Learning path

Advanced Endpoint Investigations

Modern threats don’t stop at logs and neither should you. This path prepares analysts to investigate across real world endpoints using disk images, memory dumps, and OS specific artifacts. With guided labs and challenge rooms, you’ll develop the skills to pivot between operating systems, uncover hidden attacker behavior, and respond with confidence under pressure.

Modules

Hands-on labs

Estimated time

57h 45m

Difficulty level

hard

Investigate endpoint threats across Windows, Linux, macOS, and mobile platforms using memory, disk, and file system forensics.

Master Windows, Linux, macOS, mobile and disk investigation techniques
Investigate live memory and cold disk images for signs of compromise
Learn file system analysis and forensics with hands-on labs covering MBR, GPT, FAT32, NTFS, EXT and file carving
Use tools like Volatility, KAPE, SleuthKit, and ALEAPP in real world scenarios

Example learning path completion certificate

Complete this learning path and earn a certificate of completion.

Introduction

In this path, you’ll dive deep into advanced endpoint investigation techniques. You’ll gain practical experience conducting forensic investigations across Windows, Linux, macOS, and mobile devices using industry standard tools. Focusing on memory analysis, disk forensics, artifact extraction, and system triage, you’ll develop the skills needed to uncover attacker activity, trace persistence, and respond to complex threats. Through a mix of theoretical content and hands on labs, you’ll build cross platform investigative workflows that mirror real world incident response. By the end, you’ll be equipped with the technical confidence and forensic fluency needed to lead investigations across diverse environments.

Section 1