DFIR Related Training

Free OSINT Training

For OSINT Challenges and CTFs, see the DFIR, OSINT & Blue Team CTFs & Challenges section

Name & Direct LinkPlatformFor BeginnersHands-On ComponentProof of CompletionTopics
OSINT MiniThe Cyber InstituteYesOSINT Investigations, Objectives, Sources of Information, Effective Google and Social Media Searching, Documenting and Recording Information, VPNs.
Open Source Intelligence (OSINT)Hackers AriseMaltego, Google Hacking (Dorks), Shodan, Harvester, Mining Twitter with Twint, FOCA for Metadata, recon-ng, metagoofil, Spiderfoot, Censys, Gathering Aircraft and Flight Data with Radarbox
10 Minute OSINT TipsYouTube - The OSINT Curious ProjectGeolocation, Reverse Image Search, Facebook OSINT, Google Maps, Finding User Accounts Across Social Media, Discovering DNS Typosquatting Domains, Using APIs to Reveal Hidden Open Source Information, Using robots.txt Files for OSINT
OSINT FrameworkOSINT FrameworkTools for OSINT investigations related to Usernames, Email Addresses, Domain Names, IP Addresses, Images & Videos, Social Networks, Instant Messaging, People Search, Dating Sites, Phone Numbers, Business Records, Public Records, Transportation, Geolocation, Threat Intelligence, Malicious File Analysis, Dark Web, Metadata, Terrorism, Digital Currency, Classifies, and more.
OSINT.LinkOINT.LinkOpen Source Intelligence (OSINT) Tools & Resources: Search Engines, Social Media Intelligence, People Search, Business Search, Web Directories, Translation Service, Government Records, Maps, Web Scraping Tools, Website Monitoring Services, IP Address Tracking and more.
Free OSINT and Online Research ResourcesToddingtonThis is a database of free OSINT resources and tools, research cheat sheets, and other online investigative aids.
Creating Research Accounts for OSINT Investigations (Written Guide)OSINTCurio.usCreating sock puppet accounts on social media platforms.
SANS Must Have Free Resources for Open-Source Intelligence (OSINT)SANSFree OSINT Webcasts, Videos, Summit Talks, Blogs, and Communities
Awesome OSINTGitHub - jivoiA curated list of OSINT tools and resources.
OSINT Tools & Techniques - Free DemoUdemy - Steve AdamsYesYesThis is a short demo version of the full course. Topics include: Foundations of OSINT, Investigative Process, Virtual Machines, and LinkedIn Searching
Dark Web Foundation: A Guide to the Deep/Dark Web 2019Udemy - Dark Web AcademyYesYesTor, Bitcoin, PGP, Tails, Deep Web Markets, Common Myths
Dark Web InvestigationsHTCIADark Web Investigations, Tor. *Scroll down instead of clicking Join Now*
conINT TalksYouTube - conINTTalks from the conINT 2020 OSINT conference: Malware OSINT, Darknet, Cryptocurrency, People OSINT, Dark Web Markets, Breached Data History, Geolocation and more.
Open Source Intelligence 101 (April Wright)YouTube - Wild West Hackin' FestYesOSINT, Social Engineering, OPSEC, Sources of OSINT
CaseFileThe Cyber InstituteGetting Started with Maltego's free CaseFile tool, Combining Graphs, Importing Data, Exporting and Reports, Collaboration
Australian OSINT 2020 Symposium Recorded SessionsOSINT CombineVarious OSINT Topics
OSINT DojoOSINT DojoYesYesYes - Digital BadgesOSINT Challenges and Resources.
SANS OSINT Talks on YouTubeYouTube - SANS InstituteTelegram, OSINT for Good, OSINT Mind-State, Sock Puppets, GitHub Analysis
OSINT TutorialsYouTube - Null ByteTwint, License Plate OSINT, Photon Scanner, OSINT Browser Extensions, Maltego, EXIF Data, Aircraft OSINT, Business OSINT
OSINT ArticlesSecjuiceShodan, Malware OSINT, Sock Puppets, Artificial Intelligence, Reddit, TikTok, Facebook, Gab, Building a Username Search Tool, Pokémon Go, Creating Custom JavaScript Bookmarklets, LinkedIn, Getting an OSINT Job, SOCMINT, The Intelligence Cycle
Automating Threat Hunting on the Dark Web & Other Nitty Gritty Things (Apurv Singh Gautam)YouTube - BSides PhillyDark Web, Automation, OPSEC, Dark Web Hunting Methods
OSINT At Home - Tutorials on Digital ResearchYouTube - BendobrownReverse Image Search, EXIF/Metadata, Search Operators, Geolocation, Satellite Imagery
The Complete Open Source Intelligence (OSINT) Training CourseYouTube - Irfan ShakeelYesSearch Engine OSINT, Darknet, TOR, Deebweb, Aircraft OSINT, People Search, Company Search, Phone Number Search, Document Search, Metadata, Image OSINT, Fix Blurred or Distorted Images
Layer 8 Conference TalksYouTube - Layer 8 ConferenceOSINT, Social Engineering

