Our online training courses focus on helping you improve the speed and comprehensiveness of your intrusion investigations. Brian designed the courses for everyone in DFIR: Beginners can learn the basics and experienced incident responders can improve their approach.

All courses provide a certificate of completion.

Intro to DFIR: The Divide & Conquer Process

ONLINE ONLY

A big challenge when learning about how to investigate endpoints and servers is keeping track of all of the artifacts that you need to consider. It’s a daunting list.

In our new incident response training course, you’ll learn Brian Carrier’s systematic approach to endpoint investigations and how to apply it: the “Divide & Conquer” process. This approach focuses on breaking down big, vague investigative questions, such as “is there malicious user activity” into smaller and smaller questions that can ultimately be answered by a category of artifacts, such as “Login Events.” The goal is to make a simple, mental model of the important questions and artifact categories.

In this free course, you’ll learn:

• A framework for categorizing artifacts that may contain DFIR evidence

• How to analyze those artifact categories

• Benefits of an automated approach

The course is 3 hours, video-based, and on-demand. It’s also vendor agnostic, but Cyber Triage is used as a reference tool. Whether you’re new to this space or a vet, this course will help ensure you’re tackling your next endpoint investigation with state-of-the-art techniques.

Click Here to Register for the Course