Free & Affordable Training News Monthly: Dec 2023 – Jan 2024

The following contains newly released Digital Forensics, Incident Response, Malware Analysis and OSINT training and tools from December, as well as upcoming live training for January. I also list new additions to the Free & Affordable Training Site. Like the Free & Affordable Training Site, everything in this blog post is under $1,000.

Note: Purchases made through affiliate/partner links and/or using personalized discount codes is one of the things I rely on to be able to keep this website running. I am an affiliate or partner of the following companies mentioned in this post and references to them contain affiliate/partner links: Hack The Box, CyberDefenders, and Pluralsight.


LetsDefend – USB Forensics

Image Not Found

LetsDefend released a free, hands-on USB Forensics Course. You can earn a badge when completed.

Topics Include:

  • Introduction to USB Forensics
  • USB Registry Key
  • USB Event Logs
  • Folder Access Analysis via Shellbags
  • File Access Analysis via Jumplists
  • Automated USB Parser Tools

LinkedIn Learning – Cybersecurity Foundations: Computer Forensics

Image Not Found

LinkedIn Learning released a new hands-on Cybersecurity Foundations: Computer Forensics course. You can earn a Certificate of Completion when completed.

Cost: $34.99 – They also offer a 1 month free trial. If you are a student or alumni of WGU, you can access LinkedIn learning for free.

Topics Include:

  • Understanding Computer Forensics
  • Specializations in Computer Forensics
  • Preparing for an Investigation
  • File System Fundamentals
  • Persisting Data
  • Acquiring Data
  • Analyzing Data and Generating Reports

Pluralsight – Specialized DFIR: Windows Event Log Forensics

Image Not Found

Tyler Hudak released Specialized DFIR: Windows Event Log Forensics on Pluralsight. This course is hands-on (the files to follow along are available to download) and comes with a Certificate of Completion.

Cost: There are subscription options that include thousands of courses ranging from $29/month to $449/year. They also offer a free 10-day trial. WGU students and alumni can get Pluralsight for free.

Topics Include:

  • Windows Event Log Concepts
  • Triage Analysis of Event Logs
  • Running Chainsaw
  • Analyzing Chainsaw Output
  • Windows Security Events
  • Analyzing Windows Authentication Events
  • Analyzing Windows Process Execution Events

13Cubed – Hyper-V Memory Forensics

Image Not Found

13Cubed released a YouTube video on performing Memory Forensics on Hyper-V.

He also updated the cheat sheets on his website.

Tomorrow is also the last day to get lifetime access to Investigating Windows Endpoints and Investigating Windows Memory courses.

MyDFIR – SOC Automation Project, Velociraptor Tutorial, Event Log Analysis, and More

Image Not Found

MyDFIR created several YouTube videos this month including A SOC Automation Home Lab Project involving The Hive, Wazuh, and Shuffle for SOAR, a Velociraptor Step-By-Step Guide and Analyzing Windows Event Logs with Hayabusa.

Cyb_Detective – Linux for OSINT: 21 Day Course for Beginners

Image Not Found

Cyb_Detective released a free, hands-on Linux for OSINT: 21-Day Course for Beginners.

AhmedS Kasmani

Image Not Found

AhmedS Kasmani released videos on setting up a malware analysis lab and Ghidra UI updates.

Anuj Soni

Image Not Found

Anuj Soni released a video on analyzing and identifying API Unhooking.

BlueMonkey 4n6 – Android and iOS Backup Analysis Using *LEAPP Tools and Linux Based Tools

Image Not Found

BlueMonkey 4n6 created a video on Android and iOS backup analysis.

Hack The Box – Operation Tinsel Trace

Image Not Found

Hack The Box released five DFIR Sherlocks this month. On December 31st, they will move from being free to being part of a VIP or VIP+ plan which ranges from $14/month – $203/year. The VIP plans include CPE credit submission to ISC2.