Free Cloud/Cloud DFIR Training

Name & Direct LinkPlatformFor BeginnersHands-On ComponentProof of CompletionTopics
AWS Digital TrainingAWSYes - You can sort by experience levelOver 240 AWS topics
AWS Security FundamentalsAWSCloud Security, AWS Global Infrastructure, DDoS Mitigation, Detective Controls, Incident Response
Microsoft Azure TrainingMicrosoft LearnYes - Courses are labeled beginner to advancedYes - Digital BadgesThere are over 850 Azure topics.
Managing Security Operations in AzureMicrosoft LearnYes - Digital BadgesCreating Security Baselines, Identifying Security Threats with Azure Security Center, Azure Monitor Logs, Improving Incident Response with Alerting on Azure, Capturing Web Application Logs, Protecting Servers and VMS from Attacks with Azure Security Center
Cloud Storage Forensics: Endpoint Evidence with Chad TilburyYouTube - SANS Digital Forensics and Incident ResponseCloud Storage Forensics
Cloud Forensics CourseHTCIACloud Forensics, Magnet Axiom
NIST Cloud Computing Forensic Science Challenges (Publication)NISTChallenges faced by experts when responding to incidents occurring in a cloud-computing ecosystem.
Container Forensics: What to Do When Your Cluster is a Cluster - Maya Kaczorowski & Ann WallaceYouTube - CNCF [Cloud Native Computing Foundation]YesContainer Forensics, Kubernetes
The Trouble with Cloud Forensics (Slides)Slideshare - Sharique RizviCloud Forensics
Google Cloud Training (Select On-Demand Courses)Google Cloud Training/QwiklabsYes - Beginners can select Introductory levelYesYes - Digital BadgesOver 500 Google Cloud Topics

What I Have Learned From Doing A Year Of Cloud Forensics In Azure AD (Blog Post)

Microsoft 365 SecurityCloud Forensics in Azure

Free DFIR, OSINT & Blue Team CTFs and Challenges

This category tests your existing knowledge.

For training with hands-on labs, visit any of the categories on the main page and filter by “Hands-On Component”. Scheduled CTFs and challenges are listed in the monthly events blog post.

Name & Direct LinkPlatformFor BeginnersDFIR Related Challenge Type(s)
Blue Team Labs Online (Free Challenges)Blue Team Labs OnlineMemory Analysis, Network Analysis, Digital Forensics, Malware Analysis, Reverse Engineering
CyberDefendersCyberDefendersSplunk, SIEM, Malware Traffic Analysis, PCAP, OSINT, Reverse Engineering, Digital Forensics, ELK, Log Analysis
SocVelSocVelDigital Forensics & Incident Response Challenges
LetsDefend - Free VersionLetsDefendThis is a SOC Simulation Environment - Monitoring, Log Search, Case Management, Endpoint Security
The Case of the Stolen Szechuan SauceDFIR MadnessDigital Forensics, PCAP Analysis
Champlain College DFIR CTFCTFd - Champlain CollegeWindows Forensics, macOS Forensics, Wireshark, OSINT, Reverse Engineering
Forensic Challenges on Info-Sec Box

The password is: kjiIYFGsx76IOHK
Info-Sec BoxForensic challenges
Malware Analysis ExercisesGitHub - jstroschMalware Analysis
Malware-Traffic-Analysis.NetMalware-Traffic-Analysis.net PCAP Analysis
Flaws2 Defender TrackFlaws2.cloudAWS Incident Response Challenges
PwnDefendPwnDefendYesOSINT, Reverse Engineering, Forensics & Analysis
Mossé Cyber Security Institute Mossé Cyber Security Institute OSINT, Digital Forensics, YARA, Malware Analysis
HackTaleHackTaleYesA DFIR/Cyber Defense Training Game with Scenario-Based Challenges.
Immersive Labs CommunityImmersive LabsMalware Analysis, Digital Forensics, Threat Hunting
picoGympicoCTFForensics, Reverse Engineering, PCAP Analysis
CTFLearnCTFLearnYes - Has Easy, Medium, and Hard ChallengesForensics, Programming, Reverse Engineering, Binary, Cryptography
Challenges.reChallenges.reReverse Engineering Challenges
MemLabsGitHub - stuxnet999Yes - Challenges range from easy to hard.Memory Forensics
Mini Memory CTF
The Memory Sample is linked in the video.
YouTube - 13CubedMemory Forensics
CTF.LivePentesterAcademyYes - Has Beginner, Intermediate, and Advanced ChallengesNetwork Forensics, Reverse Engineering
TryHackMeTryHackMeYes - Has Easy, Medium and Hard ChallengesFree rooms include RE, Volatility, OSINT, Malware Analysis, Splunk, Linux, Ghidra, & Radare2
OSINT ChallengeThe Cyber InstituteOSINT Challenges
OSINT DojoOSINT Dojo/TwitterOSINT Challenges. Follow them on Twitter @OSINTDojo and earn Digital Badges for solving challenges.
OSINT CTFs by BushidoTokenBushidoTokenOSINT
Cyber DetectiveCyberSocOSINT
Cyber InvestigatorCyberSocOSINT
Quiztime on Twitter

