DFIR roadmap

Investigate incidents, collect evidence, and rebuild attack timelines. Practice alert triage, then disk, memory, endpoint, and cloud forensics.

3 courses11 resourcesDFIR / threat hunter

Step-by-step path

Windows and Linux artifacts
PCAP, log, and SIEM investigations
Timeline, containment, and incident reports
Build a portfolio artifact and publish a short writeup.

Starter stack

TriageSIEMForensicsTimeline analysis

Free: Malware Traffic Analysis Paid: Blue Team Labs Online

Best next resources

Security Operations AnalystMicrosoft Learn · Free Blue Team Labs OnlineBTLO · Free + Paid LetsDefend SOC TrainingLetsDefend · Free + Paid John HammondYouTube · Free 13CubedYouTube · Free CyberDefendersPractice platform · Free + Paid