Digital Forensics & IR Track
Months 4–6 · Follow the evidence. Master disk forensics, memory analysis, malware reverse engineering, and court-admissible incident response procedures.
Digital Forensics Fundamentals
Weeks 13 - 16
Disk & File System Forensics
FTK Imager, Autopsy, file carving, deleted file recovery
Evidence Acquisition & Chain of Custody
Write-blockers, forensic imaging, legal documentation
Windows Artifact Analysis
Registry hives, event logs, prefetch, LNK files, shellbags
Linux & Mac Forensics
Bash history, auth logs, ext4 journal, macOS plists
Memory Forensics & Malware Analysis
Weeks 17 - 20
Memory Acquisition & Analysis
Volatility3, process trees, network connections, injections
Malware Triage & Static Analysis
PEStudio, YARA rules, string extraction, packer detection
Dynamic Malware Analysis
Cuckoo Sandbox, ANY.RUN, behavioral analysis, C2 detection
Network Forensics
PCAP analysis, Wireshark, timeline reconstruction, NetFlow
Incident Response & Capstone
Weeks 21 - 24
IR Planning & Execution
IR playbooks, containment, eradication, and recovery
Forensic Report Writing
Chain of custody docs, expert witness reports, court formats
Threat Attribution
TTPs mapping, MITRE ATT&CK, group profiling
Live-Fire DFIR Capstone
72-Hour breach investigation on compromised enterprise lab
Zharnyx Digital Forensics Certification
This track is engineered to prepare you for the upcoming ZDF (Zharnyx Digital Forensics) certification — a full forensic investigation of a compromised evidence package including memory dumps, disk images, and PCAPs. Currently in active development.
Secure Your Spot
Enroll in the DFIR Track