Incident Response and Forensics

Incidents are inevitable. Learn how to identify and respond to them.

Incidents are inevitable. Companies pre-plan and formulate an internal process on what to do when incidents occur. This is known as incident response. Responders must analyze artifacts to understand the full scope of the incident and contain it. This module will introduce the tools and techniques that are a part of this process.

Volatility

Learn how to perform memory forensics with Volatility!

Investigating Windows

A windows machine has been hacked, its your job to go investigate this windows machine and find clues to what the hacker might have done.

Windows Forensics 1

Introduction to Windows Registry Forensics

Windows Forensics 2

Learn about common Windows file systems and forensic artifacts in the file systems.

Redline

Learn how to use Redline to perform memory analysis and to scan for IOCs on an endpoint.

Autopsy

Learn how to use Autopsy to investigate artefacts from a disk image. Use your knowledge to investigate an employee who is being accused of leaking private company data.

Disk Analysis & Autopsy

Ready for a challenge? Use Autopsy to investigate artifacts from a disk image.

Need to know

Security Operations & Monitoring

Learn how to configure and utilise tooling to ensure that suspicious activity is quickly identified and dealt within your environment.

Next steps

Malware Analysis

Analyse malicious files to prevent malicious actions and identify attacks.

What are modules?

A learning pathway is made up of modules, and a module is made of bite-sized rooms (think of a room like a mini security lab).