Here is an article on how it works.
Twitter - @quiztimeOSINT
GeoGuessrGeoGuessrOSINT (Use your OSINT skills to figure where you are)
Challenges, CTFs and WalkthroughsAboutDFIRVarious DFIR Challenges
RangeForce Persistence Challenge  (July 21st-August 8th)RangeForceIdentify and Respond to Malicious IPs, Compromised Accounts, and Advanced Persistence.

Free Malware Analysis & Reverse Engineering Training

In this category, “Beginner” assumes that you have an understanding of the four core categories listed on the homepage and specifically have a general understanding of x86 Assembly language. There is free Assembly language training in the Programming & Scripting section of this site.

Name & Direct LinkPlatformFor BeginnersHands-On ComponentProof of CompletionTopics
Malware Noob2Ninja CourseYouTube - 0xf0xYesYesBuilding a Malware Lab, Malicious Word Documents, Static Analysis, Behavioural Analysis, Cuckoo Sandbox, Persistance Techniques, x32dbg, Emotet
Introduction to Malware AnalysisYouTube - 13CubedMalware Analysis, IDA Pro, x64dbg, YARA, Payload Distribution Format, ProcDOT, PDFs
Malware Unicorn's Reverse Engineering WorkshopsMalware UnicornYes - Reverse Engineering 101 is for BeginnersYesReverse Engineering, Environment Setup, Windows PE C Program, X86 Assembly Language, Attack Flow, Tools, Triage Analysis, Static Analysis, Dynamic Analysis, Encryption, Evasion Techniques, Packing
Reverse Engineering for BeginnersBegin.reYesYesReverse Engineering, x86 Assembly, IDA, OllyDbg, Call Stack
Reverse Engineering for BeginnersYouTube - Marcus HutchinsYesReverse Engineering, Ghidra, Compiling, Decompiling, IDA
Reverse Engineering 101FedVTEYesYesUses for Reverse Engineering, Process of Reverse Engineering, Methodology
Reverse Engineering CourseGitHub - 0xZ0FYesBinary, ASCII, Programming Languages, Assembly, Tools, DLL, Windows. Some Chapters are still in development.
Reverse Engineering Course (With Radare2)Artik BlueReverse Engineering, conditionals, functions, cases, loops, arrays, strings, var types, heaps, crackmes, pointers, dynamic memory, bitwise operations, linked lists, Radare2. The site also has advanced topics on Reversing C Code.
Reverse Engineering MalwareHackers AriseYesAssembler Basics, IDA Pro, Windows Internals, OllyDbg, System-Level Analysis
Reversing & Malware Analysis TrainingSecurity Trainings - SecurityXplodedYesLab Setup, Windows Internals, PE File Format, Assembly, Reverse Engineering, Tools, Malware Analysis, Unpacking, Memory Forensics, Exploit Development, Rootkit Analysis
Introduction to Reverse Engineering with GhidraHackaday.ioYes - The live course is over but the course materials are on the website.Ghidra, Reverse Engineering, x86_64 Architecture, Assembly Language
Android App Reverse Engineering 101Raging Rock (Maddie Stone)YesYesAndroid Application Fundamentals, DEX Bytecode, Native Libraries, Obfuscation
Binary Analysis CourseMax KerstenYesCPU Architecture (x86 and x64_86), Registers, Endianness, Flags, Assembly
Advanced Binary DeobfuscationGitHub - malrevYesObfuscation Techniques, Deobfuscation Techniques
The Art of Mac Malware (book by Patrick Wardle)objective-see llcmacOS, Malware, Static Analysis, Dynamic Analysis, Infection Vectors, Persistance, Anti-Analysis Techniques
CNIT 126: Practical Malware AnalysisSam Bowne's WebsiteYesMalware Analysis, Static Analysis, Dynamic Analysis, X86 Disassembly, OllyDbg, IDA Pro, WinDbg, Malware Behavior
Malware of the DayActive CountermeasuresActive Countermeasures provides information about different types of malware along with PCAP files. Zeus, PittyTiger, Fiesta, Taidoor, Orangeworm, Comfoo, Saefko, Magnitute, Asprox, Backoff, APT1 Virtually There
Malware Reverse Engineering Handbook (PDF)CCDCOELab Environment, Static Analysis, Dissasembly, Dynamic Analysis, Sandboxing, Debuggers, VirusTotal, String Analysis, PEiD Tool, CFF Explorer, Resource Hacker, PeStudio, IDA free, Ghidra, Process Monitor, Process Explorer, Regshot, INetSim, Cuckoo Sandbox, Windows Sandbox, Network Traffic Analysis
Introduction to Malware Analysis and Reverse EngineeringYouTube - Coleman KaneVirtualBox, Malware, Static Analysis, x86 Disassembly, Dynamic Analysis, Run-Time Analysis, YARA, PDF and Office Document Analysis, Java & SWF Malware Analysis, Android Malware Analysis, File-less Malware Analysis
