Study sequence
- Month 1: Windows internals and evidence sources
- Months 2-3: PCAP, disk, and memory basics
- Months 4-6: malware triage and ATT&CK mapping
- Month 6+: hunting hypotheses and response playbooks
DFIR / Threat Hunter
For incident response, forensics, malware triage, and hunting. Target role: Investigation and response. Expected timeline: 6-12 months.
GCIH, GCIA, GREM, SC-20035+ resourcesDFIR
Portfolio projects
- Forensic timeline
- PCAP investigation report
- YARA rule and test notes
- Incident response executive summary
Matched resources
Security Operations AnalystMicrosoft Learn · Intermediate · FreeBlue Team Labs OnlineBTLO · Intermediate · Free + PaidLetsDefend SOC TrainingLetsDefend · Intermediate · Free + PaidJohn HammondYouTube · Intermediate · Free13CubedYouTube · Intermediate · FreeCyberDefendersPractice platform · Intermediate · Free + Paid