Tactical Digital Forensics

ATI Courses Logo

Broaden Your Knowledge & Increase Productivity

Training Rocket Scientists Since 1984

(410) 956-8805
(888) 501-2100

Tactical Digital Forensics

2-Week Course

$7500 per person


This two-week course teaches students to perform the fast and efficient digital forensics required to discover and investigate an Advanced Persistent Threat. Students learn the types of tactics and procedures a threat actor uses to evade detection, and develop the real-world skills to locate malicious elements on a network and respond appropriately. Students acquire a fundamental understanding of how to effectively discover breaches and triage attacks within a network. A hands-on capstone exercise assesses students' abilities in response to an intrusion detection incident and grades each individual on the use of forensics analysis techniques to determine the attack method, associated implants, embedded tools and files, attack timeline, and origin of the attack.

  • Students receive a textbook to accompany classroom instruction.
  • The class offers a unique combination of digital forensics and malware analysis.
  • Classroom exercises demonstrate how to reverse-engineer an attack.
  • Theory and exercises review modern methods used by threat actors to gain access to remote networks.
  • A capstone event assesses students' use of forensics analysis techniques to determine a threat's attack method, associated implants, embedded tools and files, attack timeline, and origin of the attack.
Anatomy of an Attack
  • A day in the life of an advanced threat
  • Process Interrogation
  • Search for forensics tool suites
  • Learn to find running malware
  • Discover methods of malware persistence
Memory Analysis
  • Practice volatile memory capture (RAM dumps)
  • Perform volatile memory forensics
File Forensics
  • Identify Advanced Persistent Threats
  • Analyze dynamic executable files
  • Recover deleted files and other artifacts
  • Network Traffic Forensics
  • Extract files from network traffic
  • Discover malicious network activity indicators
Windows Internal Forensics
  • Interrogate processes for indications of malware
  • Review the Windows boot process
  • Learn about forensics artifacts
  • Review event logs for unusual entries in PowerShell
  • Perform USB device timeline analysis
Responsive Actions
  • Identify and document Indicators of Compromise
  • Discover anti-forensics tools and methods
  • Discover and analyze malware

Tuition for this two-weeks course is $7500 at one of our scheduled public courses. Onsite pricing is available. Please call us at 410-956-8805 or send an email to ati@aticourses.com.

Register Now Without Obligation.