Malware Analysis Using VM Introspection and Memory ForensicsClark Center - Golden RichardYesVM Introspection, Memory Forensics, Virtualization, Introspection Capabilities, Volatility
Malware Analysis BootcampYouTube - HackerSploitYesHow to Set up a Sandbox Environment, Static Analysis, File Type Identification, Generating Malware Hashes, Extracting Strings, Packers & Unpacking, PE Headers, Creating YARA Rules, Stuxnet Analysis with Ghidra
Malware Analysis Training (slides/written article with training files)GitHub - OpenRCEYesMalware Analysis, Virtual Machines, X86 Architecture, Windows, PE File Format, Analysis Tools, Disassembly, IDA Pro, OllyDbg, Unpacking, Anti-Reverse Engineering, Binary Diffing and Matching, PaiMei, PEFile and PyDasm
Introductory Malware Analysis WebcastsLenny Zeltser's WebsiteYesYesMalware Analysis Essentials using REMnux, Introduction to Malware Analysis, How to Run Malware Analysis Apps as Docker Containers
Practical Malware Analysis Essentials for Incident Responders (Lenny Zeltser)YouTube - RSA ConferenceFree Malware Analysis Tools, PeStudio, Threat Intelligence, Threat Hunting, Windows
SANS Must Have Free Resources for Malware AnalysisSANSMalware Tools, Webcasts, Resources, Cheat Sheets
Learn the Hard Stuff the Slow WayHopper's Roppers (Roppers Academy)YesC Programming, Assembly, Debugging, Reverse Engineering
Fileless Malware DemystifiedYouTube - CryptoStopperWhat Fileless Malware is, How it Works, Examples of a Dropper, Examples of Fileless Malware, Fileless Ransomware
Introduction to Reverse EngineeringYouTube - Josh StroscheinYesReverse Engineering, IDA Pro, x86, The Stack, Code Constructs, IF Statements, Loops, Jump Tables, Pointers
Josh Stroschein's YouTube Channel and WebsiteYouTube - Josh Stroschein & Josh Stroschein's WebsiteReverse Engineering, Malware Analysis, Ghidra, Cuckoo Sandbox, Maldocs, Unpacking, Debugging
Wyatt Roersma's YouTube ChannelYouTube - Wyatt RoersmaYesFoundational Malware Analysis, Cuckoo Sandbox Install
Reverse Engineering MalwareYouTube - Open SecurityTrainingYes - Course file are on the Open Security Training WebsiteUnderstanding common malware features and behavior, defeating code armoring and obfuscation, signature creation and applying prior analysis, dynamic analysis tools and how they can aid in static analysis.
Analyzing Malicious Word and Excel DocumentsYouTube - Hack In The Box Security ConferenceYes - The Files are Located HEREAnalyzing Malicious Word and Excel Files
Ali Hadi's YouTube ChannelYouTube - Ali HadiYes - The Intro to PE File Format video has lab files HERE. This is part of an Offensive Software Exploitation (OSE) course that is listed under the Ethical Hacking category of this site.Malware Analysis, Process Hacker, Investigating Windows Scheduled Tasks Used by Ransomware, .NET Malware, PE File Format
How to Set Up and Use the CuckooVMGitHub - ashemeryYesHow to setup and use the Cuckoo Sandbox VM (CuckooVM v2)
Unprotect ProjectUnprotect ProjectThis website describes different malware evasion techniques.
Introduction to Advanced Threats (slides)Black Storm Security - Alexandre BorgesReversing, Anti-Reversing, De-Obfuscation
OALabs YouTube Channel and WebsiteYouTube - OALabs, Open Analysis WebsiteTheir YouTube channel and website are all about malware analysis and reverse engineering. In addition to their YouTube videos, they have training guides on their website related to Malware Triage, Malscripts, and Using Open Data to Help Develop Robust Indicators (IOCs)
Oh You Silly Framework!: An Intro to Analyzing .NET MalwareSANSYes - Certificate of Completion (CEU Certificate).NET Malware, Malware Analysis
Colin Hardy's YouTube ChannelYouTube - Colin HardyTools, Tactics, and Techniques for Analyzing Malware, Deobfuscation, Emotet, WannaCry, SUNBURST, Maldocs
Malware Training Vol1GitHub - hasherezadeTechniques Used by Malware, Reverse Engineering
AGDC Services YouTube Channel and BlogYouTube - AGDC ServicesAutomate Labeling of Obfuscated APIs, Reverse Engineering RC4 Crypto, How Malware Walks the PEB to Find Modules By Hash
Malware-Traffic-Analysis.netMalware-Traffic-Analysis.netYesPCAP Malware Analysis Exercises and Tutorials.
Malware Analysis FundamentalsYouTube - MalwareAficionadoYesMalware Analysis Fundamentals, Creating an Analysis Lab, Hashing Algorithms, Strings, Process Monitoring

