Loading...
Incident Investigation Background
Cyber Incident Investigation

From Detection to Malware Behavior

A 10-session intensive program designed to equip participants with end-to-end incident investigation skills, from log analysis to proving malware behavior.

Register Now

+0

Expert Mentors

+0

Alumni

+0

Partners

0%

Client Satisfaction

Incident Investigation Training
Value Proposition

Not Just
Using Tools

Learn to think and reason like a professional investigator.

Participants can answer: what happened, how, and the proof.

Labs based on realistic incident scenarios, not academic examples.

4 Main Phases

Program Structure

10 Intensive sessions divided into 4 comprehensive investigation phases.

Phase 1: Finding the Clues

3 Sessions - Detection & Logs

  • Real-world attack patterns
  • Reading Web/DNS/Endpoint Logs
  • Identifying Scanning/Brute Force/Beaconing. Output: Find infected hosts from logs.
01

Phase 2: What Happened?

3 Sessions - Disk Forensics

  • User & System Activity
  • Registry & Event Logs
  • Prefetch Analysis
  • Data Exfiltration Proof (DNS/Proxy). Output: Build timeline.
02

Phase 3: Understanding Malware

3 Sessions - Malware Analysis

  • Static Analysis (Strings/Imports)
  • Dynamic Analysis (Sandbox)
  • C2 Logic & Persistence. Output: Explain behavior.
03

Phase 4: Telling the Story

1 Session - Reporting

  • Constructing Incident Chronology
  • Professional Report Writing
  • Mitigation Recommendations. Output: Full incident report.
04

Learning
Outcomes

After this bootcamp, you will be able to prove what actually happened.

Log Analysis

Find suspicious activity.

Reconstruction

Build attack timeline.

Malware Analysis

Understand malware behavior.

Reporting

Create defensible reports.

Tools & Environment

Use Real Forensic Tools

Autopsy
Autopsy
WireShark
WireShark
Volatitly
Volatitly
FTK Imager
FTK Imager
Velociraptor
Velociraptor
Procmon
Procmon
Sysmon
Sysmon
Splunk
Splunk
Autopsy
Autopsy
WireShark
WireShark
Volatitly
Volatitly
FTK Imager
FTK Imager
Velociraptor
Velociraptor
Procmon
Procmon
Sysmon
Sysmon
Splunk
Splunk
Autopsy
Autopsy
WireShark
WireShark
Volatitly
Volatitly
FTK Imager
FTK Imager
Velociraptor
Velociraptor
Procmon
Procmon
Sysmon
Sysmon
Splunk
Splunk
Autopsy
Autopsy
WireShark
WireShark
Volatitly
Volatitly
FTK Imager
FTK Imager
Velociraptor
Velociraptor
Procmon
Procmon
Sysmon
Sysmon
Splunk
Splunk
Limited Slots

Become an Investigator

Don't just see alerts. Understand the story. Join the Cyber Incident Investigation Bootcamp now.

00
Days
00
Hours
00
Minutes
00
Seconds
Register Now

Everything You Need to Know

Target Audience+
Suitable for: IT Security Engineer, Digital Forensic Enthusiast, Blue Team Practitioner. Not for: Absolute beginners.
Program Format+
10 Sessions (2 Hours/Session), Basic-Intermediate Level. Includes theory, hands-on labs, and case discussions.
Value Proposition+
Not just learning tools, but learning how to prove what really happened.
What services does Tunas Tech offer?+
We offer Cybersecurity Bootcamps, Penetration Testing, SOC Monitoring, and Security Audits.
What bootcamps are available at Tunas Tech?+
We are currently enrolling for SOC Analyst & Threat Intelligence Batch 1.
How does the consultation or collaboration process work?+
Contact us via WhatsApp or Email for a free initial consultation.
How can I contact Tunas Tech for consultation or service inquiries?+
Use the form on this page or click the WhatsApp button above.

Got Questions?

Have questions about our bootcamp or programs? Our team is ready reach out today!

💬Reach us on WhatsApp
Loading...
Tunas Tech - Jasa Pentest, SOC, & IT Audit Terbaik Indonesia & Asia