Check out our new Training Passes!

GIAC - Enterprise Incident Response (GEIR)

Duration

Duration:

Only 2 Days

Method

Method:

Classroom / Online / Hybrid

Next date

Next date:

10.2.2025 (Monday)

Overview

This accelerated GIAC Enterprise Incident Response (GEIR) certification validates a practitioner's mastery of enterprise-class incident response and threat hunting tools and techniques. GEIR certification holders have demonstrated the ability to use analysis methodologies to understand attacker movement across varying functions and operating systems.


In just 2 days, you’ll also learn:

  • Incident Response Team Management and Coordination
  • Enterprise Incident Detection and Threat Hunting
  • Large Scale Event Correlation and Timeline Analysis
  • Multi-platform Artifact Analysis
  • Analysis of Windows Artifacts
  • Analysis of Linux Artifacts
  • Analysis of macOS Artifacts
  • Analysis of Container Artifacts
  • Analysis of Cloud Environment Artifacts

At the end of this course, you’ll sit the GIAC exam, and achieve your GIAC Enterprise Incident Response (GEIR) certification. Through Firebrand’s Lecture | Lab | Review methodology, you’ll get certified at twice the speed of the traditional training and get access to courseware, learn from certified instructors, and train in a distraction-free environment.

 

Audience

This course is ideal for:

  • Incident Response Team Leads and Advanced Practitioners
  • Threat Hunting Professionals
  • Experienced Digital Forensic Analysts
  • Enterprise Detection Engineers
  • Federal Agents and Law Enforcement Professionals
  • SANS DFIR Alumni looking to apply their forensic skills at scale.

See prices now to find out how much you could save when you train at twice the speed.

 See prices

Four reasons why you should sit your course with Firebrand Training

  1. You'll be trained and certified faster. Learn more on this 2-day accelerated course. You'll get at least 12 hours a day of quality learning time in a distraction-free environment
  2. Your course is all-inclusive. One simple price covers all course materials, exams, accommodation and meals – so you can focus on learning
  3. Pass first time or train again for free. Your expert instructor will deliver our unique accelerated learning methods, allowing you to learn faster and be in the best possible position to pass first time. In the unlikely event that you don't, it's covered by your Certification Guarantee
  4. Study with an award-winning training provider. We've won the Learning and Performance Institute's "Training Company of the Year" three times. Firebrand is your fastest way to learn, with 134561 students saving more than one million hours since 2001

Benefits

Seven reasons why you should sit your course with Firebrand Training

  1. Two options of training. Choose between residential classroom-based, or online courses
  2. You'll be certified fast. With us, you’ll be trained in record time
  3. Our course is all-inclusive. A one-off fee covers all course materials, exams**, accommodation* and meals*. No hidden extras.
  4. Pass the first time or train again for free. This is our guarantee. We’re confident you’ll pass your course the first time. But if not, come back within a year and only pay for accommodation, exams and incidental costs
  5. You’ll learn more. A day with a traditional training provider generally runs from 9 am – 5 pm, with a nice long break for lunch. With Firebrand Training you’ll get at least 12 hours/day of quality learning time, with your instructor
  6. You’ll learn faster. Chances are, you’ll have a different learning style to those around you. We combine visual, auditory and tactile styles to deliver the material in a way that ensures you will learn faster and more easily
  7. You’ll be studying with the best. We’ve been named in the Training Industry’s “Top 20 IT Training Companies of the Year” every year since 2010. As well as winning many more awards, we’ve trained and certified over 135,000 professionals
  • * For residential training only. Doesn't apply for online courses
  • ** Some exceptions apply. Please refer to the Exam Track or speak with our experts

Think you are ready for the course? Take a FREE practice test to assess your knowledge!