Free Digital Forensics Training

In this category, “Beginner” assumes that you have a general understanding of the four core categories listed on the home page.

Note: If you’re looking for Network Forensics, the majority of it is in the Incident Response section.

Name & Direct LinkPlatformFor BeginnersHands-On ComponentProof of CompletionTopics
Theoretical Digital Forensics Courses (There are both free and paid courses - the theoretical courses are free)

They also have communities based on the courses you're enrolled in where you can ask questions.
Cyber 5WYes (start with the intro courses)YesWindows Forensics, Linux Forensics, Evidence Acquisition, Working with Virtual Hard Disks, Linux Forensics Distros, Writing Forensics Reports
13Cubed's YouTube Channel

YouTube - 13CubedShimcache, Plaso, WSL 2, Cyber Triage, Log2Timeline, Windows Terminal, EventFinder2, Redline, macOS Forensics, iLEAPP, iOS Forensics, WMI, MFTECmd, SRUM, Timestamps, NTFS, LNK File, Jump Lists, Plaso, Shellbags, Recycle Bin Forensics, RDP Cache, Event Logs, CyberChef, Image Creation, KAPE, Volume Shadow Copies, EvtxECmd, Arsenal Image Mounter, Kansa, SIFT, Memory Analysis, Redline, Volatility, Persistence, Prefetch, Baselines, Windows Processes, Email Header Analysis
Digital Forensics BasicsTEEXYesEvidentiary Reporting, Computer Technologies, Digital Evidence Collection
Windows Forensics Workshop with Ali Hadi

