Incident Response:
Black Hat Edition

Mandiant july 21-22july 23-24


Ends February 1


Ends June 1


Ends July 20


July 21-24


Mandiant has raised the bar of effective detection, response, and remediation through their Incident Response (IR) coursework. This two-day Special Edition class teaches the fundamental and cutting edge data collection and analysis techniques information security professionals need to investigate increasingly complex intrusion scenarios. The course contains case studies and hands-on lab exercises tailored to the latest attack scenarios identified by Mandiant's investigations into the compromise of public and private sector organizations. Attendees will gain experience in the following topic areas.

The Incident Response Process Forensic Data Collection Analyzing Evidence Anti-Forensic Techniques Memory Acquisition And Analysis

These topics will help prepare you for some of the most common questions and challenges facing an incident responder, such as:

The class is structured to include exercises, tools, and sample evidence based on real-world cases throughout the material – we strive to minimize lecture time and maximize hands-on learning.

What to bring

Students must provide their own laptop that is running a version of Microsoft Windows or Virtualization software such as VMware that is running a version of Microsoft Windows. Students must possess Administrator rights to the system they will use during class and must be able to install software provided on a USB device.

Students, who cannot meet the laptop requirements because of onsite registration or other reasons, please contact MANDIANT at to see if a laptop can be provided for you.

What You Will Get

Who Should Attend the Class

Anyone involved in the information technology and information security fields responsible for responding to computer intrusions or securing corporate networks. The class covers the basics of the incident response process and proper handling of incidents as well as advanced investigative techniques used to respond to computer intrusions.



Chris Nutt is a Manager within the Professional Services Division of MANDIANT. Mr. Nutt has eight years of experience in enterprise incident response, working with the federal government, defense industrial base, and fortune 100 companies. He has extensive experience in incident response, computer forensics, remediation strategies, and project management.

Mr. Nutt has led and conducted incident response and forensic analysis engagements for government entities and the Fortune 100. He has led high visibility investigations into the theft of intellectual property as well as the theft of payment card industry information. He regularly assists organizations in developing remediation strategies designed to remove sophisticated attackers from client networks.

Mr. Nutt leverages his consulting experience to develop and deliver incident response training to law enforcement, the federal government, and corporate security groups. He has also presented at a variety of security industry events; his most recent presentation was at DoD CyberCrime Conference 2012.

Ryan Kazanciyan is a Principal Consultant with Mandiant and has ten years of experience specializing in incident response, forensic analysis, penetration testing, and web application security. He has most recently conducted intrusion investigations and remediation efforts for organizations in the technology, financial services, and defense industrial base sectors. Mr. Kazanciyan has experience with analysis of host and network-based indicators of compromise, disk and memory forensics, and malware identification and triage. He also helped victim organizations develop and implement remediation steps to address existing vulnerabilities and enhance security controls.

In addition to his experience in incident response, Mr. Kazanciyan has an extensive background managing and executing large penetration testing engagements in Windows and UNIX environments, social engineering, and wireless assessments. Ryan also is proficient in application security and has conducted black-box and source-code assessments for web applications and "thick" clients.

Mr. Kazanciyan has leveraged his consulting experience to lead training sessions for a variety of audiences in law enforcement, the federal government, and corporate security groups. He has taught courses on incident response, forensic analysis, penetration testing, and web application security. He has also presented at a variety of security industry events including Black Hat Federal, ShmooCon, and the DoD CyberCrime Conference.

Mary Singh is a Senior Consultant with Mandiant with ten years of experience in information security. Ms. Singh specializes in forensic analysis, location of information exposure, and EnCase forensic software. She has experience in military information operations, intrusion detection and incident response, and identified specific military and engineering data targeted at several major defense contractors. In a recent investigation, she discovered a malicious driver that was unknowingly being hosted and distributed from a legitimate website.

In the military and as a consultant, Ms. Singh developed both network and host level indicators of compromise. She shares her experience and knowledge by teaching courses on incident response and network investigative techniques. She also presented the past two years at the DoD CyberCrime Conference, sharing the latest methods to "find evil" with law enforcement, federal government, and industry.