DFIR Labs

Explore Real-World Cybersecurity Intrusions with Our Interactive DFIR Labs

Our cloud-based DFIR (Digital Forensics and Incident Response) Labs offer a hands-on learning experience, using real data from real intrusions. Experience the world of digital forensics in a practical setting.

Watch the walkthrough of this service below!

Real Incidents, Real Learning

Each lab immerses you in scenarios based on public and private intrusions we have observed. We have sanitized real attack data, providing you with the most authentic and up-to-date learning experience. Engage with Elasticsearch and Kibana instances to sift through real logs to investigate actual cyber-attacks. Logs include:

  • System Logs: Windows Event Logs + Sysmon Logs
  • Network Logs: Zeek Logs + Suricata alerts
  • Memory Logs: Memory timeline processed via MemProcFS
  • Sigma Alerts: Sigma HQ + The DFIR Report Detection Rules (Private & Public)


Interactive and Engaging
Move beyond traditional learning methods. Our platform offers interactive case studies with engaging questions. Your task is to investigate logs, find connections, and solve cases. This hands-on approach enhances your DFIR knowledge and makes learning more effective.

Flexible Access, Tailored to Your Pace
Choose the learning path that suits you best. Our labs are available for 2 days, 1 week, and 2 weeks on demand, accommodating your schedule and learning speed. Within 5 minutes of purchase, your lab will be ready to start your investigation. Explore digital forensics at your own pace.

Difficulty Levels

Our labs are designed to cater to learners at all stages, from beginners to experts. With this inclusive approach, we’ve structured our offerings into three distinct difficulty levels:

  • Easy: These labs are suitable for beginners and are characterized by smaller datasets and network sizes. The quizzes are designed to be more straightforward, making these labs ideal for those new to DFIR. Easy labs may also include public reports, providing additional guidance and resources to assist in the investigation process.
  • Medium: Aimed at intermediate learners, these labs feature moderately sized cases with larger datasets and network sizes compared to easy labs. The quizzes are more challenging, requiring a good grasp of DFIR concepts without necessarily being overly complex. Public reports might be available, offering some level of assistance but less direct guidance than in easy labs.
  • Hard: Designed for advanced learners, hard labs present the most complex cases with the largest datasets and network sizes. The quizzes are significantly more challenging, reflecting real-world complexity and requiring advanced knowledge and investigative skills. For these labs, especially the ones based on Private Threat Briefs, public reports may not be available, adding an additional layer of difficulty since participants cannot rely on these reports for hints or guidance.

Personalized Support

Enhance your learning by having sessions with our experts to help you with difficult questions, talk through investigative methods, and guide you through the lab.

Earn a Certificate, Badge & CPE Credits

After completing the lab and its quiz, you’ll receive a Certificate of Achievement as well as a badge. This certificate is more than just recognition—it’s a step forward in your professional development, counting towards your Continuing Professional Education (CPE) credits.

Why Choose Us?

  • Authenticity: Engage with labs based on real and recent cyber intrusions.
  • Relevance: Gain insights from scenarios that mirror current attack strategies.
  • Recognition: Complete the labs and receive a certificate and badge to enhance your professional profile.

For Businesses: Custom Training & Lab Access

We offer custom solutions that align with your goals, providing a targeted learning experience that drives results. If you would like to purchase a pack of cases for your business, please see our options here.

Contact us to explore how our tailored packages can benefit your organization.

Educational Discounts Available

We understand the importance of accessible education and are committed to supporting both students and teachers in their pursuit of knowledge. If you’re a student, we’re pleased to offer a discount off every case. Please send an email to [email protected] from your schools email address to receive your discount.

Teachers, we recognize your role in shaping future leaders and innovators, and we’re eager to work with you to provide volume discounts that accommodate your classroom needs. Please get in touch with us to discuss further. Together, we can make education more affordable and accessible.

Disclaimer

All information in the DFIR Labs and analysis of that information shall be treated as TLP:RED. This classification mandates that the information is not shared publicly or privately without explicit permission from The DFIR Report.