Report an incident

Get 24/7 incident response assistance from our global team

Talk to sales

Just fill out the form, and our representative will contact you soon.

Join the Cybercrime Fighters Club

Please review the following rules before submitting your application:

1. Our main objective is to foster a community of like-minded individuals dedicated to combatting cybercrime and who have never engaged in Blackhat activities.

2. All applications must include research or a research draft. You can find content criteria in the blog. Please provide a link to your research or research draft using the form below.

← Back to all courses

Windows DFIR Analyst Course

Learn how to use forensic acquisition methods, create forensic images, and analyze artifacts to reconstruct attacker techniques during incident response
Enroll now
Format
Online, onsite (for private groups)
Duration
4 days
Level
Advanced
Language
English
English
Arabic
Arabic
Vietnam
Vietnam

Target participants

Incident response team members

Perform full-cycle investigations in Windows environments by mastering forensic evidence collection, artifact analysis, and intelligence-driven investigation workflows.

Technical specialists with cybersecurity experience

Enhance digital forensics expertise through hands-on analysis of NTFS metafiles, registry artifacts,system files, application data, malicious files, and volatile memory.

Information security specialists

Strengthen the ability to identify, preserve, and analyze evidence of malicious activity by applying advanced forensic techniques, and memory forensics methods.

Course modules

Fundamentals
  •  Cyber Kill Chain and MITRE ATT&CK (self-paced video content)
  • Digital forensics for incident response
  • Threat intelligence-driven investigations
  • Attack reconstruction
Disk image acquisition and analysis
  •  Forensic triage and image acquisition
  • NTFS architecture and timestamp analysis
  • Timeline creation and deleted file analysis
  •  Analysis of LNK files, Jump Lists, Prefetch, SRUM, Windows Timeline, and WMI artifacts
  • Startup folders and scheduled tasks
  • Windows registry analysis and timestomping detection
  • Event log analysis and key event IDs
  • Browser and email artifacts
  • File hosting services and SQLite databases
Memory acquisition and analysis
  •  Live memory analysis and memory dump creation
  •  Detection of suspicious processes, injections, and persistence
  • Tracing user behavior and anomalies
  • Alternative sources of volatile memory: Hibernation files, pagefile, and crash dumps
Malicious files
  • Manual and automatic analysis
  • Malicious documents investigation
  • Script decoding and analysis
  • YARA and Sigma rules
  • Data extraction and enrichment
Course certificate
At the end of the course, you will receive a personal certificate confirming your expertise and strengthening your professional credibility
Windows DFIR Analyst
Trainers
Ahmed Nosir
Ahmed Nosir
Cybersecurity Consultant
Ahmed Nosir

Ahmed has been working in the Security Operations Center over the last three years, transitioning his expertise from penetration testing to Digital Forensics and Incident Response and regularly takes part in complex incident response operations.

Ahmed has conducted numerous training sessions, molding the new age cybersecurity professionals. His expertise doesn’t just stop at identifying digital threats but extends to fostering a culture of continuous learning and curiosity among aspiring cyber experts.

Moataz Nasr
Moataz Nasr
Cybersecurity Consultant
Moataz Nasr

Moataz carries over three years of specialized cybersecurity expertise, particularly in the realm of red teaming and penetration testing, where he has honed his skills in identifying and mitigating vulnerabilities within various systems and networks. Moataz has led several training sessions, playing a pivotal role in shaping and developing the next generation of cybersecurity professionals helping them navigate the landscape of modern cyber threats.

Svetlana Ostrovskaya Group-IB
Svetlana Ostrovskaya
Head of Education Practice
Svetlana Ostrovskaya

With a background in incident response and digital forensics, Svetlana has designed many DFIR training programs and crisis management masterclasses. She has also co-authored articles and books on cybersecurity, such as Practical Memory Forensics, Incident Response for Windows, and the e-guide Human-Centric Assessments. She has trained specialists in more than 30 countries and spoken at leading conferences worldwide, from FS-ISAC Japan to GITEX UAE.

Nam Le Phuong
Senior Digital Forensics & Incident Response Specialist
Nam Le Phuong

Nam has over 13 years of experience in cybersecurity and specializes in digital forensics and incident response. At Group-IB, he investigates advanced cyber threats and supports organizations during complex security incidents, including ransomware attacks and post-compromise activity in enterprise and critical infrastructure environments.

Nam is a contributor to the MITRE ATT&CK® framework and has published technical research on advanced threat actor techniques, including ransomware operations and Linux-based evasion methods.

Prev
Next
Why choose
Group-IB training
50+
50+
countries
where we deliver
training programs
6,000+
6,000+
students
have taken part in
our training courses
15+
15+
expert trainers
with hands-on
experience
Multi-disciplinary expertise
Multi-disciplinary expertise
in fraud prevention, investigations, DFIR, consulting, and red teaming
4
4
Group-IB products
integrated into training for realistic experience
90%
90%
satisfaction rate
among participants

Ready to upskill your cybersecurity expertise?

Join thousands of cybersecurity professionals who have advanced their careers
with Group-IB’s expert-led training