Basic Computer Forensics introduces foundational concepts and practical skills for collecting, preserving, and analyzing digital evidence from computer systems. Students learn how forensic investigations are conducted, how common attack vectors leave artifacts, and how data is acquired and examined in a forensically sound manner. The course emphasizes disk structure, file systems, deleted data, and core forensic artifacts across Windows and Linux systems. Hands-on labs focus on evidence acquisition, file system analysis, artifact interpretation, and introductory use of forensic tools. Students finish the course with the ability to perform basic forensic analysis and explain findings in a structured manner.

Intended Audience: This course is intended for junior cyber defenders, incident responders, analysts, and technical personnel who require foundational knowledge of computer forensics. No prior forensic experience is required. Familiarity with basic operating system concepts is helpful but not mandatory.

Intermediate Computer Forensics builds upon foundational forensic skills to develop deeper investigative capability across storage media, memory, file systems, and user activity artifacts. Students learn to conduct structured forensic investigations involving disk imaging, memory acquisition and analysis, file and partition recovery, artifact correlation, and evidence reporting. The course emphasizes analytical decision-making, evidence correlation across sources, and investigative workflow rather than tool-centric operation alone. Hands-on labs focus heavily on memory forensics using Volatility, advanced file system analysis, and integrated host investigations. Students conclude with a Culmination Exercise (CULEX) requiring full-scope forensic analysis and professional reporting.

Intended Audience: This course is intended for cyber defenders, incident responders, forensic analysts, and investigators who have completed introductory forensic training or possess equivalent experience. Students should already understand basic forensic principles, disk imaging concepts, and file systems.

The Intermediate Incident Response course develops hands-on skills for identifying, investigating, and responding to security incidents in enterprise environments. Students learn to apply structured incident response methodology to real-world intrusions affecting Windows and Linux systems, including unauthorized access, malware execution, persistence, and lateral movement. The course emphasizes evidence handling, live response, artifact analysis, timeline reconstruction, and scoping impact while maintaining forensic integrity. Students conclude with a Culmination Exercise (CULEX) requiring them to investigate an active intrusion and produce structured investigative findings.

Intended Audience: Cyber defenders, incident responders, threat hunters, and security practitioners who possess foundational networking and operating system knowledge and are ready to develop practical, hands-on incident response skills.

The Intermediate Cyber Operations course develops an understanding of adversary techniques by examining how offensive actions manifest across network traffic, host artifacts, and defensive telemetry. Students execute scanning, exploitation, persistence, and lateral movement techniques while simultaneously analyzing packet captures, memory artifacts, logs, and intrusion detection alerts generated by those actions. The course emphasizes detection-aware tradecraft, enabling both defenders and attackers to understand how common tools and techniques appear on the wire and on the host. Students conclude with a Culmination Exercise (CULEX) that requires executing and analyzing offensive operations from a defensive and hunt-focused perspective.

Intended Audience: Cyber defenders, threat hunters, penetration testers, and security practitioners who possess foundational networking and operating system knowledge and want to understand how offensive techniques generate observable network and host-based artifacts.

Threat Hunting develops advanced, hypothesis-driven capability for proactively identifying adversary activity across host and network environments. Students learn to translate threat intelligence into structured hunting hypotheses aligned to adversary tradecraft and the MITRE ATT&CK framework. Through hands-on investigation, students hunt for persistence mechanisms, obfuscated malware, lateral movement, and command-and-control activity using host telemetry, network data, and federated hunting platforms. The course emphasizes analytical rigor, behavioral detection, and evidence correlation over alert-driven response. Students conclude with a mission-oriented Culmination Exercise (CULEX) requiring execution of the full hunting lifecycle, reconstruction of an intrusion timeline, and production of a structured incident report.

Intended Audience: Cyber defenders, incident responders, and threat hunters with prior experience in Windows, Linux, and network telemetry who are transitioning from reactive detection to proactive, hypothesis-driven threat hunting. This course is intended for practitioners responsible for identifying stealthy adversary behavior across enterprise host and network data sources.