The following contains newly released DFIR & OSINT training and tools from November, as well as upcoming live training for December. A couple of these were released at the end of October and I missed them in my last blog post so I’m adding them here. I also list new additions to the Free & Affordable Training Site. Like the Free & Affordable Training Site, everything in this blog post is under $1,000.
Note: Purchases made through affiliate/partner links and/or using personalized discount codes is one of the things I rely on to be able to keep this website running. I am an affiliate or partner of the following companies, mentioned in this post and references to them contain affiliate/partner links: Hack The Box, LetsDefend, and Pluralsight.
NEWLY RELEASED TRAINING
AWS Skill Builder – AWS Security Incident Response Courses

These FREE courses come with a Certificate of Completion. Below are the links to each course:
- AWS Security Incident Response Overview
- AWS Security Incident Response – Cryptomining Use Case
- AWS Security Incident Response – Ransomware Use Case
- AWS Security Incident Response – Compromised IAM Credentials Use Case
Hack The Box – DFIR Sherlocks

Hack The Box released several FREE Sherlocks. You analyze PCAP files, memory dumps, logs, malware, etc. and answer related questions. Going forward, there will be both free and paid Sherlocks. The paid Sherlocks will be part of the VIP ($14/month) or VIP+ ($20/month) plans.
Cyber Triage – Investigating Data Exfiltration

In last months blog post, I mentioned Cyber Triage’s free Investigating Ransomware course. This month, they released an Investigating Data Exfiltration course.
This FREE course comes with a Certificate of Completion.
Ali Hadi

Ali Hadi created videos for Velociraptor, log2timeline, and Timesketch on his YouTube Channel.
Velociraptor Videos:
- Part 1: Installing Velociraptor – Server Config Files
- Part 2: Installing Velociraptor – Installing Server Package
- Part 3: Installing Velociraptor – Windows Client
Timesketch and log2timeline Videos:
- Part 1: Working with log2timeline and Timesketch
- Part 2: Overview of installing log2timeline and using Timesketch
CIRCL Forensics Training

Circle recently added new 2023 material to their FREE Forensics Training. This includes slides and training materials.
Blue Cape Security

Blue Cape Security released 201: Practical Windows Forensics Online Labs Edition.
For $199.00, you get 6 months of access to course materials and 100 hours of in-browser lab VM access. The course comes with a Certificate of Completion.
Topics Include:
- Data Collection Process
- Examination of Forensic Data
- Disk Analysis
- Windows Registry Analysis
- User Behavior Analysis
- Overview of Disk Structures, Partitions and File Systems
- Analysis of the Master File Table (MFT)
- Finding Evidence of Deleted Files with USN Journal Analysis
- Analyzing Evidence of Program Execution
- Finding Evidence of Persistence Mechanisms
- Uncover Malicious Activity with Windows Event Log Analysis
- Windows Memory Analysis
- Kitchen-Sink Analysis with Super Timelines
- Reporting
Pluralsight – Josh Stroschein

Josh Stroschein’s Malware Analysis: Initial Access Techniques course was recently released on Pluralsight.
There are subscription options including thousands of courses ranging from $29/month to $449/year. Courses come with a Certificate of Completion. WGU students and alumni – in case you didn’t know, you get Pluralsight for free!
Topics Include:
- How Malware is Delivered
- Identifying Malicious Infrastructure
- Analyzing Initial Access Malware
Blu Raven – Hands-On KQL for Security Analysts
Blu Raven just released Hands-On Kusto Query Language (KQL) for Security Analysts. There is also a $50 discount until December 5th, 2023 using code BLU2023.
This course includes 12 months access to the course material and 3 months of lab access. It comes with a Certificate of Completion.
Topics Include:
- Introduction to Databases and Logging
- KQL Fundamentals and Exploring Data
- Searching and Filtering Data
- Creating and Manipulating Fields
- Joining and Combining Datasets
- Time Traveling within the Logs
- Aggregating Data
- Anomaly Detection using KQL
- Time Series Analysis
Passware Certified Examiner (PCE)

Passware recently released an updated version of their online, self-paced Passware Certified Examiner (PCE) training. A free trial version of Passware is available to training users. After completing the course, students can take the certification exam.
Cost: $395
Topics Include:
- Encryption and Decryption
- Standard Forensic Procedures and Decryption Best Practices
- Passware Kit Forensic Overview
- Detecting Encrypted Files
- Types of Attacks Available in Passware Kit Forensic
- Batch Password Recovery
- Dictionary Manager
- Hardware Acceleration & Distributed Password Recovery
- Memory Analysis
- Full Disk Encryption
- FDE: BitLocker, TrueCrypt, and VeraCrypt
- FDE: FileVault/APFS Volumes
- Mobile Device Backups and Apple Keychain
- Resetting a Windows Admin Password
- Standalone System
- Hashes
My OSINT Training – Operational Security and Privacy

My OSINT Training released a new Operational Security and Privacy course for safety and security during online investigations.
The course comes with a Certificate of Completion.
Topics include:
- Threat Modeling
- Operational Security
- VPN
- TOR
- Identity Protections
- OPSEC Resources, Tools, and Systems
TrainSec

TrainSec released their Mastering WinDbg course.
Cost: $195 or 2 Payments of $98
Topics Include:
- WinDbg Basics
- User Mode Debugging
- Kernel Mode Debuggin
- Advanced WinDbg
- Dump Files
- Debugger Extensions
- Windows Architecture Quick Review
Blue Team Labs Online (BTLO)

