When will I have access to the lectures and assignments?

To access the course materials, assignments and to earn a Certificate, you will need to purchase the Certificate experience when you enroll in a course. You can try a Free Trial instead, or apply for Financial Aid. The course may offer 'Full Course, No Certificate' instead. This option lets you see all course materials, submit required assessments, and get a final grade. This also means that you will not be able to purchase a Certificate experience.

What will I get if I subscribe to this Specialization?

When you enroll in the course, you get access to all of the courses in the Specialization, and you earn a certificate when you complete the work. Your electronic Certificate will be added to your Accomplishments page - from there, you can print your Certificate or add it to your LinkedIn profile.

Is financial aid available?

Yes. In select learning programs, you can apply for financial aid or a scholarship if you can’t afford the enrollment fee. If fin aid or scholarship is available for your learning program selection, you’ll find a link to apply on the description page.

CFR: Incident Analysis, Response, and Forensics

This course is part of CyberSec First Responder (Exam CFR-410) Specialization

Instructor: Bill Rosenthal

Included with

Learn more

4 modules

Gain insight into a topic and learn the fundamentals.

1 week to complete

at 10 hours a week

Flexible schedule

Learn at your own pace

4 modules

Gain insight into a topic and learn the fundamentals.

1 week to complete

at 10 hours a week

Flexible schedule

Learn at your own pace

What you'll learn

You will perform active asset and network analysis to detect incidents, respond to incidents, and investigate incidents using forensic analysis.

Skills you'll gain

Tools you'll learn

Details to know

Shareable certificate

Add to your LinkedIn profile

See how employees at top companies are mastering in-demand skills

Learn more about Coursera for Business

logos of Petrobras, TATA, Danone, Capgemini, P&G and L'Oreal

Build your subject-matter expertise

This course is part of the CyberSec First Responder (Exam CFR-410) Specialization

When you enroll in this course, you'll also be enrolled in this Specialization.

Learn new concepts from industry experts
Gain a foundational understanding of a subject or tool
Develop job-relevant skills with hands-on projects
Earn a shareable career certificate

There are 4 modules in this course

To round out your skills as a cybersecurity practitioner, you'll analyze incidents and indicators of compromise (IOCs) using Windows- and Linux-based tools. Then, you'll deploy an incident handling and response architecture, mitigate incidents, and hand over incident information to forensic personnel. Lastly, you'll investigate cybersecurity incidents by applying a forensic investigation plan, securely collecting and analyzing electronic evidence, and following up on the results of an investigation.

This is the fourth and final course in a multi-course Specialization. All of the courses in this Specialization require that you purchase the CFR-410 LogicalLABS, which are interactive, browser-based virtual labs that simulate the activity environment. These labs are already set up with the data files, networking, and system configurations required to perform the activities. With the coupon code provided in the first course for 25% off, the labs cost approximately $60. If you already purchased the labs for the first course, you're all set.

Module details

The analysis you perform on log data is important, but it tends to remain static. Most of the intelligence you'll be gathering and analyzing from logs will be actionable only after the event is either underway or already finished. So, to complement this static analysis, you need something a bit more dynamic. That's why, in this lesson, you'll take a more active approach to analyzing your organizational assets.

What's included

1 reading5 plugins

Now that you've performed a comprehensive analysis of your network and other assets, you need to prepare for what much of this analysis will reveal—the reality of a security incident affecting your organization. Responding quickly, yet cautiously, to the inevitable can make all the difference in preventing serious, long-term harm to the organization.

What's included

5 plugins

Following a cybersecurity incident, you may be called on to perform forensic analysis, such as collecting evidence and determining how and why the incident occurred, and who caused it.