The following contains newly released DFIR & OSINT training and tools from November, as well as upcoming live training for December. A couple of these were released at the end of October and I missed them in my last blog post so I’m adding them here. I also list new additions to the Free & Affordable Training Site. Like the Free & Affordable Training Site, everything in this blog post is under $1,000.

Note: Purchases made through affiliate/partner links and/or using personalized discount codes is one of the things I rely on to be able to keep this website running. I am an affiliate or partner of the following companies, mentioned in this post and references to them contain affiliate/partner links: Hack The Box, LetsDefend, and Pluralsight.

NEWLY RELEASED TRAINING

AWS Skill Builder – AWS Security Incident Response Courses

These FREE courses come with a Certificate of Completion. Below are the links to each course:

Hack The Box – DFIR Sherlocks

Hack The Box released several FREE Sherlocks. You analyze PCAP files, memory dumps, logs, malware, etc. and answer related questions. Going forward, there will be both free and paid Sherlocks. The paid Sherlocks will be part of the VIP ($14/month) or VIP+ ($20/month) plans.

Cyber Triage – Investigating Data Exfiltration

In last months blog post, I mentioned Cyber Triage’s free Investigating Ransomware course. This month, they released an Investigating Data Exfiltration course.

This FREE course comes with a Certificate of Completion.

Ali Hadi

Ali Hadi created videos for Velociraptor, log2timeline, and Timesketch on his YouTube Channel.

Velociraptor Videos:

Part 1: Installing Velociraptor – Server Config Files
Part 2: Installing Velociraptor – Installing Server Package
Part 3: Installing Velociraptor – Windows Client

Timesketch and log2timeline Videos:

Part 1: Working with log2timeline and Timesketch
Part 2: Overview of installing log2timeline and using Timesketch

CIRCL Forensics Training

Circle recently added new 2023 material to their FREE Forensics Training. This includes slides and training materials.

Blue Cape Security

Blue Cape Security released 201: Practical Windows Forensics Online Labs Edition.

For $199.00, you get 6 months of access to course materials and 100 hours of in-browser lab VM access. The course comes with a Certificate of Completion.

Topics Include:

Data Collection Process
Examination of Forensic Data
Disk Analysis
Windows Registry Analysis
User Behavior Analysis
Overview of Disk Structures, Partitions and File Systems
Analysis of the Master File Table (MFT)
Finding Evidence of Deleted Files with USN Journal Analysis
Analyzing Evidence of Program Execution
Finding Evidence of Persistence Mechanisms
Uncover Malicious Activity with Windows Event Log Analysis
Windows Memory Analysis
Kitchen-Sink Analysis with Super Timelines
Reporting

Pluralsight – Josh Stroschein

Josh Stroschein’s Malware Analysis: Initial Access Techniques course was recently released on Pluralsight.

There are subscription options including thousands of courses ranging from $29/month to $449/year. Courses come with a Certificate of Completion. WGU students and alumni – in case you didn’t know, you get Pluralsight for free!

Topics Include:

How Malware is Delivered
Identifying Malicious Infrastructure
Analyzing Initial Access Malware

Blu Raven – Hands-On KQL for Security Analysts

Blu Raven just released Hands-On Kusto Query Language (KQL) for Security Analysts. There is also a $50 discount until December 5th, 2023 using code BLU2023.

This course includes 12 months access to the course material and 3 months of lab access. It comes with a Certificate of Completion.

Topics Include:

Introduction to Databases and Logging
KQL Fundamentals and Exploring Data
Searching and Filtering Data
Creating and Manipulating Fields
Joining and Combining Datasets
Time Traveling within the Logs
Aggregating Data
Anomaly Detection using KQL
Time Series Analysis

Passware Certified Examiner (PCE)

Passware recently released an updated version of their online, self-paced Passware Certified Examiner (PCE) training. A free trial version of Passware is available to training users. After completing the course, students can take the certification exam.

