Be a cyber detective- collect, analyze & present evidence of cyber incidents

OffSec Learning Path: Digital Forensics Foundations

Investigate and analyze digital devices and data to uncover evidence related to a cyber incident. Understand how a hack, data breach or other malicious activity happened, identify attackers and collect evidence that can be used in legal proceedings. Learners will:

Understand core principles of forensics and evidence handling procedures
Practice executing forensic analysis on various types of digital evidence
Use network forensic tools to trace attacks across networks, cloud-native applications, Windows devices and more

Join the waitlist

Hero image for Be a cyber detective- collect, analyze & present evidence of cyber incidents

Respond effectively, protect assets and minimize the impact of a breach with digital forensics training

This Learning Path equips security professionals and teams with the knowledge and skills to respond to investigate and contain cyber incidents. Uncover the root cause and reveal vulnerabilities that attackers exploited while completing a thorough investigation and maintaining compliance.

Who is this Learning Path for?

Digital forensics analysts, cyber forensics investigator, incident response analyst and threat intelligence analysts
System administrators, network engineers, and IT operations personnel responsible for maintaining the security and integrity of their IT infrastructure
Risk managers and analysts seeking to understand the role of vulnerabilities in overall risk assessment and mitigation strategies

Learning objectives

Gain a solid understanding of digital forensics, evidence handling procedures and the fundamentals of data recovery and analysis methodologies.
Gain hands-on experience executing forensic analysis on various types of digital evidence
Learn how to use popular forensic tools like FTK Imager, Autopsy, WinHex, Volatility Framework, and Wireshark to speed investigations.

Key modules in Digital Forensics Foundations Learning Path

Introduction to Digital Forensics

An introduction to digital forensics in an enterprise environment including the basics of the forensics process based on NIST SP 800-86.

Forensic Collection

Learn the principles of forensic collection, including digital evidence handling and maintaining a proper chain of custody.

Computer Forensics

Gather and analyze digital evidence from computers, including file systems, email and web browsers activity.

Windows Forensics

Focused on Windows OS specific artifacts- learn how to analyze them for digital forensics purposes.

Memory Forensics

Analyze volatile memory to gather additional information from the device such as running processes, open connections, and more valuable data that can help in many types of investigations.

Network Forensics

Learn to capture and analyze network traffic to detect incidents and gather evidence. With a focus on packet analysis, protocol behavior, and using network forensic tools to trace attacks.

Cloud Computing Network Forensics

This module explores additional scenarios of network forensics applied to cloud-native applications and the infrastructure of public cloud providers.

View full syllabus

Digital Forensics Foundations

modules

hours of content (approx.)

skills

Earning an OffSec Learning Badge

Showcase your growing vulnerability management proficiency! Upon completing 80% of the Digital Forensics Foundations Learning Path, you'll receive an exclusive OffSec badge signifying:

Digital Forensics proficiency: Proven knowledge of key concepts and practical methodologies
Industry recognition: A valuable OffSec credential demonstrating your commitment to cybersecurity
Hands-on skill: Demonstrated ability to effectively identify and remediate vulnerabilities in real-world scenarios