DFIR Diva

Free Training for Kids

Name & Direct LinkDescription
Cyberstart AmericaA free national program for high school students to master cybersecurity as a gateway to the industry, up their digital skills, and compete for college scholarships.
Cyberstart GoFree cybersecurity challenges for high school students.
picoCTF and picoGympicoCTF is a free computer security game designed for middle and high school students. picoGym is a non-competitive practice space where you can explore and solve challenges from previously released picoCTF competitions.
CS UnpluggedA collection of free teaching material that teaches Computer Science through engaging games and puzzles.
Code.orgFree computer science courses for students K-12
Coding for Kids in PythonYouTube video series for kids on the NPStation YouTube channel.
Cyber Games UKInteractive resources and games for different aspects of Cybersecurity.
HackTaleA gamified platform simulating a real life cyber event.
TechGirlzTechGirlz hosts several free workshops related to coding and cybersecurity.
Young Leaders in TechFree videos related to cybersecurity.

Free Training for Veterans

Name & Direct LinkDescription
WithYouWithMeFree Courses for Veterans including a Cyber Defender Pathway
FedVTEFederal Virtual Training Environment - Provides free online cybersecurity training to federal, state, local, tribal and territorial government employees, federal contractors, and US military veterans.
Palo Alto Networks Second WatchOffers free Cybersecurity training to Military Veterans.
Splunk Training for VeteransFree Splunk Training for Veterans
Fortinet Veterans ProgramFocuses on helping veterans transition into the cybersecurity industry.
Mosse Cyber Security Institute Free Remote Internship Certification Program for VeteransThe Remote Internship Certification Program is a global initiative delivering free access to all military veterans.
SANS VetSuccess Academy"The VetSuccess Academy is part of the SANS Immersion Academy program, an intensive, accelerated training program that provides SANS world-class training and GIAC certifications to quickly and effectively launch careers in cybersecurity. SANS Immersion Academies are 100% scholarship-based and no cost to participants."

Free Ethical Hacking Training

I’m not going to spend a lot of time building this section out because my focus is on DFIR, however, I do think that learning some hacking helps to better detect and defend.

For this category, “Beginner” assumes that you have a general understanding of the four core training categories listed on the home page.

Name & Direct LinkPlatformFor BeginnersHands-On ComponentProof of CompletionTopics
Hackers AriseHackers AriseVarious Ethical Hacking Tutorials (Wireless, Password Cracking, Evading AV, Anti-Forensics, WebApp Hacking, Bluetooth Hacking, etc)
SecurityTubeSecurityTubeVarious Ethical Hacking Videos
Free Short Course: Pen TestingCharles Sturt UniversityYesYes - Certificate of CompletionScoping, Enumeration and Vulnerability Scanning, Exploitation and Password Cracking, Report Writing and Risk Analysis
Kali Linux RevealedOffensive SecurityLinux Fundamentals, Installing Kali, Configuring Kali, Debian Package Management, Kali Linux in the Enterprise, Intro to Security Assessments
Metasploit UnleashedOffensive SecurityMetasploit Architecture, Exploits, Payloads, Databases, Meterpreter, Nessus, Password Sniffing, Python Extension, Privilege Escalation, Packet Sniffing, Pivoting, Making a Log Entry, Timestomp, Keylogging, John the Ripper, Maintaining Access, Backdoors, and more.
WebSecurity AcademyPortSwiggerYesWeb Cache Poisoning, Information Disclosure, XXE Injection, XSS, SQL Injection, CSRF, HTTP Request Smuggling, OS Command Injection, Directory Traversal, Access Control Vulnerabilities, Authentication, Business Logic, Vulnerabilities and more.
HackerSploitYouTube - HackerSploitYes - Some things such as the Penetration Testing Bootcamp and How to Set Up a Pentesting Lab.Kali Linux, BlackArch Linux, Metasploitable, Python for Penetration Testing, Burp Suite, OWASP Juice Shop, Recon-ng, Arch Linux, Network Sniffing & Spoofing, NMAP, VulnHub, HTB, TryHackMe, OpenVAS, Bug Bounty
Hack The Box, HTB Academy & Hacking BattlegroundsHack The BoxYes - HTB Academy has training modules for beginners. Hacking Battlegrounds and Hack The Box require you to hack your way in to be able to create an account.YesHacking (I hear they also have some forensics challenges but you have to hack your way in to do them).
Offensive Software Exploitation (OSE) CourseGitHub - ashemeryYesPE Format, DLLS, Bug Hunting, Fuzzing, Buffer Overflows, Metasploit, Mitigation Techniques, Egghunter, Post Exploitation, x86 and x64 Assembly, Reverse Engineering.
Hacking Techniques and Intrusion DetectionOpen Security Training - Ali HadiYesSocial Engineering, Physical Pentesting, Backtrack Basics, Scoping, Recon, Footprinting, Fingerprinting, Scanning, Software Exploitation, Client Side Attacks, Post Exploitation, Metasploit
INE Starter Pass (Penetration Testing)INEYesYesYesBurp Suite, HTTP Protocols, Wireshark, TCP, UDP, Programming, OSINT, NMAP, Vulnerability Assessment, Nessus, XSS, SQL Injections, Google Hacking, Malware, Web Attacks, System Attacks, Network Attacks, Metasploit

