Digital Forensics & Incident Response (DFIR) Foundations

Course Information

All prices below include GST


    If the scheduled dates above don't suit or if there are no available dates currently listed, but you are interested in the class, kindly fill in your details below to be added to our Register of Interest.

     

    A member of our training team will contact you with alternative arrangements.

     

    Digital Forensics & Incident Response (DFIR) Foundations

    (5-DAY INSTRUCTOR LED COURSE)

    COURSE SUMMARY

    Digital Forensics & Incident Response (DF & IR) Foundations Class is a practical, standards-aligned training experience designed to equip teams with the end-to-end skills to investigate, respond, and recover from cyber incidents.

     

     

    Why This Class Matters

    • Cut response times and contain breaches faster using structured, field-proven methods.
    • Build full-scope investigation skills, from evidence collection to legal-grade reporting.
    • Aligned with NIST SP 800-61 Rev. 3 for real-world, defensible processes.
    • Shift from reactive fixes to strategic improvements post-incident.

     

    What Participants Will Learn

    • Capture and preserve volatile data under pressure
    • Perform forensic analysis with evidentiary integrity
    • Navigate all six NIST response phases
    • Institutionalise improvement through operationalised frameworks

    Using leading industry tools such as Cyber TriageX-Ways, this 5-day course combines theory and practical exercises to build your capability in Digital Forensics and Incident Response.

     

     

    Tools Used During the Class

    • Cyber Triage
    • X-Ways Forensics
    • USB Detective
    • Python Scripts
    • PowerShell Scripts

     

    Target Audience

    • Those wishing to develop skills in DF and IR.
    • Existing DF or IR team members seeking to cross-skill.
    • Those seeking technical skills and knowledge to build a capable DFIR team.

     

    Structure

    Day 1

    • Introduction to incident response.
    • Event, Incident & Profiling.
    • User & Entity Behaviour Analytics.
    • Baselining & IR Incident Handling Life Cycle.
    • IR Definitions & Case Studies.

     

    Day 2

    • Introduction to Forensic Science and Digital Forensics.
    • Evidence and the Digital World.
    • Forensic Acquisition of Data.
    • Digital forensic principles, artefacts and attribution.
    • Introduction to data structures and file systems.

     

    Day 3

    • Introduction to Network & Memory Forensics.
    • Case study on forensic data acquisition and basic examination.
    • End point – Windows OS forensics and IR internals.

     

    Day 4

    • Incident response planning, organisation, and preparing the Computer Security Incident Response Team.
    • Detection strategies and systems.
    • Response strategies.
    • Recovery, maintenance and investigations.
    • Disaster recovery planning, implementation and contingencies.
    • Business continuity and crisis management.

     

    Day 5

    • Cyber Triage
    • Case studies
    • Reporting and presentation.

     

    An online assessment will be available to all students that must be completed within 6 weeks after the class.
     

    Related Posts

    Cellebrite Digital Investigation Platform

    June 6, 2025

    Exponent SQLite Explorer

    May 7, 2025

    Digital Forensics and Incident Response Foundations Training

    May 7, 2025