Welcome and Overview

👋 Welcome to the FOR200 Investigation Scenarios

In this course you get access to a variety of Windows forensic investigation scenarios, each modeled after real-world enterprise incidents:

  • FOR001: Disgruntled Manager’s ExodusIntermediate
  • FOR002: Suspicious Network ConnectionIntermediate
  • FOR003: Unauthorized Access to Confidential Share DriveAdvanced
  • FOR004: Suspicious Logons to CTO WorkstationBeginner

Each scenario is fully self-contained and delivered in an in-browser, forensic lab VM – no downloads or setup required. All you need is a browser.

Learn, Practice, and Validate Your Skills

These scenarios are part of the “Practice” phase of the Blue Cape Security Learn → Practice → Validate framework. You’ll get to:

  • Investigate realistic, enterprise-style incidents
  • Analyze a variety of Windows memory, disk and log artifacts
  • Strengthen your forensic methodology in realistic settings
  • Build confidence through hands-on experience in a risk-free environment
  • Validate your findings through quizzes and solution guides

🎓 Certificate of Completion

You’ll earn:

  • A Certificate of Completion for finishing the full course
  • Individual certificates for each scenario upon completing the end-of-scenario quiz
    • An Achievement Badge after completing each investigation scenario and quiz
    • A Forensic Excellence Badge for any scenario where you score 80% or higher on the quiz

🏆 Both badges qualify you for future leaderboard features and special recognition opportunities.

BADGE

📣 Don’t forget to tag us on LinkedIn @bluecapesecurity when you share your achievements to celebrate your progress and help others discover high-quality DFIR training.

Your voice helps strengthen the community and elevate the standard for hands-on cybersecurity training.

Prerequisites

Knowledge of Windows Forensics

  • A solid understanding of Windows forensics is essential to effectively analyze the investigation scenarios in this course.
  • Completion of the 201 Practical Windows Forensics course is strongly recommended, as it covers foundational concepts, tools, and techniques used throughout the scenarios.

💬 Community & Support

Need help or want to connect with others in the course?
Join our private BCS Discord server to:

  • Ask questions
  • Share insights
  • Learn alongside peers and pros in DFIR

Let’s investigate. And when you’re done—don’t just finish. Be proud. Share it. 🔍

Back to Course
Next Lesson