Free OSINT Training

Name & Direct LinkPlatformFor BeginnersHands-On ComponentProof of CompletionTopics
OSINT MiniThinkific - OSINT-i1YesOSINT Investigations, Objectives, Sources of Information, Effective Google and Social Media Searching, Documenting and Recording Information, VPNs.
OSINT ChallengeThinkific - OSINT-i1OSINT Challenges to Test Your OSINT Skills
Open Source Intelligence (OSINT)Hackers AriseMaltego, Google Hacking (Dorks), Shodan, Harvester, Mining Twitter with Twint, FOCA for Metadata, recon-ng, metagoofil, Spiderfoot, Censys, Gathering Aircraft and Flight Data with Radarbox
10 Minute OSINT TipsYouTube - The OSINT Curious ProjectGeolocation, Reverse Image Search, Facebook OSINT, Google Maps, Finding User Accounts Across Social Media, Discovering DNS Typosquatting Domains, Using APIs to Reveal Hidden Open Source Information, Using robots.txt Files for OSINT
OSINT FrameworkOSINT FrameworkTools for OSINT investigations related to Usernames, Email Addresses, Domain Names, IP Addresses, Images & Videos, Social Networks, Instant Messaging, People Search, Dating Sites, Phone Numbers, Business Records, Public Records, Transportation, Geolocation, Threat Intelligence, Malicious File Analysis, Dark Web, Metadata, Terrorism, Digital Currency, Classifies, and more.
OSINT.LinkOINT.LinkOpen Source Intelligence (OSINT) Tools & Resources: Search Engines, Social Media Intelligence, People Search, Business Search, Web Directories, Translation Service, Government Records, Maps, Web Scraping Tools, Website Monitoring Services, IP Address Tracking and more.
Free OSINT and Online Research ResourcesToddingtonThis is a database of free OSINT resources and tools, research cheat sheets, and other online investigative aids.
Creating Research Accounts for OSINT Investigations (Written Guide)OSINTCurio.usCreating sock puppet accounts on social media platforms.
SANS Must Have Free Resources for Open-Source Intelligence (OSINT)SANSFree OSINT Webcasts, Videos, Summit Talks, Blogs, and Communities
Awesome OSINTGitHub - jivoiA curated list of OSINT tools and resources.
OSINT Tools & Techniques - Free DemoUdemy - Steve AdamsYesYesThis is a short demo version of the full course. Topics include: Foundations of OSINT, Investigative Process, Virtual Machines, and LinkedIn Searching
Dark Web Foundation: A Guide to the Deep/Dark Web 2019Udemy - Dark Web AcademyYesYesTor, Bitcoin, PGP, Tails, Deep Web Markets, Common Myths
Dark Web InvestigationsHTCIADark Web Investigations, Tor. *Scroll down instead of clicking Join Now*
conINT TalksYouTube - conINTTalks from the conINT 2020 OSINT conference: Malware OSINT, Darknet, Cryptocurrency, People OSINT, Dark Web Markets, Breached Data History, Geolocation and more.
Open Source Intelligence 101 (April Wright)YouTube - Wild West Hackin' FestYesOSINT, Social Engineering, OPSEC, Sources of OSINT
CaseFileThinkific - OSINT-i1Getting Started with Maltego's free CaseFile tool, Combining Graphs, Importing Data, Exporting and Reports, Collaboration
Australian OSINT 2020 Symposium Recorded SessionsOSINT CombineVarious OSINT Topics
OSINT DojoOSINT DojoYesYesYes - Digital BadgesOSINT Challenges and Resources.
SANS OSINT Talks on YouTubeYouTube - SANS InstituteTelegram, OSINT for Good, OSINT Mind-State, Sock Puppets, GitHub Analysis
OSINT TutorialsYouTube - Null ByteTwint, License Plate OSINT, Photon Scanner, OSINT Browser Extensions, Maltego, EXIF Data, Aircraft OSINT, Business OSINT
OSINT ArticlesSecjuiceShodan, Malware OSINT, Sock Puppets, Artificial Intelligence, Reddit, TikTok, Facebook, Gab, Building a Username Search Tool, Pokémon Go, Creating Custom JavaScript Bookmarklets, LinkedIn, Getting an OSINT Job, SOCMINT, The Intelligence Cycle
Automating Threat Hunting on the Dark Web & Other Nitty Gritty Things (Apurv Singh Gautam)YouTube - BSides PhillyDark Web, Automation, OPSEC, Dark Web Hunting Methods
OSINT At Home - Tutorials on Digital ResearchYouTube - BendobrownReverse Image Search, EXIF/Metadata, Search Operators, Geolocation, Satellite Imagery
The Complete Open Source Intelligence (OSINT) Training CourseYouTube - Irfan ShakeelYesSearch Engine OSINT, Darknet, TOR, Deebweb, Aircraft OSINT, People Search, Company Search, Phone Number Search, Document Search, Metadata, Image OSINT, Fix Blurred or Distorted Images
Layer 8 Conference TalksYouTube - Layer 8 ConferenceOSINT, Social Engineering

