Curriculum
- 6 Sections
- 58 Lessons
- 52 Weeks
Expand all sectionsCollapse all sections
- Introduction to Cyber Dojo Platform5
- Chapter 1: Advanced Incident Response and Threat Hunting14
- 2.1Introduction to Forensic Analyst Course
- 2.2Lab 0: Before Class Begins: VM Installation
- 2.3Lab 1.1: APT Incident Response Challenge – Read Scenario
- 2.4The Challenge of Information Security
- 2.5Incident Response & Threat Hunting
- 2.6Threat Hunting Process10 Minutes
- 2.7Threat Intelligence
- 2.8Malware-ology
- 2.9Malware Persistence
- 2.10Lab 1.2: Malware Persistence Analysis
- 2.11Incident Response: Hunting Across the Enterprise
- 2.12Lab 1.3: Creating Triage Images with KAPE
- 2.13Lab 1.4: Scaling Incident Response and Threat Hunting
- 2.14Credential Theft
- Chapter 2: Intrusion Analysis8
- 3.1Advanced Evidence of Execution
- 3.2Lab 2.1: Evidence of Execution: Prefetch, ShimCache, and Amcache
- 3.3Event Log Analysis for Responders and Hunter
- 3.4Lab 2.2: Tracking Credential Use with Event Log Explorer
- 3.5Lateral Movement Adversary Tactics
- 3.6Lab 2.3: Tracking Lateral Movement with EvtxECmd
- 3.7Command Line, PowerShell, and WMI Analysis
- 3.8Lab 2.4: WMI, PowerShell, and Microsoft Defender Log Analysis
- Chapter 3: Memory Forensics in Incident Response and Threat Hunting10
- 4.1Why Memory Forensics?
- 4.2Acquiring Memory
- 4.3Introduction to Memory Analysis (Part 1)
- 4.4Lab 3.1: Identify Rogue Processes
- 4.5Introduction to Memory Analysis (Part 2)
- 4.6Lab 3.2: Memory Process Objects
- 4.7Code Injection, Rootkits, and Extraction (Part 1)
- 4.8Lab 3.3: Code Injection
- 4.9Code Injection, Rootkits, and Extraction (Part 2)
- 4.10Lab 3.4: Memory Extraction and Rootkits
- Chapter 4: Timeline Analysis12
- 5.1Malware Discovery
- 5.2Lab 4.1: Malware Discovery
- 5.3Timeline Analysis Overview
- 5.4Filesystem Timeline Creation and Analysis
- 5.5Lab 4.2: Filesystem Timeline Creation and Analysis
- 5.6Introducing the Super Timeline
- 5.7Targeted Super Timeline Creation
- 5.8Lab 4.3A: Super Timeline Creation (Windows)
- 5.9Lab 4.3B: Super Timeline Creation (Linux)
- 5.10Filtering the Super Timeline
- 5.11Super Timeline Analysis
- 5.12Lab 4.4: Super Timeline Analysis
- Chapter 5: Advanced Adversary and Anti-Forensics Detection9
- 6.1Anti-Forensics Overview
- 6.2Recovery of Deleted Files via VSS
- 6.3Lab 5.1: Mount and Examine VSS Images
- 6.4Lab 5.2: VSS Super Timeline Creation
- 6.5Advanced NTFS Tactics
- 6.6Lab 5.3: NTFS File System Forensics
- 6.7Advanced Evidence Recovery
- 6.8Defensive Countermeasures
- 6.9Lab 5.4: Anti-Forensics Analysis and Data Recovery
