This course is designed to help forensic examiners who lack an understanding of Linux artifacts as well as how to leverage Linux tools for conducting forensic exams. To meet this goal the students will learn Linux operating system fundamentals and gain proficiency with command line and bash shell scripting to accomplish forensic tasks. This knowledge will be leveraged to learn strategies for analyzing Linux systems.
Students will be exposed to Linux in three different modes: Linux in a virtual machine on a Windows host, the Windows Subsystem for Linux, and a bootable Linux thumb drive. By working through practical scenarios, students will learn the pros and cons of each mode.
At the end of this class, the student will:
- Gain an understanding of Linux command line basics and become a more proficient Linux user.
- Learn how Windows or Linux exam may be augmented by native Linux CLI commands and graphic tools.
- Understand Linux operating system artifacts conduct analysis of Linux systems.
This course assumes the student has some experience doing Windows investigations but little or no experience using and/or analyzing Linux. The only prerequisite for the class is a willingness to type commands rather than click their mouse.
WHEN: January 12 – 16, 2026. This class will finish at midday on Friday.
COST: $2,695.00 US Dollars
EQUIPMENT: Classroom laptops will be given to the students to take home and keep.
REGISTRATION: Click HERE for information about registration and hotel accommodations
