Level: Foundation

FireEye Forensics Fundamentals

3 Day | Instructor Led

This three-day instructor-led course takes the student from a FireEye Alert to investigation, discovery, and reporting on a potentially infected host. In a lab environment, students will learn the fundamentals of computer forensics investigation, including legal and ethical considerations and the use of freely available tools to analyze computers for evidence of malware and other unwanted intrusion.

Inquire About:
FireEye Forensics Fundamentals

Ideal Candidates for FireEye Forensics Fundamentals Class

Network security professionals and incident responders

FireEye Forensics Fundamentals Prerequisites

Completion of the FireEye Alerts Analysis course
Windows systems administration skills
Familiarity with basic CLI commands

What You'll Get in FireEye Forensics Fundamentals

What You'll Learn in FireEye Forensics Fundamentals

Upon completion of the course the learner should be able to:

Describe the basic ethics and laws of computer/malware forensics
Describe methods of criminal, civil and administrative investigations
Demonstrate the ability to plan, execute and report on a digital forensic examination

No Certification Test Available For This Course

No Certification Test Available For This Course

FireEye Forensics Fundamentals Outline

Course Outline

  • Legal and Ethical Principles
    • What is Forensics?
    • Overview of the legal requirements and authority to proceed
    • How to be ethical in your examination
  • Methodology
    • Methods of forensics
    • How to plan an examination
    • Order of volatility
    • The level of the examination, hypothesis and reporting
    • Forensic science
  • Review of Alerts
    • The OS change report
    • Identifying where to look and what to look for
  • Live Analysis Forensics
    • Creating working copies
    • Extracting memory
    • Working with ‘live’ systems and malware
    • 28 steps, alert to report
  • Memory Forensics
    • Examining the memory image
    • Collating evidence
  • OS Artifacts
    • Architecture of the media
    • How files are stored
  • On-disk Forensics
    • Discovery of items on the disk
    • Reporting findings


A. Erlich


I just wanted to say your presentation on Social Media Technology and Security was the finest I have ever attended.

Wilder Guerra

US Navy Reserve

This course is definitely an eye opener. With how much social media has taken over, it is important to be fully aware of the capabilities along with all the risks it brings. It is important to get this course because social media is the new norm.

Rebekah Coughlin


The Social Media and Security Training course offered by UKI is a great and beneficial course combining technical training to fully understand TCP IP networking, DNS, and the harms of malware and cross-site scripting; as well as practical training that allowed attendees to play with open source social intelligence gathering solutions. This is the perfect class for those involved in IT security and interested in social media and identity theft.

Top Related Courses

The BEC XXE exercise is a customized, six-hour, Cyber Range exercise hosted on ManTech’s Advanced Cyber Range Environment (ACRE). Lead by expert cyber security engineers, the exercise can be executed in a classroom and remotely. In this exercise, BEC-based attacks are simulated. Participants will be introduced to variations of the BEC attack (both external and internal) and will capture, preserve and recover network and host-based artifacts from the attacks. They will also determine the origin of the attacks, the extent of the compromise, and any on-going activity related to it. Discussion focuses on blue team threat hunter tasks. This exercise uses a hands-on keyboard approach to create realistic technical training and management interaction opportunities where participants respond to and report events as identified. Participants are engaged via an Incident Response "Observe/Engage" Model and are encouraged to view the attack as if it were happening to their institutions in real time. Participants are asked to share what they have done or would do based on the facts provided.

All actions in war, regardless of the level, are based upon either taking the initiative or reacting in response to the opponent. By taking the initiative, we dictate the terms of the conflict and force the enemy to meet us on our terms. The initiative allows us to pursue some positive aim even if only to preempt an enemy initiative. It is through the initiative that we seek to impose our will on the enemy.

Cyber Vanguard Series - Cyber Strike takes the offensive and defensive assault tactics and applies them in several different real world scenarios. The entire course is hands on and builds upon the skills and knowledge the students have previously received. Applications include Offensive only - Hunt Teaming, Data Harvesting, and Asset Extraction, Defensive Only – Defending Your Assets, Setting Active Intrusion Systems, Vulnerability Assessment and Remediation, and Offensive and Defensive – Capture the Flag, where teams are pitted against each other to protect their own resources while attacking the opposing team.

© 2019 Ultimate Knowledge Insitute | All Rights Reserved
GSA# GS-35F-0469W