DFIR370 - Host Intrusion Methodology and Investigation
Format: Instructor-Led
Duration: 4 Days
Role(s): Analyst
Find a Class
Interested in a Learning Subscription?
More information about Learning Subscriptions
Have questions about training?
Course Description
This hands-on course focuses on the forensic assessment of an infected endpoint, utilizing a wide range of analysis techniques on volatile and disk evidence. After purposely infecting virtual systems, students will learn to apply the host intrusion methodology to recover evidence indicating what actions a hacker took against the victim computer.
The course begins with an introduction and explanation of the classroom’s virtual workspace. Instruction addresses topics, such as methods of reconnaissance, in-depth exploration of browser exploits triaging a live host, intrusion analysis methodology, data hiding and phishing techniques, and malware infection. Other areas of study include performing collections with various investigation techniques, and escalating privileges.
Students will take part in real-world scenarios by performing several different types of attacks on a mock victim machine and then examine the victim computer using OpenText™ Forensic (EnCase) to identify the artifacts left behind by the attacker. Many different types of tools and programs will be demonstrated and used during the course.
In addition to the various hacker tools, students will also utilize and discuss a variety of forensic tools, including OpenText Forensic, the direct network preview, and network intrusion EnScript programs for live incident response and collection/analysis of volatile data.
Delivery method: Group-Live. NASBA defined level: advanced
CPE Credits - 32
The course will cover the following topics:
- Conducting reconnaissance activities and using honey networks
- The life cycle of a cyber attack and the anatomy of a browser exploit
- Conducting a triage of a live host
- Understanding and establishing a viable methodology for intrusion analysis
- Data hiding and phishing activities
- Identifying and combating malware infections
- Analysis of compromised systems of remote access software and drive-by, web-browser exploits
- Analysis of memory, event logs, packet captures, and malware
- Use of tools to escalate privileges and to enhance user capabilities
Prerequisites
DF320-Advanced Analysis of Windows Artifacts course or IR250-Incident Investigation course or CFSR Certification. Students should have a good understanding of network topology and TCP/IP. Advance preparation for this course is not required.
Pricing
| Format | Currency | Price |
|---|---|---|
| Per Student | € | 3,200.00 |
| Per Student | GBP | 2,600.00 |
| Per Student | USD | 3,600.00 |
Taxes: All prices exclude VAT or other taxes where applicable (all currencies).
Extra expenses: Customer site course prices do not include instructor travel expenses, which are billed separately.
Reservations: Please provide a minimum of 3 weeks advance notice when arranging courses at customer sites.
Class Schedule
See available dates and locations below.
| Start Date | End Date | Start Time | TimeZone | Session Duration | Language | Location | Price | Currency | Guaranteed To Run | Add |
|---|---|---|---|---|---|---|---|---|---|---|
| Feb 10, 2026 | Feb 13, 2026 | 8:00 | (UTC-08:00) America/Los_Angeles (PST) | Full Day | English | Virtual Classroom | North America (PT) | 3,600.00 | USD | ✔ | Add to cart |
| Mar 17, 2026 | Mar 20, 2026 | 08:00 | (UTC+00:00) Europe/London (GMT) | Full Day | English | Virtual Classroom | UK | 2,600.00 | GBP | Add to cart | |
| Mar 17, 2026 | Mar 20, 2026 | 08:00 | (UTC+00:00) Europe/London (GMT) | Full Day | English | GBR | Reading | OpenText | 2,600.00 | GBP | Add to cart | |
| May 19, 2026 | May 22, 2026 | 08:00 | (UTC-04:00) America/New_York (EDT) | Full Day | English | Virtual Classroom | North America (ET) | 3,600.00 | USD | Add to cart | |
| May 19, 2026 | May 22, 2026 | 8:00 | (UTC-04:00) America/New_York (EDT) | Full Day | English | USA | Gaithersburg, MD | OpenText | 3,600.00 | USD | Add to cart | |
| Sep 29, 2026 | Oct 02, 2026 | 8:00 | (UTC-07:00) America/Los_Angeles (PDT) | Full Day | English | Virtual Classroom | North America (PT) | 3,600.00 | USD | Add to cart | |
| Sep 29, 2026 | Oct 02, 2026 | 8:00 | (UTC-07:00) America/Los_Angeles (PDT) | Full Day | English | USA | Pasadena, CA | OpenText | 3,600.00 | USD | Add to cart | |
| Oct 27, 2026 | Oct 30, 2026 | 08:00 | (UTC+00:00) Europe/London (GMT) | Full Day | English | GBR | Reading | OpenText | 2,600.00 | GBP | Add to cart | |
| Oct 27, 2026 | Oct 30, 2026 | 08:00 | (UTC+00:00) Europe/London (GMT) | Full Day | English | Virtual Classroom | UK | 2,600.00 | GBP | Add to cart | |
| Dec 15, 2026 | Dec 18, 2026 | 8:00 | (UTC-05:00) America/New_York (EST) | Full Day | English | Virtual Classroom | North America (ET) | 3,600.00 | USD | Add to cart | |
| Dec 15, 2026 | Dec 18, 2026 | 8:00 | (UTC-05:00) America/New_York (EST) | Full Day | English | USA | Gaithersburg, MD | OpenText | 3,600.00 | USD | Add to cart |