Blue Team Labs Online released several new labs. There is a free option for Blue Team Labs Online. Pro access costs between $18/month to $227/year. They are currently having a Black Friday deal until December 2nd where you can get a year of Pro access for about $126. You can also buy it now and start the access year later.
Labs Released in November Included:
- Beacon (Incident Response)
- Ceasar Salad 3 (Digital Forensics)
- Grab (Reverse Engineering)
- Sublime (Threat Hunting)
- Basilisk 2 (Reverse Engineering)
Cyberdefenders

CyberDefenders released new free challenges and Pro labs. The Pro account costs $20/month – $200/year
Labs and Challenges Released in November Include:
- EcomBreach (Endpoint Forensics)
- MSI (Malware Analysis)
- AWSRaid (Cloud Forensics)
- PoisonedCredentials (Network Forensics)
LetsDefend
LetsDefend released a free Linux Disk Forensics Challenge as well as a Threat Hunting with Sysmon course. They also have a new Detection Engineering Learning Path.
They offer a limited free basic plan. A VIP SOC Analyst plan is $24.99/month and a VIP Incident Responder plan is $39.99/month (Save up to 33% paying annually). The learning paths come with Certificates of Completion.
They are currently having a 50% off Black Friday sale that is ending soon! Use code DFIRIVA50
NEWLY RELEASED TOOLS, SOFTWARE, & PROJECTS
Forensic Miner

Forensic Miner was recently released by Eilay Yosfan.
Cost: Free
Description from GitHub: “ForensicMiner, a PowerShell-based DFIR automation tool, revolutionizes the field of digital investigations. Designed for efficiency, it automates artifact and evidence collection from Windows machines. Compatibility with Flacon Crowdstrike RTR and Palo Alto Cortex XDR Live Terminal, along with its swift performance and user-friendly interface, makes ForensicMiner an indispensable asset for investigators navigating the complexities of forensic analysis.”
Ginsu

Ginsu was recently released by Doug Metz of Baker Street Forensics.
Cost: Free
Description From GitHub: “This script uses 7zip (7za.exe) to compress a specified folder and then splits the resulting archive into sections of 3GB or less. It will work (and was designed for) files larger than 3GB. Windows Defender Live Response currently only supports pulling back files of 3GB or less via the console. If your collection is larger than that, you will need to repackage it using Ginsu, or use a method outside of the console to retrieve the files.”
THOR-Cloud Lite

THOR-Cloud Lite was recently released by Nextron Systems. There is a free Community Edition and a Plus edition that is free until March 31, 2024.
Description from their website: “We just launched THOR-Cloud Lite our new free, lightweight and easy to deploy on-demand compromise assessment scanner. Allowing you to access your scans and reports from everywhere at any time. Licensing, scan campaigns and reports everything is conveniently managed in the new web-based user interface.”
Forensic OSINT

Forensic OSINT was recently launched by Ritu Gill and Robert Merriott.
Cost: There is a free version. Monthly (Professional – $55/month), Yearly (Professional – $497/year). There are other Professional and Professional ELITE options over $1,000.
Description from the website: “Developed by Forensic Notes, and leveraging the expertise of renowned OSINT specialist Ritu Gill, our software offers unparalleled evidence capture capabilities.”
The RULER Project

The Really Useful Logging and Event Repository (RULER) Project was recently launched by Phill Moore
UPCOMING LIVE ONLINE TRAINING
Cyber Threat Hunting Training Level 1 by Active Countermeasures
Date: December 1, 2023
Cost: Free
Has a Certificate of Attendance
Antisyphon Training: Ransomware Attack Simulation and Investigation for Blue Teamers w/ Markus Schober
Dates: December 7 – 8, 2023
Cost: $575
Course Length: 16 Hours
Has a Certificate of Attendance
Antisyphon Training: Network Forensics + Incident Response w/ Troy Wojewoda
Dates: Date: December 7 – 8, 2023
Cost: $575
Has a Certificate of Attendance
Antisyphon Training: Incident Response Foundations with Derek Banks
Dates: December 7 – 8, 2023
Cost: $575
Has a Certificate of Attendance
Antisyphon Training: Advanced Endpoint Investigations w/ Alissa Torres
Dates: December 7 – 8, 2023
Cost: $575
Has a Certificate of Attendance
Antisyphon Training: Next Level OSINT by Mishaal Khan
Dates: December 7 – 8, 2023
Cost: $575
Has a Certificate of Attendance
Antisyphon Training: Advanced Network Threat Hunting with Chris Brenton
Cost: $575
Dates: December 7 – 8, 2023
Has a Certificate of Attendance
Hexordia Mobile Data Structure Virtual Live Training with Jessica Hyde
Cost: $550 30% off using code: eoy23
Date: December 13th, 2023
Has a Certificate of Attendance
Cyber5W: Investigating Linux Systems with Ali Hadi
Cost: $1,250 30% off using code eoy23
Dates: December 20 – 21, 2023
Has a Certificate of Attendance
CURRENT DISCOUNTS
There are still a lot of deals going on. Instead of listing them here, they are located on the Current Discounts page.
ADDITIONS TO THE FREE & AFFORDABLE TRAINING SITE
The following was added to the Free & Affordable Training site this month:
- Investigating Data Exfiltration (BasisTech/Cyber Triage)
- Incident Response Path (Pluralsight)
- CTFs and Test Images (DFIR Training)
- ACE Responder
- Sherlocks DFIR Labs (Hack The Box)
As always, you can find over 500 training resources under $1,000 grouped by category and filterable by:
- Best Courses to Start With
- Good for Beginners
- Hands-On
- Proof of completion
- Forum/Community