


PGI Cyber Academy – Completion Certificate


By the end of this training, you will have learnt how to correlate events by analysing multiple hosts’ data – by using PowerShell and other enterprise methodologies. This will ensure you can work as a valuable security practitioner within a SOC, able to interrogate data, analyse security events and respond effectively to incidents.


Intermediate-level cyber security practitioners who wish to learn the knowledge and skills required to analyse security datasets and adequately prepare for and perform incident response duties. Example roles might include:

  • SOC Analysts
  • Security Analysts
  • Incident Response practitioners
  • Digital Forensics practitioners
  • Threat Hunters
  • IT staff with incident response responsibilities
Learning outcomes
  • Determine incident categories, incident responses and timelines for responses.
  • Develop best practices for incident response and incident management.
  • Measure the impact of signature implementation on viruses, malware, and attacks.
  • Utilise malware analysis concepts and methodologies.
  • Determine best practice auditing and logging procedures.
  • Learn obfuscation techniques.
  • Gain awareness of the applicable laws and your organisation’s policies and procedures relating to the collection and admissibility of digital evidence.
  • Design and implement processes for collecting, packaging, transporting, and storing electronic evidence while maintaining chain of custody.
  • Understand anti-forensics tactics, techniques, and procedures.
  • Recognise how and why adversaries abuse file type.
  • Practice using malware analysis tools.
  • Determine when malware evades virtual machine detection.
  • Learn concepts and practices of processing digital forensic data.
  • Identify, capture, contain and report malware.
  • Use intrusion detection technologies to detect host and network-based intrusions.
  • Conduct information security audits or reviews of technical systems.
  • Identify common encoding techniques.
  • Recognise vulnerabilities in security systems.
  • Use security event correlation tools effectively.
  • Analyse memory dumps to extract information.
  • Identify and extract data of forensic interest in diverse media.
  • Determine if anomalous code is malicious or benign.
  • Analyse volatile data.
  • Identify obfuscation techniques.
  • Being able to analyse malware by triage.

Ideally, analysis experience working in a security operations centre (SOC) and digital forensics or incident response training/qualification.

Knowledge of:

  • Network components, their operation and appropriate network security controls and methods.
  • Capabilities and applications of network equipment.
  • Host and network access control mechanisms.
  • How network services and protocols interact to provide network communications.
  • Host-based and network-based intrusion detection methodologies and techniques.
  • Network traffic protocols, methods, and management.
  • Packet-level analysis.
  • Components of a network attack and their relationship to threats and vulnerabilities.
  • Technology that can be exploited.
  • Information security threats, risks and issues posed by new technologies and malicious actors.
  • Common network layer attack vectors.
  • Different classes of cyber-attacks.
  • Different types of cyber attackers, their capabilities, and objectives.
  • Stages of a cyber-attack.
  • Network security architecture concepts.
  • Encryption methodologies.
  • Windows and Unix ports and services.
  • OSI model and underlying network protocols.
  • System administration concepts for operating systems used by your organisation.
  • Payment Card Industry Data Security Standards (PCI-DSS).
  • Data security standards relating to the sector your organisation operates in.
  • Use of sub-netting tools.
  • Network protocols and directory services.
  • Command-line tools.
  • Automated log analysis.
  • Confidentiality, integrity, and availability principles.
  • Hacker methodologies .
  • Attack methods and techniques.
  • Cyber threat intelligence sources and their respective capabilities.
  • Different types of organisation, team and people involved in cyber threat intelligence collection.

Skills in:

  • Using protocol analysers.
  • Using virtual machines.
  • Protecting a network against malware.
  • Using one-way hash functions.
  • Reviewing logs to identify evidence of intrusions and other suspicious behavior.
  • Using multiple search engines and tools in conducting open-source searches.

This training can be tailored to an industry or for a defined audience, with various durations. Example topics typically include:

Incident Response Methodologies and Concepts

  • Effective Tactics
  • Threat Briefing
  • Exploring the Endpoint
  • Anti-analysis Techniques
  • Common Malware Features
  • Application at Scale
  • Incident Response Methodologies and Concepts

Living off the Land

  • Leveraging Access
  • Running the code
  • Expanding Access
  • Tracking the activity

Memory Theory

  • Collecting Memory
  • Analysing the memory
  • Presenting memory-based findings

Going Prepared

  • Hiding on an end user system
  • Strategies for discovery
  • Server Execution Artefacts
  • Finding non-malware compromises

Timelines; How, what, why and when

  • Memory Timelines
  • Hard disk image Timelines
  • Multi-source Timelines

Exam Preparation