A comprehensive 12-week program covering digital forensics, incident response, and defensive security operations.
Master the fundamentals of incident response through industry-standard frameworks including NIST and SANS methodologies. Learn proper evidence collection procedures, chain of custody protocols, and volatile data acquisition techniques. Develop skills in disk imaging, forensic duplication, and timeline analysis methodologies while practicing first responder scenarios and evidence preservation in hands-on lab environments.
Dive deep into forensic artifact analysis across multiple operating systems. Examine Windows forensic artifacts including Registry, Event Logs, Prefetch, ShimCache, and AmCache, along with NTFS forensics covering MFT, USN Journal, and $LogFile. Explore Linux forensics through auth logs, bash history, and systemd journals, plus macOS forensics including unified logs and TCC database. Master memory forensics with Volatility and browser forensics for user activity reconstruction through comprehensive lab exercises analyzing compromised systems and building detailed timelines.
Develop advanced network analysis capabilities through packet analysis with Wireshark and tshark, network traffic baselining, and command-and-control traffic identification. Learn to analyze Zeek and Suricata logs while implementing both hypothesis-driven and IOC-based threat hunting methodologies. Master TLS/SSL inspection and encrypted traffic analysis techniques, culminating in hands-on labs where you'll hunt for APT activity within network packet captures.
Build expertise in both static and dynamic malware analysis techniques within isolated environments. Learn behavioral analysis and sandbox evasion detection while gaining foundational knowledge of x86/x64 assembly for reverse engineering. Master industry-standard tools including Ghidra and IDA Pro, and develop skills in PowerShell and VBScript deobfuscation. Apply your knowledge in practical labs analyzing real-world malware samples and extracting indicators of compromise.
Master Security Information and Event Management through hands-on experience with Splunk, Elastic Stack, and Microsoft Sentinel. Develop proficiency in log correlation, alert tuning, and building detection rules using Sigma and YARA. Learn false positive reduction strategies and EDR telemetry analysis while gaining expertise in cloud security monitoring through CloudTrail and Azure logs. Practice investigating incidents using SIEM platforms and writing custom detection rules in comprehensive lab scenarios.
Leverage the MITRE ATT&CK framework for comprehensive threat mapping and learn threat actor profiling techniques including tactics, techniques, and procedures. Apply the Diamond Model and Cyber Kill Chain to real-world scenarios while mastering root cause analysis methodologies. Develop skills in IOC and IOA development and gain hands-on experience with threat intelligence platforms. Complete labs mapping incidents to ATT&CK and performing full root cause analysis investigations.
Apply all learned skills to realistic investigation scenarios including ransomware incidents, business email compromise cases, insider threat detection, and cloud breach investigations. Develop professional report writing skills for both executive and technical audiences, and learn testimony and evidence presentation techniques. Complete a comprehensive capstone project involving a multi-vector incident investigation with full documentation and reporting requirements.
Take our assessment to confirm this is the right track for you, or contact us to learn more about enrollment.