Free & Affordable Training News Monthly: October 2023

It’s been over a year since my last blog post. Instead of sending out a newsletter, each month I will blog about newly launched training and let you know about upcoming training events. The focus is on Digital Forensics & Incident Response (DFIR) training. Like the Free and Affordable Training Site, nothing in these blog posts will be over $1,000. This first blog post will cover two months of new releases since I started getting caught up in September after being out of the loop for a while. I will also list the training that has been added to the Free and Affordable Training Site as well as any current discounts I know of. So, here it goes…..

Note: I am an affiliate or partner of Hack the Box, CyberDefenders, Humble Bundle, INE, Udemy, Apress Books, Amazon, and Pluralsight. Purchases made through affiliate/partner links help me cover the cost of keeping this website going.


Hack The Box Academy

Hack The Box Academy has released a new SOC Analyst Job Role Path as well as a new Certified Defensive Security Analyst (CDSA) certification to go with it. Both the learning path and the certification are hands-on. I started the training path and I’m very impressed with the content so far! I haven’t worked in a SOC before, but I can say that this is a great path for Incident Response.

Students can access the SOC Analyst Job Role Path for $8/month and can optionally purchase the CDSA certification voucher for $210.

For everyone else, access to the entire path, including the certification exam is $490/year. There are also options to access the job role path for $18/month, $38/month, or $68/month.

Alternatively, cubes can be purchased to go through each module one by one, and the exam voucher can be purchased separately (this comes to around $330).

The training includes:

  • Introduction to Digital Forensics
  • Incident Handling Process
  • Introduction to Malware Analysis
  • JavaScript Deobfuscation
  • Security Monitoring & SIEM Fundamentals
  • Windows Event Logs & Finding Evil
  • Introduction to Threat Hunting & Hunting with Elastic
  • Understanding Log Sources & Investigating with Splunk
  • Detecting Windows Attacks with Splunk
  • Windows Attack & Defense
  • Intro to Network Traffic Analysis
  • Intermediate Network Traffic Analysis
  • Working with IDS/IPS
  • YARA & Sigma for SOC Analysts
  • Security Incident Reporting

They also have a SOC Analyst Prerequisites Path that includes:

  • Linux Fundamentals
  • Introduction to Bash Scripting
  • Windows Fundamentals
  • Introduction to Windows Command Line
  • Introduction to Networking
  • Introduction to Active Directory
  • Web Requests
  • Penetration Testing Process
  • Network Enumeration with Nmap
  • Intro to Assembly Language

CSI Linux

CSI Linux released their CSI Linux Certified Computer Forensic Investigator (CCFI) training and certification. The total cost is $385. I have also started the training for this and really like it so far. It’s a mixture of reading, videos, hands-on labs, and simulations.

Topics Include:

  • Cyber Forensics
  • CSI Linux as your Forensic Workstation
  • Laws and Ethics
  • Common Documents in Computer Forensics
  • The Investigation Process
  • File Systems
  • How Data is Written to a Drive
  • Acquiring, Transporting and Storing Evidence
  • Forensic Imaging
  • Deleted Files
  • String/HEX Searching and Regex
  • Windows OS Artifacts
  • Windows Registry Forensics
  • MacOS Artifacts
  • Linux OS Artifacts
  • Methods of Hiding Data
  • Slack Space
  • Memory Forensics
  • Internet Evidence
  • File Analysis
  • Graphics and Image Analysis
  • Log Files
  • Encryption
  • Mobile Devices
  • Hacking and Malware Forensics
  • E-Discovery
  • Report Writing

I can’t talk about CSI Linux without mentioning that it’s one of my favorite distros AND that they also have a FREE certification with training included right now (with 40 CPE credits). The free CSI Linux Certified Investigator (CSIL-CI) course and exam goes over the tools and functionality of the CSI Linux distro.


13Cubed released an Investigating Windows Memory course. The price is $795. He also created a VMware Memory Forensics – Don’t Miss This Important Detail! video on YouTube.


Tyler Hudak recently released Specialized DFIR: Windows File System and Browser Forensics (part of the Incident Response Path on Pluralsight).

Topics Include:

  • Windows NTFS Analysis
  • NTFS Timeline Generation and Analysis
  • Browser Artifacts
  • Browser Analysis

Pluralsight has subscription options including thousands of courses ranging from $29/month to $449/year.

WGU students and alumni – in case you didn’t know, you get Pluralsight for free!