Free Cloud/Cloud DFIR Training

Name & Direct LinkPlatformFor BeginnersHands-On ComponentProof of CompletionTopics
AWS Digital TrainingAWSYes - You can sort by experience levelOver 240 AWS topics
AWS Security FundamentalsAWSCloud Security, AWS Global Infrastructure, DDoS Mitigation, Detective Controls, Incident Response
Microsoft Azure TrainingMicrosoft LearnYes - Courses are labeled beginner to advancedYes - Digital BadgesThere are over 850 Azure topics.
Managing Security Operations in AzureMicrosoft LearnYes - Digital BadgesCreating Security Baselines, Identifying Security Threats with Azure Security Center, Azure Monitor Logs, Improving Incident Response with Alerting on Azure, Capturing Web Application Logs, Protecting Servers and VMS from Attacks with Azure Security Center
Cloud Storage Forensics: Endpoint Evidence with Chad TilburyYouTube - SANS Digital Forensics and Incident ResponseCloud Storage Forensics
Cloud Forensics CourseHTCIACloud Forensics, Magnet Axiom
NIST Cloud Computing Forensic Science Challenges (Publication)NISTChallenges faced by experts when responding to incidents occurring in a cloud-computing ecosystem.
The Trouble with Cloud Forensics (Slides)Slideshare - Sharique RizviCloud Forensics
Google Cloud Training (Select On-Demand Courses)Google Cloud Training/QwiklabsYes - Beginners can select Introductory levelYesYes - Digital BadgesOver 500 Google Cloud Topics

Free DFIR & Blue Team CTFs and Challenges

This category tests your existing knowledge.

For training with hands-on labs, visit any of the categories on the main page and filter by “Hands-On Component”.

Name & Direct LinkPlatformFor BeginnersDFIR Related Challenge Type(s)
Blue Team Labs Online (Free Challenges)Blue Team Labs OnlineMemory Analysis, Network Analysis, Digital Forensics, Malware Analysis, Reverse Engineering
The Case of the Stolen Szechuan SauceDFIR MadnessDigital Forensics, PCAP Analysis
CyberDefendersCyberDefendersSplunk, SIEM, Malware Traffic Analysis, PCAP, Reverse Engineering, Digital Forensics, ELK, Log Analysis
Champlain College DFIR CTFCTFd - Champlain CollegeWindows Forensics, macOS Forensics, Wireshark, OSINT, Reverse Engineering
SocVelSocVelDigital Forensics & Incident Response Challenges
Malware Analysis ExercisesGitHub - jstroschMalware Analysis
OSINT ChallengeThinkific - OSINT-i1OSINT Challenges
OSINT DojoOSINT Dojo/TwitterOSINT Challenges. Follow them on Twitter @OSINTDojo and earn Digital Badges for solving challenges.
LetsDefend - Free VersionLetsDefendThis is a SOC Simulation Environment - Monitoring, Log Search, Case Management, Endpoint Security
HackTaleHackTaleYesA DFIR/Cyber Defense Training Game with Scenario-Based Challenges.
MemLabsGitHub - stuxnet999Yes - Challenges range from easy to hard.Memory Forensics
Malware-Traffic-Analysis.NetMalware-Traffic-Analysis.net PCAP Analysis
Flaws2 Defender TrackFlaws2.cloudAWS Incident Response Challenges
PwnDefendPwnDefendYesOSINT, Reverse Engineering, Forensics & Analysis
Challenges.reChallenges.reReverse Engineering Challenges
TryHackMeTryHackMeYes - Has Easy, Medium and Hard ChallengesFree rooms include RE, Volatility, OSINT, Malware Analysis, Splunk, Linux, Ghidra, & Radare2
Challenges, CTFs and WalkthroughsAboutDFIRVarious DFIR Challenges
picoGympicoCTFForensics, Reverse Engineering, PCAP Analysis
CTFLearnCTFLearnYes - Has Easy, Medium, and Hard ChallengesForensics, Programming, Reverse Engineering, Binary, Cryptography
CTF.LivePentesterAcademyYes - Has Beginner, Intermediate, and Advanced ChallengesNetwork Forensics, Reverse Engineering
Magnet Forensics Virtual Summit CTF (May 12th, 2021)Magnet ForensicsDigital Forensics
Belkaday Digital Forensics Conference CTF (May 14th-15th, 2021)BelkadayForensics challenges using the Belkasoft X trial.
Threat Interceptors Challenge (June 14th, 2021)AccedianThreat hunting, understand how an attacker breached the network, trace their activity, mitigate the attack.

Free Malware Analysis & Reverse Engineering Training

In this category, “Beginner” assumes that you have an understanding of the four core categories listed on the homepage and specifically have a general understanding of x86 Assembly language.

