Digital Forensic Analysis - Advanced

Course Description: Advanced Digital Forensics

This course is taught in online mode and consists of 4 units.

The duration of the course is distributes between content and collaboration tools. Upon completion, the student will receive an accrediting diploma.

Training is done through our Virtual Campus , with this modality you will have all the didactic content on the course platform and it will be accessible, from the start day of the course, 24 hours a day, every day of the week. The student will also have participation forums , as well as a continuous tutoring .

The course is taught in tele-training modality (100% bonus option) and in-person and tele-in-person training actions can also be carried out on demand.


The Advanced Digital Forensic Analysis course is designed to offer specialized and practical training in the field of computer security and judicial expertise. The objective of the course is to train students to perform high-level forensic analysis, using advanced methodologies and tools, and applying the legal and ethical principles that govern this professional activity.

Addressed to

The course is aimed at professionals and students in the field of computer security, computer forensics, judicial expertise, cybersecurity, auditing, consulting, research or teaching, who want to expand and update their knowledge and skills in analysis. digital forensics.

Course content

Unit 1. Incident Response and Forensic Analysis

Unit 2. Methodology and expertise

Unit 3. Forensic and DFIR on Windows

  • Evidence Acquisition Tools: Live Response
  • Selective search tools
  • Artifacts: Registration, Events, Trash, Prefetching, USBs, LNKs, Scheduled Tasks, VSS, Browsers, Email, applications, recent files, jumplists, etc,...
  • Malware: Features, Hiding, Windows Services and Processes, Svchost Abuse, Persistence
  • Typical persistence techniques in systems
  • Ram Memory Analysis, Remote or local analysis techniques, Volatility, file dumps, Credentials in memory
  • Intrusion: Recent files, Discovery of lateral attacks
  • File Systems: Interpreting NTFS File System Forensic Artifacts

Unit 4. Forensic and DFIR on Linux

  • Forensic Concepts and Distributions
  • Digital Forensics Incident Response
  • Triage on Linux
  • RAM Memory Forensic
  • File system analysis
  • Advanced Deleted Information Recovery
  • Detailed operation and artifacts of GNU/Linux
  • Differences between System V and Systemd
  • Recovery of key items
  • Monitoring tools and help for forensic analysis
  • Analysis of real cases

Previous requirements

No prior technical requirements are necessary to take this course. However, basic computer skills and knowledge of environments related to Information Technology are recommended.


If you are interested in taking this course in any training modality, contact us to request an offer .

| /

Information related to training

Soporte siempre a tu lado

Training support: Always by your side

Formación presencial y telepresencial

Do you need another training modality?


Bonuses for companies