Cyber 5W

Cyber 5W release several Malware Analysis Courses for $50:

  • Introduction to Malware Analysis
  • Static Malware Analysis 101
  • Dynamic Malware Analysis 101
  • Static Malware Analysis 102 – IDA Pro
  • Static Malware Analysis 102 – Ghidra

Cyber 5W also released Fat File System Forensics (theory & hands-on). This course is also $50 and covers:

  • FAT
  • Forensic Importance
  • Tools
  • Sectors and Clusters
  • Cluster Allocation for Files
  • Slack Space
  • Fragmentation
  • FAT32
  • Reserved Area
  • FAT Area
  • Data Area
  • File Names
  • Root Directory Entries
  • Timestamps

Cyber 5W also has a Site Pass where you can gain access to all of their on-demand malware analysis and forensics courses for $800/year.

BasisTech/Cyber Triage

Cyber Triage recently held a live Investigating Ransomware workshop that is now a free course. You get a certificate of completion when completed. I completed the course last week using the trial version of Cyber Triage. I thought it was fun. It’s set up like an Incident Response CTF followed by a walkthrough.


INE Skill Dive

INE recently released Skill Dive – real world scenario hands-on labs. From searching for labs in their search bar, it looks like they have labs for forensics, malware analysis, PCAP analysis, and more.

Pricing for skill dive is $299 for a year for one learning area (Cyber Security, Networking, or Cloud). Each additional learning area is $99. They have a video about it here:

INE Free Defensive Cybersecurity Labs

They also released FREE demos of some of their hands-on labs here:

Pwned Labs

Pwned Labs recently launched. They have several free cloud security labs. Some look like DFIR-type labs. I haven’t had a chance to really dive into this yet, but I think it looks pretty cool.

Windows Malware Analysis for Hedgehogs

Karsten Hahn released Windows Malware Analysis for Hedgehogs – Beginner Training on Udemy. The course is $19.99.

The training covers:

  • Malware Lab Setup
  • Triage and File Type Basics
  • Wrapped Files and Installers
  • Malware Persistence and Disinfection Basics
  • Portable Executable Format and .NET
  • File Analysis Verdicts
  • Malware Classification and Analysis Reports
  • Ghidra Basics
  • Debugging Basics with x64dbg
  • Ransomware Analysis with Ghidra and x64dbg
  • Packers and Unpacking Methods


Belkasoft’s iOS Forensics with Belkasoft course was free until October 15th. It is now available on-demand for $989. It includes a free 30 day trial license for Belkasoft X.

Topics Include:

  • How to use basic and advanced methods of iOS acquisition
  • How to acquire iOS data from the cloud
  • How to analyze iOS apps, including encrypted ones
  • Which iOS system files may be of interested for a DFIR investigation and how to analyze them
  • [LE only] How to use Belkasoft X Brute-Force tool to unlock certain models of iPhone and iPad devices

MaxProd Technologies

Want to learn how to analyze PCAPs in Wireshark? MaxProd Technologies held a live Top 5 Dead or Alive | Networking Protocols Triaged in the SOC training event. It is now on YouTube.

Alexis Brignoni

Alexis Brignoni has been creating Mobile Forensics Explainer – ALEAPP videos. Check out ALEAPP on GitHub.

Dr Josh Stroschein

Dr Josh Stroschein has been updating his Learning Assembly videos on YouTube.

CybDig Cyber Security Digital Forensics

CybDig Cyber Security Digital Forensics started a YouTube series on EncCase

Kevin Holvoet

Kevin Holvoet released VirusTotal Academy – SOC & IR on YouTube


CyberDefenders released several free challenges and Pro labs. The Pro account costs $20/month – $200/year

Labs Released in September and October Include:

  • Oski – Threat Intel (Pro)
  • The Crime – Endpoint Forensics (Free)
  • Tomcat TakeOver – Network Forensics (Free)
  • REvil – Digital Forensics (Pro)
  • RAR-CVE – Malware Analysis (Pro)
  • Yara 101 – Detection Engineering (Pro)
  • Amadey – Endpoint Forensics (Pro)
  • ProPDF – Malware Analysis (Pro)
  • Kerberoasted – Threat Hunting (Pro)

Blue Team Labs Online

Blue Team Labs Online released several new labs. There is a free option for Blue Team Labs Online. Pro access costs between $18/month to $174/year.