Name & Direct LinkPlatformFor BeginnersHands-On ComponentProof of CompletionTopics
Malware Noob2Ninja CourseYouTube - 0xf0xYesYesBuilding a Malware Lab, Malicious Word Documents, Static Analysis, Behavioural Analysis, Cuckoo Sandbox, Persistance Techniques, x32dbg, Emotet
Introduction to Malware AnalysisYouTube - 13CubedMalware Analysis, IDA Pro, x64dbg, YARA, Payload Distribution Format, ProcDOT, PDFs
Malware Unicorn's Reverse Engineering WorkshopsMalware UnicornYes - Reverse Engineering 101 is for BeginnersYesReverse Engineering, Environment Setup, Windows PE C Program, X86 Assembly Language, Attack Flow, Tools, Triage Analysis, Static Analysis, Dynamic Analysis, Encryption, Evasion Techniques, Packing
Reverse Engineering for BeginnersBegin.reYesYesReverse Engineering, x86 Assembly, IDA, OllyDbg, Call Stack
Reverse Engineering 101FedVTEYesYesUses for Reverse Engineering, Process of Reverse Engineering, Methodology
Reverse Engineering CourseGitHub - 0xZ0FYesBinary, ASCII, Programming Languages, Assembly, Tools, DLL, Windows. Some Chapters are still in development.
Reverse Engineering Course (With Radare2)Artik BlueReverse Engineering, conditionals, functions, cases, loops, arrays, strings, var types, heaps, crackmes, pointers, dynamic memory, bitwise operations, linked lists, Radare2. The site also has advanced topics on Reversing C Code.
Reverse Engineering MalwareHackers AriseYesAssembler Basics, IDA Pro, Windows Internals, OllyDbg, System-Level Analysis
Reversing & Malware Analysis TrainingSecurity Trainings - SecurityXplodedYesLab Setup, Windows Internals, PE File Format, Assembly, Reverse Engineering, Tools, Malware Analysis, Unpacking, Memory Forensics, Exploit Development, Rootkit Analysis
Introduction to Reverse Engineering with GhidraHackaday.ioYes - The live course is over but the course materials are on the website.Ghidra, Reverse Engineering, x86_64 Architecture, Assembly Language
Android App Reverse Engineering 101Raging Rock (Maddie Stone)YesYesAndroid Application Fundamentals, DEX Bytecode, Native Libraries, Obfuscation
Binary Analysis CourseMax KerstenYesCPU Architecture (x86 and x64_86), Registers, Endianness, Flags, Assembly
Advanced Binary DeobfuscationGitHub - malrevYesObfuscation Techniques, Deobfuscation Techniques
The Art of Mac Malware (book by Patrick Wardle)objective-see llcmacOS, Malware, Static Analysis, Dynamic Analysis, Infection Vectors, Persistance, Anti-Analysis Techniques
CNIT 126: Practical Malware AnalysisSam Bowne's WebsiteYesMalware Analysis, Static Analysis, Dynamic Analysis, X86 Disassembly, OllyDbg, IDA Pro, WinDbg, Malware Behavior
Malware of the DayActive CountermeasuresActive Countermeasures provides information about different types of malware along with PCAP files. Zeus, PittyTiger, Fiesta, Taidoor, Orangeworm, Comfoo, Saefko, Magnitute, Asprox, Backoff, APT1 Virtually There
Malware Reverse Engineering Handbook (PDF)CCDCOELab Environment, Static Analysis, Dissasembly, Dynamic Analysis, Sandboxing, Debuggers, VirusTotal, String Analysis, PEiD Tool, CFF Explorer, Resource Hacker, PeStudio, IDA free, Ghidra, Process Monitor, Process Explorer, Regshot, INetSim, Cuckoo Sandbox, Windows Sandbox, Network Traffic Analysis
Introduction to Malware Analysis and Reverse EngineeringYouTube - Coleman KaneVirtualBox, Malware, Static Analysis, x86 Disassembly, Dynamic Analysis, Run-Time Analysis, YARA, PDF and Office Document Analysis, Java & SWF Malware Analysis, Android Malware Analysis, File-less Malware Analysis
Malware Analysis Using VM Introspection and Memory ForensicsClark Center - Golden RichardYesVM Introspection, Memory Forensics, Virtualization, Introspection Capabilities, Volatility
Malware Analysis BootcampYouTube - HackerSploitYesHow to Set up a Sandbox Environment, Static Analysis, File Type Identification, Generating Malware Hashes, Extracting Strings, Packers & Unpacking, PE Headers, Creating YARA Rules, Stuxnet Analysis with Ghidra
