Forensic Courses

Forensic Courses

FOR498: Battlefield Forensics & Data Acquisition

FOR498, a digital forensic acquisition training course, provides the necessary skills to identify the many and varied data storage mediums in use today, and how to collect and preserve this data in a forensically sound manner despite how and where it may be stored. It covers digital acquisition from computers, portable devices, networks, and the cloud. It then teaches the student Battlefield Forensics, or the art and science of identifying and starting to extract actionable intelligence from a hard drive in 90 minutes or less.

FOR500: Windows Forensic Analysis

SANS DFIR is training a new cadre of the world's best digital forensic professionals, incident responders, and media exploitation experts capable of piecing together what happened on Windows computer systems second by second. Our FOR500: Windows Forensic Analysis will teach you to conduct in-depth forensic analysis of Windows operating systems and media exploitation focusing on Windows 7-Windows 10. FOR500 focuses on identifying artifact and evidence locations to answer critical questions, including application execution, file access, data theft, external device usage, cloud services, geolocation, file download, anti-forensics, and detailed system usage. The class will help focus your capabilities on analysis instead of on how to use a particular tool.

FOR508: Advanced Incident Response, Threat Hunting, and Digital Forensics

Threat hunting and Incident response tactics and procedures have evolved rapidly over the past several years. Your team can no longer afford to use antiquated incident response and threat hunting techniques that fail to properly identify compromised systems. The key is to constantly look for attacks that get past security systems, and to catch intrusions in progress, rather than after attackers have completed their objectives and done worse damage to the organization. For the incident responder, this process is known as "threat hunting".

FOR508 teaches advanced skills to hunt, identify, counter, and recover from a wide range of threats within enterprise networks, including APT nation-state adversaries, organized crime syndicates, and hactivists.

FOR518: Mac and iOS Forensic Analysis and Incident Response

Times and trends change and forensic investigators and analysts need to change with them. The new Mac and iOS Forensic Analysis and Incident Response course provides the tools and techniques necessary to take on any Mac case without hesitation. The intense hands-on forensic analysis skills taught in the course will enable Windows-based investigators to broaden their analysis capabilities and have the confidence and knowledge to comfortably analyze any Mac or iOS system.

FOR526: Advanced Memory Forensics & Threat Detection

Memory Forensics In-Depth provides the critical skills necessary for digital forensics examiners and incident responders to proficiently analyze captured memory images and live response audits. The course uses the most effective freeware and open-source tools in the industry today and provides an in-depth understanding of how these tools work. FOR526 is a critical course for any serious DFIR investigator who wants to tackle advanced forensics, trusted insider, and incident response cases.

FOR572: Advanced Network Forensics: Threat Hunting, Analysis, and Incident Response

FOR572: ADVANCED NETWORK FORENSICS: THREAT HUNTING, ANALYSIS AND INCIDENT RESPONSE was designed to cover the most critical skills needed for the increased focus on network communications and artifacts in today's investigative work, including numerous use cases. The course covers the most critical skills needed to mount efficient and effective post-incident response investigations and focuses on the knowledge necessary to expand the forensic mindset from residual data on the storage media of a system or device, to the transient communications that occurred in the past or continue to occur.

FOR578: Cyber Threat Intelligence

Cyber threat intelligence represents a force multiplier for organizations looking to update their response and detection programs to deal with increasingly sophisticated advanced persistent threats. Malware is an adversary's tool but the real threat is the human one, and cyber threat intelligence focuses on countering those flexible and persistent human threats with empowered and trained human defenders.

During a targeted attack, an organization needs a top-notch and cutting-edge threat hunting or incident response team armed with the threat intelligence necessary to understand how adversaries operate and to counter the threat. FOR578: Cyber Threat Intelligence will train you and your team in the tactical, operational, and strategic level cyber threat intelligence skills and tradecraft required to make security teams better, threat hunting more accurate, incident response more effective, and organizations more aware of the evolving threat landscape.

FOR585: Smartphone Forensic Analysis In-Depth

FOR585: Smartphone Forensic Analysis In-Depth teaches real-life, hands-on skills that help digital forensic examiners, law enforcement officers, and information security professionals handle investigations involving even the most complex smartphones currently available.

FOR610: Reverse-Engineering Malware: Malware Analysis Tools and Techniques

Learn to turn malware inside out! This popular course explores malware analysis tools and techniques in depth. FOR610 training has helped forensic investigators, incident responders, security engineers, and IT administrators acquire the practical skills to examine malicious programs that target and infect Windows systems.

SEC402: The Secrets to Successful Cybersecurity Writing: Hack the Reader

Want to write better? Learn to hack the reader! Discover how to find an opening, break down your readers' defenses, and capture their attention to deliver your message--even if they‚re too busy or indifferent to others' writing. This unique course, built exclusively for cybersecurity professionals, will strengthen your writing skills and boost your security career.

SEC504: Hacker Tools, Techniques, Exploits, and Incident Handling

SEC504 will prepare you to turn the tables on computer attackers. This course addresses the latest cutting-edge insidious attack vectors, the "oldie-but-goodie" attacks that are still so prevalent, and everything in between. You will learn a time-tested, step-by-step process to respond to computer incidents; how attackers undermine systems so you can prepare, detect, and respond to them; and how to discover holes in your system before the bad guys do. Instead of merely teaching you a few hack attack tricks, this course will give you hands-on experience, equip you with a comprehensive incident handling plan, and help you understand the legal issues associated with responding to computer attacks, including employee monitoring, working with law enforcement, and handling evidence.