← Back to all courses

Linux DFIR Analyst Course

Practical course on the forensics of Linux-based systems during security incidents

Enroll now

Format

Online, onsite (for private groups)

Duration

2 days

Level

Medium

Language

English

Arabic

Vietnam

Target participants

Incident response team members

Investigate security incidents involving Linux infrastructure by collecting forensic data, analyzing system artifacts, and identifying traces of malicious activity in *nix environments.

Technical specialists with cybersecurity experience

Strengthen Linux forensic analysis skills by working with file systems, metadata, timestamps, forensic images, and memory acquisition techniques.

Information security specialists

Enhance the ability to investigate attacks on Linux systems through structured evidence collection, memory analysis, and examination of key artifacts and in-memory filesystems.

Course modules

Fundamentals

Role of *nix systems in forensic investigations
Linux forensics vs. traditional incident response

Data collection

Initial data collection and triage
Image creation, mounting, and conversion
Forensic utilities and tools

Forensic aspects

Overview of file systems
Metadata interpretation and recovery tools

Forensic image analysis

Host-level artifact examination
Logs and system file analysis
Detection of persistence traces
Common attack types and how to investigate them
Attack reconstruction

Memory acquisition and analysis

Memory dump creation and profile generation
Analysis of processes, commands, and kernel objects

Course certificate

At the end of the course, you will receive a personal certificate confirming your expertise and strengthening your professional credibility

Trainers

Ahmed Nosir

Cybersecurity Consultant

Ahmed Nosir

Ahmed has been working in the Security Operations Center over the last three years, transitioning his expertise from penetration testing to Digital Forensics and Incident Response and regularly takes part in complex incident response operations.

Ahmed has conducted numerous training sessions, molding the new age cybersecurity professionals. His expertise doesn’t just stop at identifying digital threats but extends to fostering a culture of continuous learning and curiosity among aspiring cyber experts.

Nam Le Phuong

Senior Digital Forensics & Incident Response Specialist

Nam Le Phuong

Nam has over 13 years of experience in cybersecurity and specializes in digital forensics and incident response. At Group-IB, he investigates advanced cyber threats and supports organizations during complex security incidents, including ransomware attacks and post-compromise activity in enterprise and critical infrastructure environments.

Nam is a contributor to the MITRE ATT&CK® framework and has published technical research on advanced threat actor techniques, including ransomware operations and Linux-based evasion methods.