Malware Analysis Training (slides/written article with training files)GitHub - OpenRCEYesMalware Analysis, Virtual Machines, X86 Architecture, Windows, PE File Format, Analysis Tools, Disassembly, IDA Pro, OllyDbg, Unpacking, Anti-Reverse Engineering, Binary Diffing and Matching, PaiMei, PEFile and PyDasm
Introductory Malware Analysis WebcastsLenny Zeltser's WebsiteYesYesMalware Analysis Essentials using REMnux, Introduction to Malware Analysis, How to Run Malware Analysis Apps as Docker Containers
Practical Malware Analysis Essentials for Incident Responders (Lenny Zeltser)YouTube - RSA ConferenceFree Malware Analysis Tools, PeStudio, Threat Intelligence, Threat Hunting, Windows
SANS Must Have Free Resources for Malware AnalysisSANSMalware Tools, Webcasts, Resources, Cheat Sheets
Learn the Hard Stuff the Slow WayHopper's Roppers (Roppers Academy)YesC Programming, Assembly, Debugging, Reverse Engineering
Fileless Malware DemystifiedYouTube - CryptoStopperWhat Fileless Malware is, How it Works, Examples of a Dropper, Examples of Fileless Malware, Fileless Ransomware
Introduction to Reverse EngineeringYouTube - Josh StroscheinYesReverse Engineering, IDA Pro, x86, The Stack, Code Constructs, IF Statements, Loops, Jump Tables, Pointers
Josh Stroschein's YouTube Channel and WebsiteYouTube - Josh Stroschein & Josh Stroschein's WebsiteReverse Engineering, Malware Analysis, Ghidra, Cuckoo Sandbox, Maldocs, Unpacking, Debugging
Wyatt Roersma's YouTube ChannelYouTube - Wyatt RoersmaYesFoundational Malware Analysis, Cuckoo Sandbox Install
Reverse Engineering MalwareYouTube - Open SecurityTrainingYes - Course file are on the Open Security Training WebsiteUnderstanding common malware features and behavior, defeating code armoring and obfuscation, signature creation and applying prior analysis, dynamic analysis tools and how they can aid in static analysis.
Analyzing Malicious Word and Excel DocumentsYouTube - Hack In The Box Security ConferenceYes - The Files are Located HEREAnalyzing Malicious Word and Excel Files
Ali Hadi's YouTube ChannelYouTube - Ali HadiYes - The Intro to PE File Format video has lab files HERE. This is part of an Offensive Software Exploitation (OSE) course that is listed under the Ethical Hacking category of this site.Malware Analysis, Process Hacker, Investigating Windows Scheduled Tasks Used by Ransomware, .NET Malware, PE File Format
How to Set Up and Use the CuckooVMGitHub - ashemeryYesHow to setup and use the Cuckoo Sandbox VM (CuckooVM v2)
Unprotect ProjectUnprotect ProjectThis website describes different malware evasion techniques.
Introduction to Advanced Threats (slides)Black Storm Security - Alexandre BorgesReversing, Anti-Reversing, De-Obfuscation
OALabs YouTube Channel and WebsiteYouTube - OALabs, Open Analysis WebsiteTheir YouTube channel and website are all about malware analysis and reverse engineering. In addition to their YouTube videos, they have training guides on their website related to Malware Triage, Malscripts, and Using Open Data to Help Develop Robust Indicators (IOCs)
Oh You Silly Framework!: An Intro to Analyzing .NET MalwareSANSYes - Certificate of Completion (CEU Certificate).NET Malware, Malware Analysis
Colin Hardy's YouTube ChannelYouTube - Colin HardyTools, Tactics, and Techniques for Analyzing Malware, Deobfuscation, Emotet, WannaCry, SUNBURST, Maldocs
Malware Training Vol1GitHub - hasherezadeTechniques Used by Malware, Reverse Engineering
AGDC Services YouTube Channel and BlogYouTube - AGDC ServicesAutomate Labeling of Obfuscated APIs, Reverse Engineering RC4 Crypto, How Malware Walks the PEB to Find Modules By Hash
Malware-Traffic-Analysis.netMalware-Traffic-Analysis.netYesPCAP Malware Analysis Exercises and Tutorials.