 Free Practice Test

Curriculum

  • Module 1: Cloud Response and Analysis
  • Demonstrate a familiarity with popular cloud attack scenarios and display an understanding of common manual and automated techniques for identifying, extracting, and analyzing artifacts when responding to a cloud-based incident.
  • Module 2: Container DFIR Fundamentals
  • Demonstrate a basic understanding of container technology, a familiarity with common attack techniques performed against containers, and a foundational digital forensic and incident response strategy when responding to a container-based incident.
  • Module 3: Detecting Modern Attacks
  • Demonstrate an understanding of how to apply threat intelligence and information gathered through proactive threat hunting to support the detection and response to modern attacks.
  • Module 4: Enterprise Incident Response Management
  • Demonstrate an understanding of how to manage and conduct effective incident response within an enterprise environment and will display a familiarity with techniques used to address common operational challenges while performing large scale investigations.
  • Module 5: Enterprise Visibility and Incident Scoping
  • Demonstrate a familiarity with common data source types in an enterprise environment and will display an understanding of strategies to aggregate telemetry from a large volume of disparate resources in order to scope an incident.
  • Module 6: Foundational Cloud Concepts
  • Demonstrate an understanding of fundamental cloud concepts and a familiarity with the most common cloud services that enterprises use to support business operations.
  • Module 7: Linux DFIR Fundamentals
  • Demonstrate an understanding of digital forensics and incident response fundamentals for a Linux system, including foundational knowledge of the file system, locations and format of important logs, and key configuration files.
  • Module 8: Linux Essentials
  • Demonstrate a basic understanding of a Linux operating system, common challenges when securing and monitoring Linux systems, and popular platform-specific attack techniques across an attack lifecycle.
  • Module 9: macOS DFIR Fundamentals
  • Demonstrate an understanding of digital forensics and incident response fundamentals for a macOS system, including foundational knowledge of the file system, locations and format of important logs, and key configuration files.
  • Module 10: macOS Essentials
  • Demonstrate a basic understanding of a macOS operating system, common challenges when securing and monitoring macOS systems, and popular platform-specific attack techniques across an attack lifecycle.
  • Module 11: Rapid Response Triage at Scale
  • Demonstrate an understanding of how to efficiently collect, process, and analyze incident response triage data across a large volume of endpoints.

Exam Track

At the end of this accelerated course, you’ll sit the following exam at the Firebrand Training centre, covered Certification Guarantee:

GIAC Enterprise Incident Response (GEIR) exam

  • Duration: 3 hours
  • Format: 1 proctored exam
  • Number of questions: 82 questions
  • Passing score: Minimum passing score of 72%

What's Included

Your accelerated course includes:

  • Accommodation *
  • Meals, unlimited snacks, beverages, tea and coffee *
  • On-site exams **
  • Exam vouchers **
  • Practice tests **
  • Certification Guarantee ***
  • Courseware
  • Up-to 12 hours of instructor-led training each day
  • 24-hour lab access
  • Digital courseware **
  • * For residential training only. Accommodation is included from the night before the course starts. This doesn't apply for online courses.
  • ** Some exceptions apply. Please refer to the Exam Track or speak with our experts
  • *** Pass first time or train again free as many times as it takes, unlimited for 1 year. Just pay for accommodation, exams, and incidental costs.

Prerequisites

There are no prerequisites for this accelerated course.

Unsure whether you meet the prerequisites? Don’t worry. Your training consultant will discuss your background with you to understand if this course is right for you.

Reviews

Here's the Firebrand Training review section. Since 2001 we've trained exactly 134561 students and asked them all to review our Accelerated Learning. Currently, 94.76% have said Firebrand exceeded their expectations.

Read reviews from recent accelerated courses below or visit Firebrand Stories for written and video interviews from our alumni.


"Good knowledge and experience on Cyber Security for ICS."
Anonymous (21.11.2016 (Monday) to 25.11.2016 (Friday))

"Firebrand provided a first class course and testing centre and makes getting the certification very simple. Having both training and exam in a single centre was very helpful."
Anonymous (21.11.2016 (Monday) to 25.11.2016 (Friday))

"Perfect!"
Anonymous (21.11.2016 (Monday) to 25.11.2016 (Friday))

"Great course with big knowledge in a team of different experiences."
Anonymous (21.11.2016 (Monday) to 25.11.2016 (Friday))

"Best way to fully focus for complex certifications while benefiting from the real-life experience of the instructor"
Anonymous. (4.9.2023 (Monday) to 8.9.2023 (Friday))

Course Dates

Start

Finish

Status

Location

Book now

26.8.2024 (Monday)

27.8.2024 (Tuesday)

Finished - Leave feedback

-

 

 

10.2.2025 (Monday)

11.2.2025 (Tuesday)

Limited availability

Nationwide

 

24.3.2025 (Monday)

25.3.2025 (Tuesday)

Open

Nationwide

 

5.5.2025 (Monday)

6.5.2025 (Tuesday)

Open

Nationwide

 

16.6.2025 (Monday)

17.6.2025 (Tuesday)

Open

Nationwide

 

Latest Reviews from our students

Trustpilot