Cost: $395

Topics Include:

Encryption and Decryption
Standard Forensic Procedures and Decryption Best Practices
Passware Kit Forensic Overview
Detecting Encrypted Files
Types of Attacks Available in Passware Kit Forensic
Batch Password Recovery
Dictionary Manager
Hardware Acceleration & Distributed Password Recovery
Memory Analysis
Full Disk Encryption
FDE: BitLocker, TrueCrypt, and VeraCrypt
FDE: FileVault/APFS Volumes
Mobile Device Backups and Apple Keychain
Resetting a Windows Admin Password
Standalone System
Hashes

My OSINT Training – Operational Security and Privacy

My OSINT Training released a new Operational Security and Privacy course for safety and security during online investigations.

The course comes with a Certificate of Completion.

Topics include:

Threat Modeling
Operational Security
VPN
TOR
Identity Protections
OPSEC Resources, Tools, and Systems

TrainSec

TrainSec released their Mastering WinDbg course.

Cost: $195 or 2 Payments of $98

Topics Include:

WinDbg Basics
User Mode Debugging
Kernel Mode Debuggin
Advanced WinDbg
Dump Files
Debugger Extensions
Windows Architecture Quick Review

Blue Team Labs Online (BTLO)

Blue Team Labs Online released several new labs. There is a free option for Blue Team Labs Online. Pro access costs between $18/month to $227/year. They are currently having a Black Friday deal until December 2nd where you can get a year of Pro access for about $126. You can also buy it now and start the access year later.

Labs Released in November Included:

Beacon (Incident Response)
Ceasar Salad 3 (Digital Forensics)
Grab (Reverse Engineering)
Sublime (Threat Hunting)
Basilisk 2 (Reverse Engineering)

Cyberdefenders

CyberDefenders released new free challenges and Pro labs. The Pro account costs $20/month – $200/year

Labs and Challenges Released in November Include:

EcomBreach (Endpoint Forensics)
MSI (Malware Analysis)
AWSRaid (Cloud Forensics)
PoisonedCredentials (Network Forensics)

LetsDefend

LetsDefend released a free Linux Disk Forensics Challenge as well as a Threat Hunting with Sysmon course. They also have a new Detection Engineering Learning Path.

They offer a limited free basic plan. A VIP SOC Analyst plan is $24.99/month and a VIP Incident Responder plan is $39.99/month (Save up to 33% paying annually). The learning paths come with Certificates of Completion.

They are currently having a 50% off Black Friday sale that is ending soon! Use code DFIRIVA50

NEWLY RELEASED TOOLS, SOFTWARE, & PROJECTS

Forensic Miner

Forensic Miner was recently released by Eilay Yosfan.

Cost: Free

Description from GitHub: “ForensicMiner, a PowerShell-based DFIR automation tool, revolutionizes the field of digital investigations. Designed for efficiency, it automates artifact and evidence collection from Windows machines. Compatibility with Flacon Crowdstrike RTR and Palo Alto Cortex XDR Live Terminal, along with its swift performance and user-friendly interface, makes ForensicMiner an indispensable asset for investigators navigating the complexities of forensic analysis.”

Ginsu

Ginsu was recently released by Doug Metz of Baker Street Forensics.

Cost: Free

Description From GitHub: “This script uses 7zip (7za.exe) to compress a specified folder and then splits the resulting archive into sections of 3GB or less. It will work (and was designed for) files larger than 3GB. Windows Defender Live Response currently only supports pulling back files of 3GB or less via the console. If your collection is larger than that, you will need to repackage it using Ginsu, or use a method outside of the console to retrieve the files.”

THOR-Cloud Lite

THOR-Cloud Lite was recently released by Nextron Systems. There is a free Community Edition and a Plus edition that is free until March 31, 2024.

Description from their website: “We just launched THOR-Cloud Lite our new free, lightweight and easy to deploy on-demand compromise assessment scanner. Allowing you to access your scans and reports from everywhere at any time. Licensing, scan campaigns and reports everything is conveniently managed in the new web-based user interface.”

Forensic OSINT

Forensic OSINT was recently launched by Ritu Gill and Robert Merriott.

Cost: There is a free version. Monthly (Professional – $55/month), Yearly (Professional – $497/year). There are other Professional and Professional ELITE options over $1,000.

Description from the website: “Developed by Forensic Notes, and leveraging the expertise of renowned OSINT specialist Ritu Gill, our software offers unparalleled evidence capture capabilities.”