Step-by-step path
- Windows and Linux artifacts
- PCAP, log, and SIEM investigations
- Timeline, containment, and incident reports
- Build a portfolio artifact and publish a short writeup.
Investigate incidents, collect evidence, and rebuild attack timelines. Practice alert triage, then disk, memory, endpoint, and cloud forensics.