Free Digital Forensics Training

In this category, “Beginner” assumes that you have a general understanding of the four core categories listed on the home page.

Note: If you’re looking for Network Forensics, the majority of it is in the Incident Response section.

Name & Direct LinkPlatformFor BeginnersHands-On ComponentProof of CompletionTopics
Digital Forensics BasicsTEEXYesEvidentiary Reporting, Computer Technologies, Digital Evidence Collection
Theoretical Digital Forensics Courses (There are both free and paid courses - the theoretical courses are free)Cyber 5WYesYesWindows Forensics, Linux Forensics, Evidence Acquisition, Working with Virtual Hard Disks, Linux Forensics Distros, Writing Forensics Reports
Digital ForensicsOpenLearnYesYes - Statement of ParticipationDigital Forensics Process, History, Types of Digital Forensics
Computer ForensicsedXMust complete the edX Cybersecurity Fundamentals course first.Costs ExtraAnti-Forensics, Unix/Linux, Windows Memory Forensics, Windows File System, Forensics Tools, Artifacts, Acquisition, Analysis
Introduction to Windows ForensicsYouTube - 13CubedSRUM, Timestamps, NTFS, LNK File, Jump Lists, Plaso, Shellbags, Recycle Bin Forensics, RDP Cache, Event Logs, CyberChef, Image Creation, KAPE, Volume Shadow Copies, EvtxECmd, Arsenal Image Mounter, Kansa, SIFT
Introduction to Memory ForensicsYouTube - 13CubedMemory Analysis, Redline, Volatility, Persistence, Prefetch, Baselines, Windows Processes
Linux Forensics IntroInternet Archive - Hal PomeranzYesMemory Forensics, Tools, Volatility, Rootkits, IOCs, Disk Acquisition, File System, Disk Mounting, Artifacts, Disk Triage, Timeline Analysis, Logs, Syslog
Digital ForensicsHackers AriseYes - These are written tutorials that can be followed.Creating a Forensically Sound Image, Live Memory Acquisition and Analysis, Recovering Deleted Files, Registry Analysis, Pre-Fetch Files, Browser Forensics, Sysinternals, Extracting EXIF information, Android Forensics, Network Forensics
KAPE GuideAboutDFIRYesHow to Use KAPE, Examining KAPE Output, KAPE Related Videos and Blog Posts
Registry Explorer/RECmd GuideAboutDFIRYesRegistry Explorer GUI, Command Line, How to use rla.exe, Examining RECmd Output, Registry Related CTFs, Videos and Blog Posts
Timeline Explorer GuideAboutDFIRYesWhy Use Timeline Explorer, Updating EZ Tools, Timeline Explorer Related Blog Posts/Videos
Free Course Content from eForensics MagazineeForensics MagazineAndroid Forensics, File System Tunneling, EXT4 Layout, CyberChef Tutorial, Android Boot Process, FTK Imager Intro, Windows Registry Extraction with FTK Imager
Email Header Analysis and Forensics InvestigationYouTube - 13CubedEmail Header Analysis, DMARC, SPF, DKIM
Email Forensics WorkshopMetaspikeMessage Headers, DKIM, ARC, MIME, Server Metadata, Forensic Preservation Strategies
IoT Digital Forensics CourseGitHub - RJC497YesIoT Forensics, Fitbit, Echo, Smartwatch
Digital Forensics Training Materials (Slides & Command Line Cheat Sheet)circl.luPost-mortem Digital Forensics, File System Forensics and Data Recovery, Windows Memory and File Forensics
Cyber Forensics WorkshopYouTube - Ryan ChapmanYesYesNetwork Forensics, OSI Model, Encoding Schemes, File Signatures, Tools, Wireshark, Hex, ASCII, PCAP Analysis, Hashing, Covert Channels
Cellebrite Reader Online On DemandCellebriteYesYesCellebrite Reader, .UFDR reports
Cloud Forensics Course (scroll to the bottom of the page)HTCIACloud Forensics, Magnet Axiom
Free Paraben Training VideosParaben CorporationE3 Platform, Windows 10 Artifacts, Chip Dumps, Google Takeout Evidence, Importing Cellebrite Data, Processing WhatsApp Data, Data Triage, Email Deduplication, Office365 Acquisition, FitBit Data, Android Root Engine
Introduction to Digital ForensicsYouTube - DFIR.ScienceYesDigital Forensics, Cybercrime, Windows, Linux, Investigation Methods, Documentation and Reporting, Scientific Method, Data Storage, Acquisition, Photorec, tsk_recover, The Sleuth Kit, Autopsy, hfind, Malware, Memory Acquisition and Analysis, FTK Imager, Volatility, Mobile Device Aquisition, Network Analysis
DFIR.Science YouTube ChannelYouTube - DFIR.ScienceDigital Forensics, SleuthKit, hfind, Tsurugi Linux, SDELETE, FTK Imager, File Mounting, Forensic Acquisition in Linux, DD, Volatility, LiME, Research, Scientific Method, Android Acquisition
Linux LEOLinux LEOYesYes - This is a detailed written guide with links to the Supplemental Files on the website. Go to "The Beginner's Guide" under Documents for the text.Linux Commands, Linux Boot Sequence, Linux Network Basics, Configuring a Forensic Workstation, Evidence Acquisition, Write Blocking, Tools, Mounting Images, Sleuth Kit, Network Investigation Tools
Linux Forensics WorkshopGitHub - ashemeryYesLinux Forensics
XRY Reader to XAMN Viewer TransitionMSABXAMN Viewer capabilities that were not available in XRY Reader. XAMN Viewer is a free tool.
13Cubed's YouTube ChannelYouTube - 13CubedPlaso, WSL 2, Cyber Triage, Log2Timeline, Windows Terminal, EventFinder2, Redline, macOS Forensics, iLEAPP, iOS Forensics
Trainings for Cybersecurity Specialists - Digital ForensicsENISAYesThis site contains handbooks with lab exercises, VMs, and Toolsets related to Digital Forensics.
macOS ForensicsYouTube - AccessDatamacOS Forensics, structure, artifacts, Plist
MFT Explorer/MFTECmd Guide AboutDFIRYesMFT Explorer, MFTECmd
NW3C Live Online TrainingNW3CThe training is intended for current US Criminal Justice Practitioners. An agency-issued email is needed.YesYesmacOS Forensics, iOS and Android Forensics, Cyber Investigations, Cellular Records Analysis, Digital Footprints, Dark Web & OSINT, Seizure, Windows Acquisition, Windows Forensics, Advertising Identifiers, Virtual Currency, Automated Forensic Tools, SQLite,
MOBILedit Forensic Express TrainingMOBILeditYesYesMOBILEdit Forensic Express Installation, Settings, Updates, Connecting a Phone, Importing Data, Connecting to iCloud, Creating Reports, Analyzing Images, Hacking Phones

