Dipende cosa intendi per principiante! Ci sono un sacco di libri molto belli sul tema dell'incident response e la parte forense.
Se hai delle basi solide di informatica e networking, posso consigliarti questo: https://www.amazon.it/Incident-Response-Computer-Forensics-Third/dp/0071798684
Here are some that I'll be ordering soon. I found these through asking the same questions as you. These are all through amazon and come highly rated. (Plus most are on sale for cheap)
Incident Response & Computer Forensics, Third Edition 3rd Edition
Rtfm: Red Team Field Manual 1.0 Edition
​
Blue Team Field Manual (BTFM) (RTFM) Paperback – January 13, 2017
​
Link without all the Amazon tracking info:
https://www.amazon.com/Incident-Response-Computer-Forensics-Third/dp/0071798684
Look for what is needed in the industry.
I started with incident Response and advanced to forensics.
Start with Gcih, it will to some extend cover forensics.
And advance from there.
There are more companies that is in the need of incident response, that of forensic.
Thats from a european perspective and of course my personal opinion.
Tip
Have a look at this book. It will cover the basics you need to advance.
https://www.amazon.com/Incident-Response-Computer-Forensics-Third/dp/0071798684
like everything else, find what interests you and make it your own :)
I can't speak to what is on the exam, but I've noticed the courses have a pretty well defined syllabus to start from; even which specific incident handling process, etc. I would use that. The book Incident Response 3rd edition is always a good start.
https://www.sans.org/cyber-security-courses/hacker-techniques-exploits-incident-handling/#results
https://www.amazon.com/Incident-Response-Computer-Forensics-Third/dp/0071798684
SANS is structured, in price, to ensure it is for corporate funded training, not for individuals (or you) to cover the cost of. It was never meant for that (even if it feels like the only choice because organizations aren't used to funding that level of training). Your company should pay for it all, or find a better program to send you to. Granted this doesn't help your situation now, but I'd make a point of it to your management about training allocation. You shouldn't have to be burdened on 'figuring it out' if they are unwilling to invest in you; or have them potentially leave you with knowledge gaps during a live incident, or a incomplete training just because they are trying to save money... as that never really ends well for either party. Also the time invested on those books to absorb the material, which cover also different areas which are potentially beneficial or not, is more time than actually taking the course in that week in a more ~~un~~structured fashion... which is a different burden for you and the company. I'm assuming you'd do the nights and weekends studying since the org doesn't seem up to allow you study time (or you feel pressured to not interrupt work responsibilities). Sans won't make you amazing, but you do get what you put in. This also means that if you have a week off-site, you actually get to study the material instead of distract yourself with studying while you work.
I've done the live training earlier in 2014, it was pretty much death by PowerPoint with the audio recording… so the real benefit i see for that type of training is the in-person conversations on site with those who practice it. The networking itself is worth its weight in gold. Rob Lee and Mike Pilkington are both great people, their classes I would endorse. The GCIA is probably a big more straight forward since it is ports/protocols, but obviously harder due to the rote memorization.
https://www.sans.org/cyber-security-courses/intrusion-detection-in-depth/
Mandiant, a FireEye Company
Job Type: Full time
Location: Canada, Toronto, Montreal, Vancouver, Winnipeg, Calgary
(Toronto ideal, but any location in Canada can be considered)
About Mandiant
We are the consulting services component within the larger FireEye organization. Mandiant is the company that wrote the book on Incident Response (literally <em>THE</em> book). The corporate culture in the Canadian office is great, with employee success and happiness focused on heavily. We work in a collaborative environment and will ensure you receive the support and mentorship to develop your skills as well as deliver benefit to the clients.
Incident Response Consultant
Incident Response consultants are the technical experts who get called in when a major organization has been the victim of a cyber attack. Mandiant technology is rapidly deployed to the client environment, and then it becomes a fast-paced crunch against time to figure out where the hackers are in the network, how they got in, what they may have stolen, and how to get them out. Being a digital detective requires understanding various system artifacts, being able to learn and adapt quickly as-needed, and having a natural curiosity which is driven by passion.
We are looking for incident response consultants at three levels, Associate Consultant, Consultant and Senior Consultant. Below are listings for the Associate, and Senior Consultant positions, however on the FireEye Careers page you can find examples for other positions. (To give some context, roughly, an Associate level is fresh out of school or 1-3 years of experience, a Consultant is about 2-5 years of experience, and a Senior Consultant is typically 5+ years of experience).
We're looking for people who
Senior Incident Response Consultant Posting
We're looking for people who
Strategic Services Consultant
Strategic consultants focus on helping organizations assess their security programs and develop and mature those programs. These types of engagements are more aligned with typical consulting services, such as Strategic Program Assessments and Security Operations Centre development of Incident Response Plans, Playbooks, Use Cases, etc.
The general idea is that a strategic consultant
We are looking for strategic consultants at three levels, Associate Consultant, Consultant and Senior Consultant. Below is a listing for the Senior Consultant position, however on the FireEye Careers page you can find examples for other positions. (To give some context, roughly, an Associate level is fresh out of school or 1-3 years of experience, a Consultant is about 2-5 years of experience, and a Senior Consultant is typically 5+ years of experience).
Senior Information Security Consultant Posting
To apply please PM directly
> Reminder, this post is seeking Canadian applicants.For US/International based applications, please apply directly on the FireEye Careers website to the appropriate posting.
This book is also given out in the class.
Source: Multiple Co-workers took the course recently.