• Office Location HCJM+44 Muscat
  • Email info@aca.om
  • Phone +968 24990900 | +968 24990901

Cybersecurity – Incident response After a cyber-attack

The « Forensic Investigation – Incident Response after a cyber-attack» course allows you to test and learn Forensic investigation methodology to be applied on information systems. Its goal is to deliver the first and essential actions to recover some legally exploitable information, collect clues, make an quick analysis in case of an eventual hacking and/or supply first information for a specialized team. The training methodology puts practice at the heart of learning to improve the acquisition of experience and knowledge.


Each apprentice has a computer with virtual machines to investigate.
Several Hands on exercices.
The course also embeds feedback from Thales experience on Cybersecurity tools, devices, projects and solutions.


After the course, the students know :

  • Juridical aspects and Forensic investigation rules
  • Common Forensic investigation methods
  • Techniques to recover information
  • Techniques to analyse information
  • Investigation, recovery and analyse tools
  • Common hardening rules to apply
  • Best practices to interact with qualified Organizations

Course Content

Goals and interests
  • Recent Forensic investigation examples
  • Investigation processes
  • Juridical aspects of Forensic investigation
Malwares awareness
  • Overview of Malwares in our IT system
  • Analysis of a compromised system by a malware
Structuring and Acquisition of data
  • Comprehension of system files
  • Comprehension of hard drive topology
  • Starting processes of Windows / Linux / Macintosh
  • Best Practices about acquisition methods of data
  • Data Acquisition and duplication
  • Recovery of deleted data
Windows Forensic
  • Methods and tools for Forensic investigation
  • Forensic analysis
  • Investigation on events / logs
  • Investigation on network traffic / Router Forensic
  • Tools and applications Forensic
  • Steganography / Image files Forensic
  • Memory analysis on Windows system




This course is dedicated to people who are
familiar with :
  • IP Network and TCP / IP protocols
  • Windows systems
  • Unix / Linux systems
  • CyberSecurity (or have attended to the course « System vulnerabilities to cyberattacks »)


  • 5 training days
  • Several hands-on exercises : 40 % Theory / 60 % Practice
  • 8 students maximum per session
  • Intermediate level


ACA Main Building


PO Box 74, Al-Khuwair
PC 133, Sultanate of Oman
+968 24990900 | +968 24990901