EC-Council Certified Incident Handler (E|CIH) Training Boot Camp
Meets DoD 8140 requirements
Financing available:
Monthly payments with
EC-Council’s Certified Incident Handler (E|CIH) is an ANAB ISO/IEC 17024 accredited and US DoD 8140 approved program that equips students with knowledge, skills and abilities to effectively prepare for, deal with and eradicate threats in an incident. This program provides the entire incident handling and response process and hands-on labs that teach the tactical procedures and techniques required to effectively plan, record, triage, notify and contain.
Students will learn the handling of various types of incidents, risk assessment methodologies, and laws and policies related to incident handling. The E|CIH covers post-incident activities such as containment, eradication, evidence gathering and forensic analysis, leading to prosecution or countermeasures to prevent incident repetition. With over 95 advanced labs, coverage of over 800 tools and exposure to
incident-handling activities on various operating systems, the E|CIH provides a well-rounded but tactical approach to planning for and dealing with cyber incidents.
During your boot camp
Lab environment
- 95 labs simulating real-world environments
- 22 scenario-based labs
- 50% hands-on training dedication
- Latest Windows, Ubuntu, Parrot Security, Pfsense, OSSIM environments
- Advanced forensic software and threat intelligence platforms
- Real-time organizational network simulations
Resources included
- 800+ incident handling and response tools
- 125 incident handling templates, checklists, and toolkits
- 10+ playbooks and runbooks (DDoS, Phishing, Insider Threat, Ransomware)
- Real-time case studies on cybersecurity incident response
- Incident handling standards, laws, and legal compliance documentation
Key learning areas
- 9-stage incident handling & response process
- Structured approach for performing IH&R
- Focus on developing skills for different types of cybersecurity incidentsEmphasis on forensic readiness and first response procedures
- Coverage of latest IH&R tools, platforms, and frameworks
Industry compliance
- 100% compliance with NICE Special Publication 800-181 Cybersecurity Workforce Framework
- Maps to Protect and Defend (PR) category and Incident Response (CIR) specialty area
- 100% compliance with CREST Certified Incident Manager (CCIM) Frameworks
- Based on comprehensive industry-wide Job Task Analysis (JTA)
Average incident response times:
- 277 days: Average time to identify and contain a data breach
- 303 days: Average time to identify and contain a supply chain compromise
- 49 days: Additional time for ransomware breaches
What you'll learn
Training overview
- Information security threats, attack vectors and security concepts
- Attack and defense frameworks (Cyber Kill Chain, MITRE ATT&CK)
- Standards, cybersecurity frameworks and legal compliance
- The 9-stage Incident Handling & Response (IH&R) process
- Incident response automation and orchestration
- Securing crime scenes, evidence collection and forensic analysis
- Evidence preservation, packaging and transportation procedures
- Malware incident handling: preparation, detection, analysis and eradication
- Email security incident response and best practices
- Network security incidents: unauthorized access, DoS and wireless threats
- Web application incident detection, containment and recovery
- Cloud security incidents (Azure, AWS, Google Cloud) and best practices
- Insider threat preparation, detection and recovery
- Mobile, IoT, and OT-based security incidents
- Endpoint security best practices
- Post-incident activities and recovery procedures
What's included
Everything you need to know
- 90-day extended access to Boot Camp components, including class recordings
- 100% Satisfaction Guarantee
- Exam Pass Guarantee
- Exam voucher
- Knowledge Transfer Guarantee
- Unlimited practice exam attempts
Syllabus
Training schedule
Day 1
Introduction to IH&R
Security Threats
Frameworks
IH&R Process
First Response Procedures
Beginning Malware Incident Response
Day 2
Email and Network Security Incidents
Web Application Security Incidents
Cloud Security Incidents
Day 3
Insider Threats
Endpoint Security Incidents
Exam Preparation
Advanced Labs
Scenario-Based Exercises
Infosec success stories
"The team at Infosec was great from the start, and they were as excited about my journey as I was. They explained the value behind each training I was considering and how it could further my goals. Their enthusiasm was a great motivation throughout the boot camp."
Elle Autumn
EC-Council Certified Ethical Hacking Course: CEH Certification Training Boot Camp Read Elle's Story
"Infosec has uniquely prepared me for any CMMC retraining that will take place inevitably in the future. With them, it’s not just about completing the certification; it's about being a true contributor to the ecosystem."
James Ahern
Certified CMMC Assessor (CCA) Boot Camp Read James's Story
"The hands-on training was the best part. You have an instructor you can actually reach out to and ask questions — not only on the material, but also about things out in the wild with cybersecurity."
Eddie Quinones
CompTIA Security+ Certification Training Boot Camp Read Eddie's Story
"The Infosec CISM Boot Camp gave me the ability to intelligently explain why I'm making a decision. Ultimately, the C-suite is happy and they know, 'Hey, here's a person that we can rely on."
Mohammad Mirza
ISACA Certified Information Security Manager (CISM) Training Boot Camp Read Mohammad's StoryGuaranteed results
Our Boot Camp guarantees
Exam Pass Guarantee
If you don’t pass your exam on the first attempt, get a second attempt for free. Includes the ability to re-sit the course for free for up to one year (does not apply to CMMC-AB Boot Camps).
100% Satisfaction Guarantee
If you’re not 100% satisfied with your training at the end of the first day, you may withdraw and enroll in a different online or in-person course.
Knowledge Transfer Guarantee
If an employee leaves within three months of obtaining certification, Infosec will train a different employee at the same organization tuition-free for up to one year.
What you'll learn
Boot Camp training overview
Module coverage (10 Modules):
- Introduction to Incident Handling and Response
- Incident Handling and Response Process
- First Response
- Handling and Responding to Malware Incidents
- Handling and Responding to Email Security Incidents
- Handling and Responding to Network Security Incidents
- Handling and Responding to Web Application Security Incidents
- Handling and Responding to Cloud Security Incidents
- Handling and Responding to Insider Threats
- Handling and Responding to Endpoint Security Incidents
Who should attend
- Incident handlers and incident responders
- SOC analysts and engineers
- CSIRT team members
- Mid‑level to high‑level cybersecurity professionals with a minimum of 3 years of experience
Before your Boot Camp
Prerequisites
Exam Process
How does the E|CIH examination process work?
- Exam Code: 212-89
- Exam Title: EC-Council Certified Incident Handler
- Test Format: Multiple Choice
- Number of Questions: 100
- Duration: 3 hours
- Availability: ECC Exam Portal
- Passing Score: Refer to https://cert.eccouncil.org/faq.html
Award-winning training you can trust
Meets 8570.1 requirements
Attention DoD Information Assurance workers! This boot camp helps meet U.S. Department of Defense Directive 8570.1 requirements for department employees or contractors engaged in work related to information security.
Why choose Infosec?
Category
Infosec logo
SANS Institute
Training Camp
Global Knowledge (Skillsoft)
AI-powered, hands-on skill validation
12 Roles
Integrated for all roles
90 days
*Protects your investment if trained employees leave within three months of obtaining certification (Infosec will train a different employee at the same organization tuition-free for up to one year).
Explore our top boot camps