Free Incident Response Training

In this category, “Beginner” assumes that you have a general understanding of the four core categories listed on the homepage. Networking knowledge is especially important.

Name & Direct LinkPlatformFor BeginnersHands-On ComponentProof of CompletionTopics
Intro DFIR: The Divide and Conquer ProcessBasis Technology - Brian CarrierYesYes - Certificate of CompletionEndpoint Visibility, Cyber Triage Basics, Malware, Prioritization, OS Configuration Changes, User Activity
Cyber Incident Analysis and ResponseTEEXYesIncident Management, Preparation, Detection, Analysis, Containment, Eradication, Recovery
CNIT 152: Incident ResponseSam Bowne's WebsiteIncident Response, Scope, Live Data Collection, Forensic Duplication, Analysis Methodology, Investigating Windows Systems, Investigating Mac OS X Systems, Investigating Applications, Report Writing.
Using MITRE ATT&CK for Cyber Threat Intelligence TrainingMITRE ATT&CK WebsiteYesYesMapping to MITRE ATT&CK, Storing and Analyzing ATT&CK-mapped data
Ryan Chapman's YouTube Channel (Cyber Forensics Workshop and more)YouTube - Ryan ChapmanYes - The Cyber Forensics Workshop contains the link to the files. Hands-On Computer Security & Incident Response - Email Header Analysis Part 1 contains a link to the files. Check out his website for more workshops: https://incidentresponse.training/workshops/Cyber Forensics Workshop, Splunk, JavaScript Deobfuscation, VirusTotal, Email Header Analysis, Malicious use of PowerShell, Hands-OnComputer Security & Incident Response, Interview Tips
Blue Teaming Free TrainingChiheb Chebbi's BlogYesYesIncident Response, Security Operations, ELK Stack, SIEM, Azure Sentinel, Wazuh, Threat Intelligence, The Hive Project, OSQuery, Kolide, MITRE ATT&CK, OSINT, Shodan, SpiderFoot, WireShark, YARA, Digital Forensics, Radare2, IDA Pro, Ghidra, Memory Analysis
Free Splunk CoursesSplunkYesYesSplunk Fundamentals, Splunk Infrastructure, User Behavior Analytics, SignalFx
Introduction to Splunk WorkshopYouTube - Blacks in CybersecuritySplunk
Free Elastic TrainingElasticYesYesLogging, Metrics, Observability, APM, SIEM, Kibana, Anomaly Detection, Elastic Cloud Enterprise
Security Onion EssentialsYouTube - Security OnionYesSecurity Onion Installation, Analyst Tools, Alert Triage & Case Creation, Hunting, Detection Engineering
Logstash TutorialTutorialspointYesYesLogstash, ELK Stack, Installation, Architecture, Collecting Logs, Grok, Plugins, APIs, Security and Monitoring
Cover6 Solutions YouTube ChannelYouTube - Cover6 SolutionsYesThreat Hunting, Security Onion, Incident Handling, PDF Malware Analysis
Free Short Course: Information Security Incident HandlingCharles Sturt UniversityYes - Certificate of CompletionIncident Handling, Hacking Techniques and Countermeasures, Writing Incident Reports, Protective Controls, Security Architecture
Threat Hunting Training CourseActive CountermeasuresYesYesLogging, Threat Intel, C2, Zeek, Firewalls, Event ID Type 3, Passer, Beacons, AI Hunter, Threat Hunting
Incident Response Playbook GalleryIncident Response ConsortiumYesMalware Outbreak, Phishing, Data Theft, Virus Outbreak, Denial of Service, Unauthorized Access, Elevation of Privilege, Root Access, and Improper Usage Playbooks.
Cisco Threat Hunting WorkshopsCiscoYesThreat Hunting, Threat Landscape, Network Security
AttackIQ AcademyAttackIQ AcademyYesYesYes - Digital BadgesMITRE ATT&CK, Threat Intelligence, Detection, FIN6, Breach & Attack Simulation, SOC, MSSP, Threat Report ATT&CK Mapper (TRAM), Threat Modeling, OCTAVE
Free Resources for Incident RespondersApplied Incident ResponseYesLateral Movement, Event Log, Memory Analysis with Volatility, Python, Default Windows Processes, WMIC, PowerShell, Lateral Movement, and BYOD.
Wireshark for Incident Response & Threat Hunting Workshop at OWASP SBYouTube - Michael WylieYes - Lab files are HEREWireshark, Incident Response, Threat Hunting
Intrusion Analysis and Threat Hunting with Suricata (Josh Stroschein/Jack Mott)YouTube - SharkFest Wireshark Developer and User ConferenceYes - Lab files are HERESuricata, Kibana, Moloch, Scirius, PCAP Analysis, SELKS, Threat Hunting,
Attack Detection FundamentalsF-SecureYesInitial Access, Code Execution and Persistence, Discovery and Lateral Movement, C2 and Exfiltration
SANS Digital Forensics and Incident Response YouTube ChannelYouTube - SANS Digital Forensics and Incident ResponseThreat Hunting, Open Source Tools, Incident Response, Event Log Analysis, Ransomware, KANSA, Moloch, Threat Intelligence
Free Course Content from eForensics MagazineeForensics MagazineSecurity Onion, Shodan, CyberChef Tutorial, YARA Tutorial
Practical Malware Analysis Essentials for Incident Responders (Lenny Zeltser)YouTube - RSA ConferenceYesFree Malware Analysis Tools, PeStudio, Threat Intelligence, Threat Hunting, Windows
Advanced Wireshark Network ForensicsYouTube - Netsec ExplainedYes - Has a link to PCAP filesWireshark, Hex Editor, Network-Based File Carving, Network Forensics, PCAP Analysis
Open-Source YARA RulesReversingLabsYARA Rules
Finding Evil with YARAYouTube - 13CubedYesWhat YARA is, Anatomy of a YARA Rule, How to use YARA
SOC Analyst Skills - Wireshark Malicious Traffic AnalysisYouTube - Gerald Auger - Simply CyberYesPCAP Analysis, Wireshark, Walkthrough of Analyzing a PCAP from Malware-Traffic-Analysis.net
Defending Against PowerShell Attacks - In Theory, and in Practice by Lee HolmesYouTube - PowerShell.orgHow attackers use PowerShell. How to defend against PowerShell attacks. Obfuscation.
The Increased Use of PowerShell in Cyber Attacks (Slides and detailed whitepaper)SlideShare - SymantecPhases of a PowerShell Attack, Obfuscation, Common PowerShell Malware, Targeted Attacks, Mitigation, Protection, Dual Use Tools and Frameworks. The link to the whitepaper is on the last slide.
Pulling Back the Curtains on EncodedCommand PowerShell AttacksPalo Alto NetworksThis is a detailed blog post about EncodedCommand PowerShell Attacks with examples.
Fileless Malware DemystifiedYouTube - CryptoStopperWhat Fileless Malware is, How it Works, Examples of a Dropper, Examples of Fileless Malware, Fileless Ransomware
I.T Security Labs YouTube ChannelYouTube - I.T. Security LabsYesYesThere are several tutorials here about how to set up a SIEM and analyze data. Topics include: Security Onion, ELK, Graylog, Snort, pfSense, Grafana, Zeek, honeypots, VMware ESXi, Docker
How to Install and Configure Zeek to Ship Logs to SplunkYouTube - Ali HadiSplunk, Zeek
Trainings for Cybersecurity SpecialistsENISAYesThis site contains handbooks with lab exercises, VMs, and Toolsets related to Network Forensics, Incident Response, Incident Detection, Honeypots, and more.
Understanding and Analyzing Weaponized Carrier FilesGitHub - rj-chapYesMaldocs, Analyzing Malicious PDF and Office files, JavaScript, and VBA.
Email Header Analysis and Forensic InvestigationYouTube - 13CubedEmail header fields, SPF, DKIM
RangeForce - Community EditionRangeForceYesYesYes - CPE Credit Certificate after 5 ModulesSnort, Suricata, YARA, Windows Event Logs
The Cuckoo's Egg DecompiledChris SandersYesLocard's Exchange Principle, Forensic Analysis, Timestamps, Network Security Monitoring, Least Privilege, Attack Surface, Process Monitoring, Phishing, Evidence Abstraction, Defensible Network Architecture, OSINT, Diamond Model, PICERL, Honeypots, Evidence Handling
LetsDefend AcademyLetsDefendYesYesSIEM, Incident Response, Malware Analysis, Detection, Threat Intelligence, Event Log Analysis.
Free Training at limacharlie.iolimacharlie.ioPrinciples of Detection & Response, Setting up an MSSP

