Kaspersky launches new course on Windows digital forensics

Kaspersky has announced the addition of a new online course on Windows digital forensics to its Expert Training portfolio. This course aims to equip InfoSec professionals with comprehensive skills in identifying, processing, and analysing digital evidence. Developed by Ayman Shaaban, Kaspersky's Digital Forensics and Incident Response Group Manager, the course offers both theoretical understanding and hands-on experience in digital forensics.

In 2023, more than one-fifth of cyberattacks persisted for over a month, highlighting the need for businesses to reduce detection-to-resolution times. One significant barrier to swift incident management is the ongoing skills shortage in cybersecurity. Kaspersky's newly developed training course seeks to address this issue by enhancing the skills of professionals in detecting digital traces of cyberattacks, a crucial aspect of the incident response process.

The Windows Digital Forensics course aims to provide participants with a fundamental understanding of digital forensics. It includes methods for obtaining various types of digital evidence, identifying traces of malicious actions, and reconstructing incident scenarios using timestamps from various Windows artefacts. Additionally, participants will gain expertise in analysing browser and email histories.

By the end of the course, trainees are expected to be proficient in several key areas: incident scoping, evidence acquisition, log file analysis, network analysis, creation of Indicators of Compromise (IoCs), and memory forensics.

Ayman Shaaban states, "During this training course, you will get acquainted with digital forensics as an important part of the incident response process and will be equipped with useful knowledge that help you to swiftly handle, contain, understand, and recover from cyber-attacks and effectively minimise their impact in the quickest way possible."

The program includes a secure virtual lab designed to assess participants' understanding and enhance their practical skills. This virtual environment allows trainees to apply their newly acquired knowledge in a controlled, risk-free setting. According to Kaspersky, the course will benefit both companies aiming to enhance their incident response teams and individual cybersecurity professionals seeking to upgrade their technical analysis skills in digital forensics.

Organisations must be prepared for incidents by centrally managing logs, retaining them for extended periods, and safeguarding them against tampering, malicious access, or accidental loss. They also need the ability to conduct prompt forensic investigations. Kaspersky's course aims to equip participants with the skills and knowledge required for these critical tasks.

The Windows digital forensics training is part of a broader series of courses focused on incident response, allowing specialists to tailor their educational paths in this field. By enhancing their skills in digital forensics, participants can help organisations achieve greater cyber-resilience, swiftly mitigate the impact of attacks, and improve their overall incident management capabilities.