This entry-level course in digital forensics and incident response provides foundational knowledge in incident response preparation, detection and analysis, containment, eradication, recovery, and po t-incident activities, including lessons learned. This course employs open-source tools to perform triage and forensics analysis in hands-on labs, touching on the key artifacts of Microsoft Windows, Linux, and Apple macOS systems.

This course is part of the Trellix Cyber Operations team’s Foundations in Incident Response Education (FIRE) track of general defensive security training. Learners are provided a blend of lecture, discussions, and hands-on labs.

• Define key terms in digital forensics and incident response
• Describe the U.S. NIST incident response lifecycle
• Apply standard methodologies to artifact collection
• Explain proper evidence handling techniques and chain of custody procedures
• Identify key artifacts and their importance in forensics analysis
• Apply the MITRE ATT&CK framework to DFIR objectives

•  Course Introduction
•  Malware Overview
•  Malware Lab Construction
•  Analysis Techniques
•  Network Analysis
•  Delivery Vectors
•  Executables
•  Defensive Techniques of Malware
•  Modern OS Defenses

This course is intended for incident responders, information security staff, auditors, SOC analysts, investigators, and consultants responsible for digital forensics and incident response.

Students taking this course should have a working knowledge of Windows/Linux/macOS operating systems, and network technologies. Basic understanding of information security, command line syntax, malware, and analytical thinking recommended.