Learning path
Advanced Endpoint Investigations
Modern threats don’t stop at logs and neither should you. This path prepares analysts to investigate across real world endpoints using disk images, memory dumps, and OS specific artifacts. With guided labs and challenge rooms, you’ll develop the skills to pivot between operating systems, uncover hidden attacker behavior, and respond with confidence under pressure.
hard
Investigate endpoint threats across Windows, Linux, macOS, and mobile platforms using memory, disk, and file system forensics.
- Master Windows, Linux, macOS, mobile and disk investigation techniques
- Investigate live memory and cold disk images for signs of compromise
- Learn file system analysis and forensics with hands-on labs covering MBR, GPT, FAT32, NTFS, EXT and file carving
- Use tools like Volatility, KAPE, SleuthKit, and ALEAPP in real world scenarios
Complete this learning path and earn a certificate of completion.
Introduction
Section 1
File System Analysis
MBR and GPT Analysis
FAT32 Analysis
NTFS Analysis
EXT Analysis
File Carving
DiskruptSection 2
Linux Endpoint Investigation
Linux Incident Surface
Linux Process Analysis
Linux Logs Investigations
Linux Live Analysis
IronShadeSection 3
Windows Endpoint Investigation
Windows Incident Surface
Compromised Windows Analysis
Windows User Account Forensics
Windows User Activity Analysis
Expediting Registry Analysis
Windows Applications Forensics
Windows Network Analysis
Logless Hunt
BlizzardSection 4
macOS Forensics
macOS Forensics: The Basics
macOS Forensics: Artefacts
macOS Forensics: Applications
Mac Hunt
Section 6
Memory Analysis
Memory Analysis Introduction
Memory Acquisition
Volatility Essentials
Windows Memory & Processes
Windows Memory & User Activity
Windows Memory & Network
Linux Memory Analysis
Supplemental MemorySection 7
Disk Image Analysis
Intro to Cold System Forensics
Forensic Imaging
Autopsy
DiskFiltration
ExfilNode