Learn to Master Forensic Analysis and Incident Response Using Cisco CyberOps Technologies in the CBRFIR Course

Download Course Contents

Conducting Forensic Analysis and Incident Response Using Cisco CyberOps Technologies (CBRFIR) Course Overview

The Cisco CyberOps Technologies (CBRFIR) course provides students with a comprehensive understanding of the concepts and techniques used in conducting forensic analysis and incident response. This course provides the knowledge required to collect digital evidence from a variety of systems and apply forensic techniques to analyze the data.
The topics covered in the course include: digital forensics examination, incident response, evaluating evidence, responding to security incidents, investigation techniques, computer invasion methods, network forensics and analysis, locating vulnerabilities, and applying digital forensics for investigative reporting. The course also provides hands-on experience with a Cisco CyberOps lab environment.
This course is intended for anyone who needs to understand how to respond to a cyber-security incident. It is particularly useful for those working in information security, IT security, forensics investigations, threat intelligence and incident response. The course is also beneficial to those who need to develop an understanding of cybercrime and its investigation.

This is a Rare Course and it can be take up to 3 weeks to arrange the training.


The 1-on-1 Advantage

Get 1-on-1 session with our expert trainers at a date & time of your convenience.

Flexible Dates

Start your session at a date of your choice-weekend & evening slots included, and reschedule if necessary.

4-Hour Sessions

Training never been so convenient- attend training sessions 4-hour long for easy learning.

Destination Training

Attend trainings at some of the most loved cities such as Dubai, London, Delhi(India), Goa, Singapore, New York and Sydney.

You will learn:

Module 1: Fundamentals
  • Analyze the components needed for a root cause analysis report
  • Describe the process of performing forensics analysis of infrastructure network devices
  • Describe antiforensic tactics, techniques, and procedures
  • Recognize encoding and obfuscation techniques (such as, base 64 and hex encoding)
  • Describe the use and characteristics of YARA rules (basics) for malware identification, classification, and documentation
  • Describe the role of:
  • Describe the issues related to gathering evidence from virtualized environments (major cloud vendors)
  • Recognize the methods identified in the MITRE attack framework to perform fileless malware analysis
  • Determine the files needed and their location on the host
  • Evaluate output(s) to identify IOC on a host
  • Determine the type of code based on a provided snippet
  • Construct Python, PowerShell, and Bash scripts to parse and search logs or multiple data sources (such as, Cisco Umbrella, Sourcefire IPS, AMP for Endpoints, AMP for Network, and PX Grid)
  • Recognize purpose, use, and functionality of libraries and tools (such as, Volatility, Systernals, SIFT tools, and TCPdump)
  • Interpret alert logs (such as, IDS/IPS and syslogs)
  • Determine data to correlate based on incident type (host-based and network-based activities)
  • Determine attack vectors or attack surface and recommend mitigation in a given scenario
  • Recommend actions based on post-incident analysis
  • Recommend mitigation techniques for evaluated alerts from firewalls, intrusion prevention systems (IPS), data analysis tools (such as, Cisco Umbrella Investigate, Cisco Stealthwatch, and Cisco SecureX), and other systems to responds to cyber incidents
  • Recommend a response to 0 day exploitations (vulnerability management)
  • Recommend a response based on intelligence artifacts
  • Recommend the Cisco security solution for detection and prevention, given a scenario
  • Interpret threat intelligence data to determine IOC and IOA (internal and external sources)
  • Evaluate artifacts from threat intelligence to determine the threat actor profile
  • Describe capabilities of Cisco security solutions related to threat intelligence (such as, Cisco Umbrella, Sourcefire IPS, AMP for Endpoints, and AMP for Network)
  • Describe antiforensic techniques (such as, debugging, Geo location, and obfuscation)
  • Analyze logs from modern web applications and servers (Apache and NGINX)
  • Analyze network traffic associated with malicious activities using network monitoring tools (such as, NetFlow and display filtering in Wireshark)
  • Recommend next step(s) in the process of evaluating files based on distinguished characteristics of files in a given scenario
  • Interpret binaries using objdump and other CLI tools (such as, Linux, Python, and Bash)
  • Describe the goals of incident response
  • Evaluate elements required in an incident response playbook
  • Evaluate the relevant components from the ThreatGrid report
  • Recommend next step(s) in the process of evaluating files from endpoints and performing ad-hoc scans in a given scenario
  • Analyze threat intelligence provided in different formats (such as, STIX and TAXII)
Live Online Training (Duration : 40 Hours) Fee On Request
We Offer :
  • 1-on-1 Public - Select your own start date. Other students can be merged.
  • 1-on-1 Private - Select your own start date. You will be the only student in the class.

