Intermediate Incident Response

Digital Forensics and Incident Response (DFIR)

Instructor KATE BASSEY

80 hours

0 enrolled

About this course

Digital Forensics and Incident Response (DFIR) focuses on identifying, investigating, and responding to cybersecurity incidents. Students learn how to collect, preserve, analyze, and report digital evidence while responding to cyber attacks.

Course Content

Introduction to Digital Forensics (Week 1)

120 min

Introduction to Digital Forensics (Week 1)

120 min

Types of digital evidence

120 min

Forensic investigation process

120 min

Legal considerations and chain of custody

120 min

Lab: Identifying digital evidence

120 min

Incident response lifecycle

120 min

NIST incident response framework

120 min

Preparation and incident handling

120 min

Roles of a DFIR analyst

120 min

Lab: Simulated cyber incident investigation

120 min

Disk imaging

120 min

Memory acquisition

120 min

Live vs dead forensics

120 min

Evidence preservation

120 min

Hashing and verification

129 min

Lab: Disk imaging exercise

120 min

NTFS file system

120 min

Master File Table (MFT)

120 min

File metadata analysis

120 min

Deleted file recovery

120 min

Timeline analysis

120 min

Lab: Recovering deleted files

120 min

Windows artifacts

120 min

Registry analysis

120 min

Event logs analysis

120 min

User activity tracking

120 min

Lab: Windows forensic investigation

120 min

Memory analysis fundamentals

120 min

Malware detection

120 min

Process analysis

120 min

Network connections analysis

120 min

Lab: Memory dump analysis

120 min

Network traffic analysis

120 min

Packet capture analysis

120 min

Intrusion detection

120 min

Log analysis

120 min

Lab: Investigating suspicious network traffic

120 min

Malware investigation

120 min

Static vs dynamic analysis

120 min

Indicators of compromise (IOC)

120 min

Threat intelligence

120 min

Lab: Malware behavior analysis

120 min

Threat hunting

120 min

Root cause analysis

120 min

Attack reconstruction

120 min

Incident documentation

120 min

Lab: Full attack investigation scenario

120 min

Writing forensic reports

120 min

Presenting evidence

120 min

Expert witness preparation

120 min

Expert witness preparation

120 min

Capstone Project: Complete forensic investigation report

120 min

Prerequisites

Basic networking knowledge
Basic operating systems knowledge (Windows/Linux)
Basic cybersecurity fundamentals

Learning Outcomes

By the end of the course, students will be able to:
Conduct digital forensic investigations
Collect and preserve digital evidence
Analyze compromised systems
Investigate malware and network attacks
Respond to cybersecurity incidents
Produce forensic investigation reports

Capstone Project

Complete forensic investigation report

Target Audience

Cybersecurity analysts
SOC analysts
IT administrators
Security engineers
Law enforcement investigators

Digital Forensics and Incident Response (DFIR)

This course includes:

80 hours of video
Downloadable resources
Certificate of completion
Lifetime access

Digital Forensics and Incident Response (DFIR)

About this course

Course Content

Module 1: Introduction to Digital Forensics (Week 1) 6 lessons

Module 2: Incident Response Fundamentals (Week 2) 5 lessons

Module 3: Evidence Acquisition (Week 3) 6 lessons

Module 4: File System Forensics (Week 4) 6 lessons

Module 5: Windows Forensics (Week 5) 5 lessons

Module 6: Memory Forensics (Week 6) 5 lessons

Module 7: Network Forensics (Week 7) 5 lessons

Module 8: Malware Analysis Basics (Week 8) 5 lessons

Module 9: Incident Response Investigation (Week 9) 5 lessons

Module 10: Reporting and Court Presentation (Week 10) 5 lessons

Prerequisites

Learning Outcomes

Capstone Project

Target Audience

This course includes: