Getting Started with DFIR

This is a series of hands-on tutorials that describe how to start or enhance your digital forensics and incident response (DFIR) journey.

The best way to get started and advance in a technical cyber security specialty such as digital forensics and incident response (DFIR) is through hands-on training. While this approach can be easier done on the red teaming side, learning DFIR may be a bit more confusing, especially for beginners. You need something to investigate first of all. There are also tons of open source tools on Github, however, many tools that are used in the industry are only available commercially. So where to start?  (If you are looking for career advice, check out the career FAQs).

In this series, you will start by learning a standard approach for setting up a forensic workstation, along with the most common tools for performing digital forensic analysis – which are all available for free. Next you need something that can be investigated such as compromised systems. The following section of this series discusses considerations for preparing target systems and various options for creating attack scenarios. You will also learn about resources for malware and attack frameworks that are commonly observed in the wild and can be used to create scenarios.

Build Your Lab

As a cybersecurity professional, you should eventually have your own lab for testing and learning new tools and skills. This can range from using virtualization and creating your first Windows VM to using domain controllers and adding security tools for more advanced labs (such as Splunk and Velociraptor). The second half of the series therefore provides step-by-step guides on how to set up basic, medium, and advanced labs. This can be used as the foundation for testing, training, and adding more tools to simulate an entire enterprise environment. It will allow you to perform attack and response exercises at scale and apply digital forensics and incident response in your own lab environment.

The goal of the entire series is to provide you with guidance and information to enhance your cyber security journey. Everything in this series can be completed at no cost with free tools – only your home computer is required. For resource requirements check out the Build Your Lab overview. 

DFIR Series Road Map:

Requirements:
This series assumes basic IT knowledge and a curiosity to learn DFIR and building hands-on labs. It can be all done on a local system and by using virtualization software and other free tools that will be mentioned in this series. At a minimum you will need hardware resources available for running a single VM (2-4 GB RAM); however, advanced labs will run multiple VMs simultaneously. 

Scroll to Top

Training Waitlist

Join our waitlist and get notified when training becomes available.

Contact Information
Professional Experience
I'm interested in

*By submitting this form, you’re agreeing that we will contact you and to receive our free email newsletter. (You’ll never be spammed and you can unsubscribe at any time.) We do not share your information with third-parties.