MITRE ATT&CK Defender™ Training (The training itself is free, not the certifications)

CybraryYes - Courses start with ATT&CK FundamentalsYes - Certificate of CompletionATT&CK Fundamentals, ATT&CK SOC Assessments, ATT&CK Cyber Threat Intelligence
BlackPerl DFIRYouTube - BlackPerlYesIncident Response, YARA Rules, Digital Forensics, Malware Analysis

Free Programming & Scripting Training

Name & Direct LinkPlatformFor BeginnersHands-On ComponentProof of CompletionTopics
Intro to x86 Assembly LanguageYouTube - Davy WybiralYesx86 Assembly Language
Introduction to x86 (32 bit)YouTube - Open SecurityTrainingYesYes - Class Materials are HEREIntel x86 Architecture, Assembly, Applications
Intermediate x86 (32 bit)YouTube - Open SecurityTrainingMeant to be taken after completing the Intro x86 (32 bit) courseYes - Class Materials are HEREx86 Architecture, Assembly, Applications, WinDbg
Learn CLearn-C.orgYesYesC Programming
Python Essentials (Parts 1 and 2)Python InstituteYesYesPython: Part 1 - Beginner, Part 2 - Intermediate
Free Python Courses and Tutorials on UdemyUdemyYes - Some courses are for beginnersVarious Python Topics
List of Free Python ResourcesHakin9YesSeveral Python resources including videos, books, tutorials, and challenges
Learn NASM AssemblyTutorialspointYesYesNASM Assembly
Regex Academy: An Introduction to Text Parsing SorceryUdemyYesRegular Expressions (Regex)
RegexOneRegexOneYesYesRegular Expressions (Regex)
PowerShell Documentation - Including PowerShell 101MicrosoftYesPowerShell 101 under Getting Started (Overview) - Learning PowerShell. Also contains links to PowerShell communities on Discord, Slack, etc.
Getting Started with Microsoft PowerShellChannel 9YesPowerShell Scripting, Automation, The Help System, Remoting, Installation, Customization
Linux BASH Shell Script BasicsYouTube - Joe CollinsThis course assumes that you have knowledge of the Linux CLI and Linux filesystem.Linux Bash Shell Scripting
Learn VBScriptTutorialspointYesMicrosoft VBS (Visual Basic Script) syntax, Variables, Operators, Loops, Events, Cookies, Strings, Arrays, Regex
JSON TutorialTutorialspointThis Tutorial assumes that you have basic knowledge of HTTP and JavaScript.JSON Syntax, Objects, Schemas, Examples, Data Types
SANS JSON and jq Quick Start GuideSANSJSON, Nested Objects, Array Elements, JSON Structure, Filtering
SQLite TutorialSQLite TutorialYesYesSQLite
SANS SQLite Pocket ReferenceSANSSQLite Database, Query Structure, Operators, Data Types, Table Joins, Timestamp Conversion, CLI Options
SoloLearnSoloLearnYesYesYes - Certificate of CompletionPython, C++, Java, JavaScript, C#, C, SQL, Machine Learning, Data Science with Python, HTML, PHP, CSS, JQuery, Ruby, React + Redux, Angular + NestJS, Swift
Free Packt WorkshopsPacktYesYesPython, Ruby, Java, Go, Clojure, C++, SQL, PHP, JavaScript, HTML, CSS
Git Started with GitHubUdemyYesInstallation, Workflow, Configuration, Git Clone, Push, Command Line
Getting Git RightAtlassianYesGit, Bitbucket Cloud, Git SSH
GitHub TrainingMicrosoft LearnYesYesYes - Digital BadgeIntroduction to GitHub, Introduction to Git, Best Practices, Pull Requests, Commits, Workflows, GitHub Script, Branching and Merging
APIs for BeginnersYouTube - freeCodeCamp.orgYesYesApplication Programming Interface (API)
Learn JSON in 10 MinutesYouTube - Web Dev SimplifiedYesJSON - What it's used for, syntax, examples
Introduction to ARM Assembly BasicsAzeria LabsYesWriting ARM Assembly, ARM Data Types and Registers, ARM Instruction Set, Memory Instructions: Loading and Storing Data, Load and Store Multiple, Conditional Execution and Branching, Stack and Functions.
DFIR Python Study GroupYouTube - Alexis BrignoniYesDFIR Python Study Group using the book "Head First Python: A Brain-Friendly Guide, 2nd edition"
It's Great to C YouYouTube - James DuffyYesC Programming