The Sherlock Investigations Include:

  • Insider Threat
  • S3 Exposure and Theft
  • Memory Forensics
  • Printer Compromise
  • Ransomware

Blue Team Labs Online – FrostByte

Image Not Found

Blue Team Labs Online released five FrostByte labs that are available until January 5th. One is free and the others are part of the Pro subscription ($19/month to $183/year).

The Labs Include:

  • Derailed: Threat Intelligence (Pro)
  • Winter Stew: Threat Hunting (Free)
  • Snowflake: Security Operations (Pro)
  • Ice Magic: Reverse Engineering (Pro)
  • Little Helper: Incident Response (Pro)

CyberDefenders – New Labs & Challenges, New Student Discount, and New Addition to the CCD Certification

Image Not Found

CyberDefenders released several Pro labs and two free challenges. The Pro account costs $20/month – $200/year. Students can now get 20% off BlueYard Subscriptions.

Labs and Challenges released this month include:

  • OpenWire: Network Forensics (free challenge)
  • WebStrike: Network Forensics (free challenge)
  • TheTruth: Endpoint Forensics (Pro lab)
  • QBot: Endpoint Forensics (Pro lab)
  • LockBit: Endpoint Forensics (Pro lab)
  • GoogleCloudHunt: Cloud Forensics (Pro lab)
Image Not Found

CyberDefenders added a new Dynamic Analysis topic to the Malware Analysis Module of the Certified CyberDefender (CCD) training this month. The certification is $800. Students can get 20% off.

BlackPerl DFIR – Challenge Bundle

Image Not Found

BlackPerl DFIR released a Challenge Bundle that includes Cloud Website Takeover, Registry Deep Dive, and SRUM Analysis challenges. The cost is a about $36.

CSI Linux – Operation OShINT – Shake The Cobwebs CTF

Image Not Found

CSI Linux released a CTF, Operation OShINT – Shake The Cobwebs with a chance to win a free CSIL Digital Forensics or OSINT certification voucher by submitting a report by December 31, 2023.

ACE Responder – Intro to Auditd

Image Not Found

Ace Responder released an Intro to Auditd Module. This is included in their $17.49/month Analyst subscription.

Pwned Labs – Hunt in the Cloud with Splunk

Image Not Found

Pwned Labs released Hunt in the Cloud with Splunk as part of their Premium subscription ($20/month – $200/year).



Image Not Found

AuthLogParser was recently released by Eilay Yosfan who also created Forensic Miner listed in last months blog post.

AuthlogParser Description From GitHub: AuthLogParser is a powerful Digital Forensics and Incident Response tool designed specifically for analyzing Linux authentication logs, commonly known as auth.log. This tool serves as an invaluable asset for Incident Responders, streamlining the process of investigating security incidents on Linux systems. AuthLogParser meticulously scans the auth.log log file, extracting key information such as SSH logins, user creations, event names, IP addresses, and more.


Image Not Found

Forensictools was released by Cristian Souza.

Description From GitHub: forensictools is a toolkit designed for digital forensics, offering a wide array of tools. Its primary goal is to simplify the creation of a virtual environment for conducting forensic examinations.

In addition to installing the tools, forensictools seamlessly integrates the programs into the Windows PATH. This integration allows for effortless utilization of these tools directly from the command line, eliminating the need for manual setup or configuration. – UserSearch BETA 1.0

Image Not Found released the OSINT search service UserSearch BETA 1.0 located at The cost ranges from Free to $99.97/year.

Linux Incident Response

Image Not Found

Linux Incident Response was released by Abdullah.

Description From GitHub and LinkedIn: This repository contains a comprehensive cheatsheet for incident response and live forensics in Linux environments. It’s designed to help system administrators, security professionals, and IT staff quickly reference commands and procedures during an incident.