Go HERE for the lab files.
YouTube - BSides AmmanYesWindows Forensics
Digital ForensicsOpenLearnYesYes - Statement of ParticipationDigital Forensics Process, History, Types of Digital Forensics
Computer ForensicsedXMust complete the edX Cybersecurity Fundamentals course first.Costs ExtraAnti-Forensics, Unix/Linux, Windows Memory Forensics, Windows File System, Forensics Tools, Artifacts, Acquisition, Analysis
Digital ForensicsHackers AriseYes - These are written tutorials that can be followed.Creating a Forensically Sound Image, Live Memory Acquisition and Analysis, Recovering Deleted Files, Registry Analysis, Pre-Fetch Files, Browser Forensics, Sysinternals, Extracting EXIF information, Android Mobile Forensics, Network Forensics
KAPE GuideAboutDFIRYesHow to Use KAPE, Examining KAPE Output, KAPE Related Videos and Blog Posts
Registry Explorer/RECmd GuideAboutDFIRYesRegistry Explorer GUI, Command Line, How to use rla.exe, Examining RECmd Output, Registry Related CTFs, Videos and Blog Posts
Timeline Explorer GuideAboutDFIRYesWhy Use Timeline Explorer, Updating EZ Tools, Timeline Explorer Related Blog Posts/Videos
Free Course Content from eForensics MagazineeForensics MagazineAndroid Mobile Forensics, File System Tunneling, EXT4 Layout, CyberChef Tutorial, Android Boot Process, FTK Imager Intro, Windows Registry Extraction with FTK Imager
Email Forensics WorkshopMetaspikeMessage Headers, DKIM, ARC, MIME, Server Metadata, Forensic Preservation Strategies
IoT Digital Forensics CourseGitHub - RJC497YesIoT Forensics, Fitbit, Echo, Smartwatch
Digital Forensics Training Materials (Slides & Command Line Cheat Sheet)circl.luPost-mortem Digital Forensics, File System Forensics and Data Recovery, Windows Memory and File Forensics
Cyber Forensics WorkshopYouTube - Ryan ChapmanYesYesNetwork Forensics, OSI Model, Encoding Schemes, File Signatures, Tools, Wireshark, Hex, ASCII, PCAP Analysis, Hashing, Covert Channels
Cellebrite Reader Online On DemandCellebriteYesYesCellebrite Reader, .UFDR reports
Cloud Forensics Course (scroll to the bottom of the page)HTCIACloud Forensics, Magnet Axiom
Free Paraben Training VideosParaben CorporationE3 Platform, Windows 10 Artifacts, Chip Dumps, Google Takeout Evidence, Importing Cellebrite Data, Processing WhatsApp Data, Data Triage, Email Deduplication, Office365 Acquisition, FitBit Data, Android Root Engine
Introduction to Digital ForensicsYouTube - DFIR.ScienceYesDigital Forensics, Cybercrime, Windows, Linux, Investigation Methods, Documentation and Reporting, Scientific Method, Data Storage, Acquisition, Photorec, tsk_recover, The Sleuth Kit, Autopsy, hfind, Malware, Memory Acquisition and Analysis, FTK Imager, Volatility, Mobile Device Aquisition, Network Analysis
An Introduction to Mobile ForensicsYouTube - MSABYesMobile Forensics
DFIR.Science YouTube ChannelYouTube - DFIR.ScienceDigital Forensics, SleuthKit, hfind, Tsurugi Linux, SDELETE, FTK Imager, File Mounting, Forensic Acquisition in Linux, DD, Volatility, LiME, Research, Scientific Method, Android Acquisition
Linux Forensics IntroInternet Archive - Hal PomeranzYesMemory Forensics, Tools, Volatility, Rootkits, IOCs, Disk Acquisition, File System, Disk Mounting, Artifacts, Disk Triage, Timeline Analysis, Logs, Syslog
Linux LEOLinux LEOYesYes - This is a detailed written guide with links to the Supplemental Files on the website. Go to "The Beginner's Guide" under Documents for the text.Linux Commands, Linux Boot Sequence, Linux Network Basics, Configuring a Forensic Workstation, Evidence Acquisition, Write Blocking, Tools, Mounting Images, Sleuth Kit, Network Investigation Tools
Linux Forensics Talks and WorkshopsGitHub - ashemeryYesLinux Forensics
XRY Reader to XAMN Viewer TransitionMSABXAMN Viewer capabilities that were not available in XRY Reader. XAMN Viewer is a free tool.
Trainings for Cybersecurity Specialists - Digital ForensicsENISAYesThis site contains handbooks with lab exercises, VMs, and Toolsets related to Digital Forensics.
macOS ForensicsYouTube - AccessDatamacOS Forensics, structure, artifacts, Plist
MFT Explorer/MFTECmd Guide AboutDFIRYesMFT Explorer, MFTECmd
NW3C Live Online TrainingNW3CThe training is intended for current US Criminal Justice Practitioners. An agency-issued email is needed.YesYesmacOS Forensics, iOS and Android Mobile Forensics, Cyber Investigations, Cellular Records Analysis, Digital Footprints, Dark Web & OSINT, Seizure, Windows Acquisition, Windows Forensics, Advertising Identifiers, Virtual Currency, Automated Forensic Tools, SQLite,
MOBILedit Forensic Express TrainingMOBILeditYesYesMOBILEdit Forensic Express Installation, Settings, Updates, Connecting a Phone, Importing Data, Connecting to iCloud, Creating Reports, Analyzing Images, Hacking Phones
Mobile Forensics: An Introduction - Josh BruntyYouTube - Adrian CrenshawYesMobile Forensics
How to Learn Forensics RoadmapHoppers RoppersYesFile Forensics, Host and Memory Forensics, Network Forensics
Digital Forensics Applied to Containers - Enhancing Intruder DilemmaYouTube - Peter StaarfaengerContainer Forensics, Docker
Container Forensics: What to Do When Your Cluster is a Cluster - Maya Kaczorowski & Ann WallaceYouTube - CNCF [Cloud Native Computing Foundation]Container Forensics, Kubernetes

Free Incident Response Training

In this category, “Beginner” assumes that you have a general understanding of the four core categories listed on the homepage. Networking knowledge is especially important.

