April 12, 2021 – April 14, 202110 a.m. – 4 p.m. (GMT+1)

Digital Forensics Analyst: Level 1

Learn the basics of how to collect and analyze forensics artifacts, what instruments to use, and the methodologies behind investigations.


There is a growing demand among companies all over the world to understand how security incidents occur so that they can prevent them from harming their businesses. With malicious activity showing no signs of slowing down in neither volume nor frequency, it is now more imperative than ever to investigate incidents properly. Otherwise, organizations risk becoming repeat victims of compromise, and suffering financial and reputational losses.

Digital forensics is key to uncovering and unraveling cybercriminal activity. Specialists in the field are like cyber detectives collecting and analyzing digital evidence to figure out threat actors’ movements.

Group-IB’s Digital Forensics Analyst: Basic course is an all-in-one guide to the fundamentals of the field. In just three days, you’ll learn about best practices and the current threat landscape, and be given the tools you need to start your detective work.

Course description

The course is broken up into three days, during which you’ll learn the basics of the digital forensics and investigation processes, including the tools to ensure success.

Although there is a schedule, the structure of each class is not set in stone. The goal of each Group-IB course is not only to teach you about the latest cybersecurity methods but also to provide a space where experts can network. As such, you are encouraged to engage with the instructor and other participants, thereby making the most of the experience.

Day 1

Digital Forensics Analyst starts with the digital forensics process. The lesson will begin with how to perform initial data collection and where to look for the best sources of evidence. We’ll then dive deeper into the investigation process by going over best practices as regards properly collecting and documenting digital evidence as well as common mistakes made during the entire process.

You’ll be given links and access to fundamental tools used during digital forensics investigations and shown how to use them. You are free to share all the tools with your team and apply them immediately in your day-to-day operations.

Day 2

We’ll continue our discussion on forensic investigations with the topic of Windows-based systems. By the end of the day, you’ll have acquired a basic understanding of Windows artifacts, how to process and analyze data, and how to extract useful data from memory dumps.

Most of the day will be spent on putting your knowledge to the test. Instructors will demonstrate how to prepare sources and collect digital evidence, after which you’ll attempt to do the same on your own.

Day 3

On the last day, you will work independently. You will be given several forensics images, which you will analyze and process artifacts from. There will be two sets of questions — basic and advanced — that you’ll need to answer for each image. The test will end with a discussion of results and findings and a demonstration of the proper techniques and best practices.

Since the core of digital forensics lies in understanding threat actors, we’ll spend a significant part of the day on familiarizing ourselves with the current state of cybersecurity and its most recent trends.

To successfully pass the course you will need a basic IT/IS background.

After this course, you’ll walk away with:

  • Understanding of the fundamentals of digital forensics
  • Best practices, tools, and techniques
  • Understanding of current cybersecurity trends
Who can benefit from this course?
Technical specialists with experience in information security
Information security specialists
Digital forensics enthusiasts

What you’ll receive

Lecture videos and practical materials used during training

A poster describing the basic artifacts and their processing tools

Personal certificate of completion

Valuable information that you can put into practice

Technical requirements


  • 64-bit Intel i5/i7 (4th generation+) — x64 bit 2.0+ GHz processor
  • Intel VT enabled
  • 8 GB+ of RAM
  • Local Administrator access


  • Latest version of Windows 10
  • VMware Workstation Pro 15.5.X+ installed

Additional requirements will be sent by email before the start of the course.

All course materials will be shared through Google Drive. If you do not have a Gmail account, our instructor will help you set one up before the course begins.

Why Group-IB?

Experience in international investigations

Our training courses are based on 1200+ successful investigations worldwide.

Technical expertise

All courses are led by GCFA-, EnCE- and MCFE-certified experts.

Practicing experts

The course instructors are current Group-IB specialists, which translates to the most up-to-date and first-hand information for course participants.

Stimulating practical training

Practical exercises based on real-life cases make up 70% of the course.

Continuously updated program

Course materials are regularly updated with new cases from Group-IB’s experience, which ensures that the course program always reflects the latest trends.

Comprehensive development

Group-IB’s training courses provide a wide range of competencies for creating an effective information security department in any company.

Individual learning approach

Send us a request for an individual consultation
on Group-IB technical training courses

We use cookies on the website to make your browser experience more personal, convenient and secure. You may block or manage the use of cookies, however, in some cases they’re essential to make this site work properly. Learn more about cookies in Group-IB Privacy And Cookies Policy.