4 Hours
8 Hours
Week Days

Start Time : At any time

12 AM
12 PM

1-On-1 Training is Guaranteed to Run (GTR)
Group Training
Date On Request
Course Prerequisites

• Knowledge in networking, networking troubleshooting, and TCP/IP
• Knowledge of basic Linux commands and shell scripting
• Ability to read and interpret CCNA-level configurations and log entries
• Understanding of advanced malware and analysis techniques, including advanced packet capture
• Ability to read and interpret Palo Alto Networks, Check Point, SourceFire and similar network-based security products
• Understanding of Cisco CyberOps technologies such as Cisco CyberOps Workcenter and the CyberOps Analyst
• Experience using Cisco Packet Tracer and GNS3 for simulations

Target Audience

The target audience for conducting Forensic Analysis and Incident Response Using Cisco CyberOps Technologies (CBRFIR) training is system administrators and IT professionals such as network engineers, security professionals, and information security analysts and managers
This training is ideal for those already involved in incident response and forensics or wishing to begin incorporating forensics in their response practices
Experience with Cisco technologies or other security fundamentals is recommended prior to course enrollment as this course will focus specifically on the technologies used for investigating threats and responding to incidents
Knowledge of TCP/IP networking and familiarity with the command line and web interface of the targeted system components is required
Additionally, those interested in passing the CNS-207 exam administered by Cisco would benefit from attending this course

Learning Objectives of Conducting Forensic Analysis and Incident Response Using Cisco CyberOps Technologies (CBRFIR)

1. Understand the fundamentals of incident response process, forensics and malware analysis
2. Learn how to collect, analyse and preserve digital evidence when responding to security incidents
3. Develop skills in deep packet inspection (DPI) and log analysis
4. Understand how to identify the source and nature of malicious traffic
5. Gain the skills to investigate and contain incidents
6. Appreciate security automation practices, policies and procedures
7. Gain experience in using the Cisco Security Suite
8. Learn how to build an effective cyber forensics plan.
9. Become adept at monitoring system and network activities
10. Understand the importance of responding to, investigating, and remediating incidents promptly.


1-on-1 Public - Select your start date. Other students can be merged.
1-on-1 Private - Select your start date. You will be the only student in the class.
Yes, course requiring practical include hands-on labs.
You can buy online from the page by clicking on "Buy Now". You can view alternate payment method on payment options page.
Yes, you can pay from the course page and flexi page.
Yes, the site is secure by utilizing Secure Sockets Layer (SSL) Technology. SSL technology enables the encryption of sensitive information during online transactions. We use the highest assurance SSL/TLS certificate, which ensures that no unauthorized person can get to your sensitive payment data over the web.
We use the best standards in Internet security. Any data retained is not shared with third parties.
You can request a refund if you do not wish to enroll in the course.
To receive an acknowledgment of your online payment, you should have a valid email address. At the point when you enter your name, Visa, and other data, you have the option of entering your email address. Would it be a good idea for you to decide to enter your email address, confirmation of your payment will be emailed to you.
After you submit your payment, you will land on the payment confirmation screen.It contains your payment confirmation message. You will likewise get a confirmation email after your transaction is submitted.
We do accept all major credit cards from Visa, Mastercard, American Express, and Discover.
Credit card transactions normally take 48 hours to settle. Approval is given right away; however,it takes 48 hours for the money to be moved.
Yes, we do accept partial payments, you may use one payment method for part of the transaction and another payment method for other parts of the transaction.
Yes, if we have an office in your city.
Yes, we do offer corporate training More details
Yes, we do.
Yes, we also offer weekend classes.
Yes, Koenig follows a BYOL(Bring Your Own Laptop) policy.
It is recommended but not mandatory. Being acquainted with the basic course material will enable you and the trainer to move at a desired pace during classes.You can access courseware for most vendors.
Yes, this is our official email address which we use if a recipient is not able to receive emails from our @koenig-solutions.com email address.
Buy-Now. Pay-Later option is available using credit card in USA and India only.
You will receive the digital certificate post training completion via learning enhancement tool after registration.
Yes you can.
Yes, we do. For details go to flexi
You can pay through debit/credit card or bank wire transfer.
Yes you can request your customer experience manager for the same.
Yes, fee excludes local taxes.
Yes, we do.
Yes, Koenig Solutions is a Cisco Learning Partner
Schedule for Group Training is decided by Koenig. Schedule for 1-on-1 is decided by you.
In 1 on 1 Public you can select your own schedule, other students can be merged. Choose 1-on-1 if published schedule doesn't meet your requirement. If you want a private session, opt for 1-on-1 Private.
Duration of Ultra-Fast Track is 50% of the duration of the Standard Track. Yes(course content is same).

Prices & Payments

Yes of course.
Yes, We are

Travel and Visa

Yes we do after your registration for course.

Food and Beverages



Says our CEO-
“It is an interesting story and dates back half a century. My father started a manufacturing business in India in the 1960's for import substitute electromechanical components such as microswitches. German and Japanese goods were held in high esteem so he named his company Essen Deinki (Essen is a well known industrial town in Germany and Deinki is Japanese for electric company). His products were very good quality and the fact that they sounded German and Japanese also helped. He did quite well. In 1970s he branched out into electronic products and again looked for a German name. This time he chose Koenig, and Koenig Electronics was born. In 1990s after graduating from college I was looking for a name for my company and Koenig Solutions sounded just right. Initially we had marketed under the brand of Digital Equipment Corporation but DEC went out of business and we switched to the Koenig name. Koenig is difficult to pronounce and marketeers said it is not a good choice for a B2C brand. But it has proven lucky for us.” – Says Rohit Aggarwal (Founder and CEO - Koenig Solutions)
All our trainers are fluent in English . Majority of our customers are from outside India and our trainers speak in a neutral accent which is easily understandable by students from all nationalities. Our money back guarantee also stands for accent of the trainer.
Medical services in India are at par with the world and are a fraction of costs in Europe and USA. A number of our students have scheduled cosmetic, dental and ocular procedures during their stay in India. We can provide advice about this, on request.
Yes, if you send 4 participants, we can offer an exclusive training for them which can be started from Any Date™ suitable for you.