Forensics Fundamentals [ILT]

Version 8

    Courses cannot be purchased or accessed from this site. If you would like to register for this course, please contact your FireEye account manager.

    This information is also available as a downloadable data sheet.

    This three-day instructor-led course covers the fundamentals of computer forensics investigation, including legal and ethical considerations.


    Hands-on activities span the entire forensics process, beginning with a FireEye-generated Alert, leading to discovery and analysis of the host for evidence of malware and other unwanted intrusion, culminating with a report of the findings.


    Analysis of computer systems will be performed using freely available tools.



    Course Objectives

    Upon completion of the course the learner should be able to:

    • Describe the basic ethics and laws of computer/malware forensics
    • Describe methods of criminal, civil and administrative investigations
    • Demonstrate the ability to plan, execute and report on a digital forensic examination


    Course Outline

    • Legal and Ethical Principles
      • What is Forensics?
      • Overview of the legal requirements and authority to proceed
      • How to be ethical in your examination
    • Methodology
      • Methods of forensics
      • How to plan an examination
      • Order of volatility
      • The level of the examination, hypothesis and reporting
      • Forensic science
    • Review of Alerts
      • The OS change report
      • Identifying where to look and what to look for
    • Live Analysis Forensics
      • Creating working copies
      • Extracting memory
      • Working with ‘live’ systems and malware
      • 28 steps, alert to report
    • Memory Forensics
      • Examining the memory image
      • Collating evidence
    • OS Artifacts
      • Architecture of the media
      • How files are stored
    • On-disk Forensics
      • Discovery of items on the disk
      • Reporting findings


    Lessons are typically a blend of lecture and hands-on lab activities.



    • Completion of the FireEye Alerts Analysis course
    • Windows systems administration skills
    • Familiarity with basic CLI commands


    Target Audience

    Network security professionals and incident responders.