Name & Direct LinkPlatformFor BeginnersHands-On ComponentProof of CompletionTopics
Intro DFIR: The Divide and Conquer ProcessBasis Technology - Brian CarrierYesYes - Certificate of CompletionEndpoint Visibility, Cyber Triage Basics, Malware, Prioritization, OS Configuration Changes, User Activity
Cyber Incident Analysis and ResponseTEEXYesIncident Management, Preparation, Detection, Analysis, Containment, Eradication, Recovery
CNIT 152: Incident ResponseSam Bowne's WebsiteIncident Response, Scope, Live Data Collection, Forensic Duplication, Analysis Methodology, Investigating Windows Systems, Investigating Mac OS X Systems, Investigating Applications, Report Writing.
Using MITRE ATT&CK for Cyber Threat Intelligence TrainingMITRE ATT&CK WebsiteYesYesMapping to MITRE ATT&CK, Storing and Analyzing ATT&CK-mapped data
Ryan Chapman's YouTube Channel (Cyber Forensics Workshop and more)YouTube - Ryan ChapmanYes - The Cyber Forensics Workshop contains the link to the files. Hands-On Computer Security & Incident Response - Email Header Analysis Part 1 contains a link to the files. Check out his website for more workshops: https://incidentresponse.training/workshops/Cyber Forensics Workshop, Splunk, JavaScript Deobfuscation, VirusTotal, Email Header Analysis, Malicious use of PowerShell, Hands-OnComputer Security & Incident Response, Interview Tips
Blue Teaming Free TrainingChiheb Chebbi's BlogYesYesIncident Response, Security Operations, ELK Stack, SIEM, Azure Sentinel, Wazuh, Threat Intelligence, The Hive Project, OSQuery, Kolide, MITRE ATT&CK, OSINT, Shodan, SpiderFoot, WireShark, YARA, Digital Forensics, Radare2, IDA Pro, Ghidra, Memory Analysis
Free Splunk CoursesSplunkYesYesSplunk Fundamentals, Splunk Infrastructure, User Behavior Analytics, SignalFx
Introduction to Splunk WorkshopYouTube - Blacks in CybersecuritySplunk
Free Elastic TrainingElasticYesYesLogging, Metrics, Observability, APM, SIEM, Kibana, Anomaly Detection, Elastic Cloud Enterprise
Security Onion EssentialsYouTube - Security OnionYesSecurity Onion Installation, Analyst Tools, Alert Triage & Case Creation, Hunting, Detection Engineering
Logstash TutorialTutorialspointYesYesLogstash, ELK Stack, Installation, Architecture, Collecting Logs, Grok, Plugins, APIs, Security and Monitoring
Cover6 Solutions YouTube ChannelYouTube - Cover6 SolutionsYesThreat Hunting, Security Onion, Incident Handling, PDF Malware Analysis
Free Short Course: Information Security Incident HandlingCharles Sturt UniversityYes - Certificate of CompletionIncident Handling, Hacking Techniques and Countermeasures, Writing Incident Reports, Protective Controls, Security Architecture
Threat Hunting Training CourseActive CountermeasuresYesYesLogging, Threat Intel, C2, Zeek, Firewalls, Event ID Type 3, Passer, Beacons, AI Hunter, Threat Hunting
Incident Response Playbook GalleryIncident Response ConsortiumYesMalware Outbreak, Phishing, Data Theft, Virus Outbreak, Denial of Service, Unauthorized Access, Elevation of Privilege, Root Access, and Improper Usage Playbooks.
Cisco Threat Hunting WorkshopsCiscoYesThreat Hunting, Threat Landscape, Network Security
AttackIQ AcademyAttackIQ AcademyYesYesYes - Digital BadgesMITRE ATT&CK, Threat Intelligence, Detection, FIN6, Breach & Attack Simulation, SOC, MSSP, Threat Report ATT&CK Mapper (TRAM), Threat Modeling, OCTAVE
Free Resources for Incident RespondersApplied Incident ResponseYesLateral Movement, Event Log, Memory Analysis with Volatility, Python, Default Windows Processes, WMIC, PowerShell, Lateral Movement, and BYOD.
Wireshark for Incident Response & Threat Hunting Workshop at OWASP SBYouTube - Michael WylieYes - Lab files are HEREWireshark, Incident Response, Threat Hunting
Intrusion Analysis and Threat Hunting with Suricata (Josh Stroschein/Jack Mott)YouTube - SharkFest Wireshark Developer and User ConferenceYes - Lab files are HERESuricata, Kibana, Moloch, Scirius, PCAP Analysis, SELKS, Threat Hunting,
Attack Detection FundamentalsF-SecureYesInitial Access, Code Execution and Persistence, Discovery and Lateral Movement, C2 and Exfiltration
SANS Digital Forensics and Incident Response YouTube ChannelYouTube - SANS Digital Forensics and Incident ResponseThreat Hunting, Open Source Tools, Incident Response, Event Log Analysis, Ransomware, KANSA, Moloch, Threat Intelligence
