DFIR NetWars Continuous

Forge Your Cyber Journey - Anytime, Anywhere.

Hands-On Digital Forensics & Incident Response Exercise

DFIR NetWars Continuous is a 4-month hands-on training solution covering a wide range of cybersecurity topics designed with challenges and hints that support continuous knowledge and skill development. In DFIR NetWars Continuous, you take on the role of cyber investigator and have to uncover key clues from the evidence. The range guides you through a series of challenges where you parse through and reveal key facts within files, processes and programs commonly found in today's computing environments.
Cyber Ranges: DFIR Netwars Continuous

Key Specs

  • Focus Areas: Digital Forensics & Incident Response
  • CPEs: Up to 12
  • Delivery: Online
  • Leaderboard: No
  • Levels: All
  • Minimum Seats: 1
  • Moderator Required: No
  • Player Mode: Solo & Team
  • Run Time: 4 months
  • Scorecard: Yes

Example Task:

Discover embedded metadata in images and documents, review and extract info from PCAP files, review social media tickets and identify suspicious accounts, find last users of applications on IOS devices, analyze a malware executable file, and more.

Example Topics:

  • Windows/Endpoint incident response
  • Windows forensics
  • Mac forensics
  • Network forensics
  • Cyber threat intelligence
  • Smartphone/mobile forensics
  • Malware analysis

Suggested Tools:

MemProcFS, Registry Explorer, ExifTool, FTK Imager, Arsenal Image Mounter, Wireshark, SIFT Workstation, NetFlow, iBackupBot, EvtxExplorer, and others.

Computer Requirement:

  • Processor: 64-bit, x86, 2.0 GHz+
  • Memory: 16GB
  • HD: 200GB+ Free, plus 50GB download of evidence files and virtual machines
  • Interface: USB 3.0 | Type-A
  • OS: Windows, Mac and Linux
  • VMware (Students are expected to either provide their own forensics tools or use the local VMware VM tools that we provide).

For group purchase, reach out to our SANS advisors here.