Labs Released in September and October Include:

  • Basilisk I – Reverse Engineering
  • Certutil – Digital Forensics
  • Hash it Out – Threat Intelligence
  • Enter the Dragon I- Reverse Engineering
  • Espionage – Digital Forensics
  • Sukana – Incident Response (Free)
  • Ceasar Salad 2 – Digital Forensics
  • Thumbs Up – Digital Forensics
  • Monitor – Reverse Engineering

They also increased the lab time for those with free accounts from 2 hours/month to 10 hours/month.


LetsDefend released new courses and challenges. They offer a limited free basic plan. A VIP SOC Analyst plan is $24.99/month and a VIP Incident Responder plan is $39.99/month (Save up to 33% paying annually). Here are a couple of their new Incident Response releases:


TryHackMe launched a SOC Level 2 path.

Modules Include:

  • Log Analysis
  • Advanced Splunk
  • Advanced ELK
  • Detection Engineering
  • Threat Hunting
  • Threat Emulation
  • Incident Response
  • Malware Analysis


Digital Trails Academy

Fundamentals of Cyber Investigations & Human Intelligence was released on Digital Trails Academy by Christina Lekati and Samuel Lolagar.

The cost is: $369

Topics Include:

  • Operational Security (OPSEC)
  • Online Harassment
  • Sock Puppet Accounts
  • Prepare Your Investigation Workstation
  • Live System Options
  • Virtual Machines
  • Open Source Intelligence (OSINT)
  • The Intelligence Cycle
  • Basics of Information Gathering
  • Google, Bing, and Yandex
  • Website Investigations
  • Username Search Essentials & Tools
  • Website Content Analysis
  • Website Fingerprinting
  • Social Media Intelligence (SOCMINT)
  • Fundamental SOCMINT Techniques
  • Account Profile; Content Analysis Techniques
  • Identifying Relationships & Connecting Accounts
  • Human Intelligence (HUMINT)
  • Stages of HUMINT Operation & HUMINT Techniques
  • Covert Interviewing & Ethics


BlackPerl DFIR

BlackPerl DFIR recently launched the course: Security Mastery with QRadar SIEM ($24). This course covers setting up a lab, QRadar Architecture, Capturing Snapshots, Preparing Log Ingestion Pipelines, Building Detections, MITRE Mapping, and Managing Admin Jobs.

Nothing Cyber

Meisam Eslahi of Nothing Cyber recently started a Threat Hunt 101 Series on YouTube.


Windows Forensics Analyst Field Guide by Muhiballah Mohammed (Available on Amazon) – Release Date: October 27, 2023

The Android Malware Handbook by Qian Han, Salvador Mandujano, Sebastian Porst, V.S. Subrahmanian, Sai Deep Tetali, and Yanhai Xiong. (Available on No Starch Press) – Release Date: September 2023 (currently, it looks like the eBook is available on No Starch and the print book hasn’t been released yet. It is available for pre-order on Amazon with a release date of November 7th)

CAPER Guide to Digital Investigations by Jason Wilkins (Digital Investigations for Small Town Law Enforcement) – Release Date: October 1, 2023.



CyberDefenders added an installment plan option to their Certified CyberDefender (CCD) training & certification.

They also added a Walkthroughs tab where you can view walkthroughs of their retired challenges.

BlackPerl DFIR Academy

BlackPerl DFIR Academy added Learning Paths for their courses.

The DFIR Report

The DFIR Report launched a Mentoring and Coaching Program. They also released a new report this month: Netsupport Intrusion Results in Domain Compromise.


Here are the latest additions to the Free & Affordable Training Site from September and October:


Next Hands-On IR D&D Style Webcast (Antisyphon Training) – Cost: Free – November 1st

Introduction to Sigma (Scythe) – Cost: Free – November 7th

[Workshop] Investigating Data Exfiltration (BasisTech) – Cost: Free – November14th

How the Cloud Changes SecOps and Incident Response: Lessons from a Real-World-Living-Off-The-Cloud Attack (SANS) – Cost: Free – November 15th

For more events such as conferences, CTFs, Live Streams, and more, visit Community Events.


The Current Discounts page is updated several times per week. Here are the discounts available at the time of this blog post:

Deals Ending TODAY:

More Deals:

If you would to to receive email notifications of future blog posts from DFIR Diva, please subscribe below.

Like what I’m doing and want to help support the site? I’m on Buy Me a Coffee.