Free Course Content from eForensics MagazineeForensics MagazineSecurity Onion, Shodan, CyberChef Tutorial, YARA Tutorial
Practical Malware Analysis Essentials for Incident Responders (Lenny Zeltser)YouTube - RSA ConferenceYesFree Malware Analysis Tools, PeStudio, Threat Intelligence, Threat Hunting, Windows
Advanced Wireshark Network ForensicsYouTube - Netsec ExplainedYes - Has a link to PCAP filesWireshark, Hex Editor, Network-Based File Carving, Network Forensics, PCAP Analysis
Open-Source YARA RulesReversingLabsYARA Rules
Finding Evil with YARAYouTube - 13CubedYesWhat YARA is, Anatomy of a YARA Rule, How to use YARA
SOC Analyst Skills - Wireshark Malicious Traffic AnalysisYouTube - Gerald Auger - Simply CyberYesPCAP Analysis, Wireshark, Walkthrough of Analyzing a PCAP from Malware-Traffic-Analysis.net
Defending Against PowerShell Attacks - In Theory, and in Practice by Lee HolmesYouTube - PowerShell.orgHow attackers use PowerShell. How to defend against PowerShell attacks. Obfuscation.
The Increased Use of PowerShell in Cyber Attacks (Slides and detailed whitepaper)SlideShare - SymantecPhases of a PowerShell Attack, Obfuscation, Common PowerShell Malware, Targeted Attacks, Mitigation, Protection, Dual Use Tools and Frameworks. The link to the whitepaper is on the last slide.
Pulling Back the Curtains on EncodedCommand PowerShell AttacksPalo Alto NetworksThis is a detailed blog post about EncodedCommand PowerShell Attacks with examples.
Fileless Malware DemystifiedYouTube - CryptoStopperWhat Fileless Malware is, How it Works, Examples of a Dropper, Examples of Fileless Malware, Fileless Ransomware
I.T Security Labs YouTube ChannelYouTube - I.T. Security LabsYesYesThere are several tutorials here about how to set up a SIEM and analyze data. Topics include: Security Onion, ELK, Graylog, Snort, pfSense, Grafana, Zeek, honeypots, VMware ESXi, Docker
How to Install and Configure Zeek to Ship Logs to SplunkYouTube - Ali HadiSplunk, Zeek
Trainings for Cybersecurity SpecialistsENISAYesThis site contains handbooks with lab exercises, VMs, and Toolsets related to Network Forensics, Incident Response, Incident Detection, Honeypots, and more.
Understanding and Analyzing Weaponized Carrier FilesGitHub - rj-chapYesMaldocs, Analyzing Malicious PDF and Office files, JavaScript, and VBA.
Email Header Analysis and Forensic InvestigationYouTube - 13CubedEmail header fields, SPF, DKIM
RangeForce - Community EditionRangeForceYesYesYes - CPE Credit Certificate after 5 ModulesSnort, Suricata, YARA, Windows Event Logs
The Cuckoo's Egg DecompiledChris SandersYesLocard's Exchange Principle, Forensic Analysis, Timestamps, Network Security Monitoring, Least Privilege, Attack Surface, Process Monitoring, Phishing, Evidence Abstraction, Defensible Network Architecture, OSINT, Diamond Model, PICERL, Honeypots, Evidence Handling
LetsDefend AcademyLetsDefendYesYesSIEM, Incident Response, Malware Analysis, Detection, Threat Intelligence, Event Log Analysis.
Picus Purple AcademyPicusYesYes - CertificateLog Management, SIEM Alert Rules, Threat Hunting, Endpoint Detection and Response (EDR), MITRE ATT&CK.
Free Training at limacharlie.iolimacharlie.ioPrinciples of Detection & Response, Setting up an MSSP

MITRE ATT&CK Defender™ Training (The training itself is free, not the certifications)

CybraryYes - Courses start with ATT&CK FundamentalsYes - Certificate of CompletionATT&CK Fundamentals, ATT&CK SOC Assessments, ATT&CK Cyber Threat Intelligence
BlackPerl DFIRYouTube - BlackPerlYesIncident Response, YARA Rules, Digital Forensics, Malware Analysis
YARA Rules Guide: Learning this Malware Research ToolVaronisYesHow YARA Rules Function, Use Cases, YARA Elements, How to Write YARA Rules
Operationalize Your SIEM Skills w/Splunk

Slides: https://www.maxprodtech.org/live-events
YouTube - MaxProd TechnologiesYesUtilizing Splunk in a SOC Environment.
Email Forensics WorkshopMetaspike - Arman GungorEmail Message Headers, DKIM, ARC, MIME, Server Metadata, Forensic Preservation Strategies

Cyber CSI: Learn How to Forensically Examine Phishing Emails

BrightTALKHow to Forensically Examine Phishing Emails, Forensic Tools and Techniques, How to Investigate Smishing, Vishing, and Social Media Phishes, How to Enable Your Users to Spot Suspicious Emails, How to Spot Phishing Attempts