Alongside the cheatsheet, we’ve developed a handy Bash script. This script automates the execution of various commands from the cheatsheet, outputting the results into an easily digestible format. It’s a time-saver and a great tool for rapid analysis.

DriveFS Sleuth

Image Not Found

DriveFS Sleuth was released by Amged Wageh. Check out their blog post about it.

Description From GitHub: DriveFS Sleuth is a Python tool that automates investigating Google Drive File Stream disk artifacts, the tool has been developed based on research that has been performed by mounting different scenarios and noting down the changes in the Google Drive File Stream disk artifacts.

DriveFS Sleuth is capable of parsing the disk artifacts and building a filesystem tree-like structure enumerating the synchronized files along with their respective properties. DriveFS Sleuth detects some deleted synchronized items and items that have been shared with the user, compiles information on mirroring folders, and provides insights into connected device configurations along with searching functionality to facilitate the investigations. Additionally, DriveFS Sleuth offers the functionality to generate reports in HTML or CSV formats.


Image Not Found

LogBoost was released by Joseph Avanzato.

Description From GitHub: LogBoost is a command-line utility originally designed to enrich IP addresses in CSV files with ASN, Country and City information provided by the freely available MaxMind GeoLite2 DBs. LogBoost can parse and convert a variety of structured and semi-structured log formats to CSV while simultaneously enriching detected IP addresses, including JSON, IIS, W3C, ELF, CLF, CEF, KV, SYSLOG.

The tool can also perform reverse lookups on each IP address detected in the source files to identify currently related domains. If ‘GeoLite2-Domain.mmdb’ is detected in the specified MaxMind DB Dir (CWD by default), the associated TLD of the enriched IP address is provided in the output as well. On top of this, LogBoost can download text-based threat intelligence as configured in feed_config.json and parse these into a local SQLite DB which is then used to further enrich detected IP addresses with the indicator ‘type’.

GeoSpy AI

Image Not Found

GeoSpy AI is an OSINT Geolocation tool released by Upload an image or take a photo and get a location with coordinates.

YARA Forge

Image Not Found

Florian Roth released YARA Forge. Check out the blog post about it.

Description from GitHub: YARA Forge is a robust tool designed to streamline the process of sourcing, standardizing, and optimizing YARA rules. It automates the collection of rules from various online repositories, ensures they adhere to a unified standard, conducts thorough quality checks, and eliminates any broken or non-compliant rules.

The tool generates curated rule packages, ready for integration into various security products, with an emphasis on performance and stability.

GootLoader JS Unpacker and C2 Extractor

Image Not Found

Karsten Hahn released a GootLoader JS Unpacker and C2 Extractor.


Image Not Found

Accelerated Introduction to Intelligence with Joe Gray

Cost: $225

Date: January 12th, 2024

Has a Certificate of Completion

Image Not Found

Hexordia Mobile Data Structure Virtual Live Training with Jessica Hyde

Cost: $550 (30% off using code: eoy23 before December 31st)

Date: January 17th, 2024

Has a Certificate of Attendance

Image Not Found

Forensic Analysis of Apple IoT Devices (Apple TV, Watch, HomePod, HomeKit) with Mattia Epifani

Cost: Free

Date: January 24th, 2024

Has a Certificate of Attendance

Image Not Found

Practical OPSEC for Intelligence & Privacy with Joe Gray

Cost: $310

Date: January 29th, 2024

Has a Certificate of Completion


Discounts for Apress/Springer books, ASK Academy, BlackPerl DFIR, Blu Raven, Cyber 5W/Hexordia, CyberWarFareLabs, Hetherington Group, INE, LetsDefend, Cybersecurity ABC’s Book Series, Packt Publishing, Paraben, R-Tools Technology, and Trainsec are ending soon. They are listed on the Current Discounts page.


The following was added to the Free & Affordable Training Site this month:

I also added “Student Discount” and “Payment Plan Available” filters to the site.

Image Not Found

I hope everyone has a Happy New Year!