Back to all modules

Digital Forensics and Incident Response

Digital Forensics and Incident Response icon

Understand what forensic artifacts are present in the Windows and Linux Operating Systems, how to collect them, and leverage them to investigate security incidents.

Forensic artifacts are pieces of evidence left by human activity. In this module, we will learn about the forensic artifacts in Windows and Linux operating systems and perform basic malware analysis. We will learn to use Kape, Autopsy, Zimmerman’s tools, and Volatility to collect forensic data. We will also learn how to organize this data and leverage it to investigate incidents using the Hive project.

Digital Forensics and Incident Response icon
image

0%

DFIR: An Introduction

Introductory room for the DFIR module

image

0%

Windows Forensics 1

Introduction to Windows Registry Forensics

image

0%

Windows Forensics 2

Learn about common Windows file systems and forensic artifacts in the file systems.

image

0%

Linux Forensics

Learn about the common forensic artifacts found in the file system of Linux Operating System

image

0%

Autopsy

Learn how to use Autopsy to investigate artefacts from a disk image. Use your knowledge to investigate an employee who is being accused of leaking private company data.

image

0%

Redline

Learn how to use Redline to perform memory analysis and to scan for IOCs on an endpoint.

image

0%

KAPE

An introduction to Kroll Artifact Parser and Extractor (KAPE) for collecting and processing forensic artifacts

image

0%

Volatility

Learn how to perform memory forensics with Volatility!

image

0%

Velociraptor

Learn Velociraptor, an advanced open-source endpoint monitoring, digital forensic and cyber response platform.

image

0%

TheHive Project

Learn how to use TheHive, a Security Incident Response Platform, to report investigation findings

image

0%

Intro to Malware Analysis

What to do when you run into a suspected malware

image

0%

Unattended

Use your Windows forensics knowledge to investigate an incident.

image

0%

Disgruntled

Use your Linux forensics knowledge to investigate an incident.

image

0%

Critical

Acquire the basic skills to analyze a memory dump in a practical scenario.

image

0%

Secret Recipe

Perform Registry Forensics to Investigate a case.

Next steps

Next steps: Phishing

Phishing

Learn how to analyse and defend against phishing emails. Investigate real-world phishing attempts using a variety of techniques.

What are modules?

A learning pathway is made up of modules, and a module is made of bite-sized rooms (think of a room like a mini security lab).

Module tree diagram

We use cookies to ensure you get the best user experience. For more information contact us.

Read more