Tactical Digital Forensics Training

Commitment 10 days, 7-8 hours a day.
Language English
User Ratings Average User Rating 4.8 See what learners said
Delivery Options Instructor-Led Onsite, Online, and Classroom Live


Tactical Digital Forensics Training teaches students to perform the fast and efficient digital forensics required to discover and investigate an Advanced Persistent Threat. Students learn the types of tactics and procedures a threat actor uses to evade detection and develop real-world skills to locate malicious elements on a network and respond appropriately. Students acquire a fundamental understanding of how to effectively discover breaches and triage attacks within a network. A hands-on capstone exercise assesses students’ abilities in response to an intrusion detection incident and grades each individual on the use of forensics analysis techniques to determine the attack method, associated implants, embedded tools and files, attack timeline, and origin of the attack.

  • 10 days of Tactical Digital Forensics Training with an expert instructor
  • Tactical Digital Forensics Electronic Study Guide
  • Certificate of Completion
  • 100% Satisfaction Guarantee



Upon completing this Tactical Digital Forensics Training course, learners will be able to meet these objectives:

  • Students receive a textbook to accompany classroom instruction.
  • The class offers a unique combination of digital forensics and malware analysis.
  • Classroom exercises demonstrate how to reverse-engineer an attack.
  • Theory and exercises review modern methods used by threat actors to gain access to remote networks.
  • A capstone event assesses students’ use of forensics analysis techniques to determine a threat’s attack method, associated implants, embedded tools and files, attack timeline, and origin of the attack.
  • We can adapt this Tactical Digital Forensics Training course to your group’s background and work requirements at little to no added cost.
  • If you are familiar with some aspects of this Tactical Digital Forensics course, we can omit or shorten their discussion.
  • We can adjust the emphasis placed on the various topics or build the Tactical Digital Forensics course around the mix of technologies of interest to you (including technologies other than those included in this outline).
  • If your background is nontechnical, we can exclude the more technical topics, include the topics that may be of special interest to you (e.g., as a manager or policy-maker), and present the Tactical Digital Forensics course in a manner understandable to lay audiences.

The target audience for this Tactical Digital Forensics Training course:

  • All

The knowledge and skills that a learner must have before attending this Tactical Digital Forensics course are:

  • N/A


Anatomy of an Attack
  • A day in the life of an advanced threat
  • Process Interrogation
  • Search for forensics tool suites
  • Learn to find running malware
  • Discover methods of malware persistence
Tactical Digital Forensics Training – Memory Analysis
  • Practice volatile memory capture (RAM dumps)
  • Perform volatile memory forensics
File Forensics
  • Identify Advanced Persistent Threats
  • Analyze dynamic executable files
  • Recover deleted files and other artifacts
  • Network Traffic Forensics
  • Extract files from network traffic
  • Discover malicious network activity indicators
Windows Internal Forensics
  • Interrogate processes for indications of malware
  • Review the Windows boot process
  • Learn about forensic artifacts
  • Review event logs for unusual entries in PowerShell
  • Perform USB device timeline analysis
Responsive Actions
  • Identify and document Indicators of Compromise
  • Discover anti-forensics tools and methods
  • Discover and analyze malware
Tactical Digital Forensics TrainingTactical Digital Forensics Training Course Wrap-Up


    Are you Human?