This course allows students to gain fundamental knowledge of modern Windows and Linux host artifacts along with understanding the use cases for incident response host pivots and root cause analysis.

For most security teams, high operational tempo (measured in dumpster fire lumens) incentivizes analysts to stick to well-tailored playbooks that prioritize remediation at the expense of proper incident scoping and root cause analysis. Though modern endpoint security products have significantly improved host visibility, most critical incidents will require the acquisition and analysis of additional endpoint data.

This course focuses on four core investigative competencies: endpoint data collection, investigative triage, incident response pivots, and root cause analysis.

Wild West Hackin’ Fest – Deadwood (Oct 7th – Oct 8th, 2025) – Deadwood, SD

October 8th – 8:30 AM to 5:00 PM MDT
October 7th – 8:30 AM to 5:00 PM MDT

Key Takeaways

Learning Objectives:

Gain fundamental knowledge of modern Windows and Linux host artifacts
Explain logical investigative workflows for host pivoting, data collection, and analysis
Develop an understanding of use cases for incident response host pivots and root cause analysis

Performance Objectives:

Develop host triage collection and analysis skills for effective investigations of Windows and Linux systems
Properly identify file system, OS, and memory artifacts to support timeline creation and attack path reconstruction
Build deductive reasoning and investigative prowess through hands-on exercises built around real-world scenarios

Who Should Take This Course

Security Operations/Incident Response Analysts
Threat Hunters
Tactical Threat Intel Analysts
Digital Forensics Investigators
Red teamers who want to perfect their operational discipline

Audience Skill Level

Basic understanding of Windows and/or Linux OS fundamentals
Familiarity with attack path models, threat actor frameworks, and hunt methodologies
1-2 years of experience in security operations, incident response, or threat hunting

Stable Internet access
x86 architecture CPU clocked at 2 GHz or higher that is capable of nested virtualization
(Apple Silicon is currently not supported)
A computer with at least 8 GB of RAM. 16 GB is recommended
VMWare Workstation or VMWare Fusion
(VirtualBox and other VM software is not supported)
Windows 10/11, MacOSX+, or a currently supported Linux Distribution
Full Administrator/root access to your computer or laptop
System must also have at least 80GB of available disk space, 2 vCPUs, and be able to connect to a wireless network for Internet access

This class is being taught at Wild West Hackin’ Fest – Deadwood 2025.

For more information about our conferences, visit Wild West Hackin’ Fest!

Clicking on the button above will take you
to our registration page on the website.

On Demand Training

Train at your own pace with no set course schedule
Access to all course resources, including slides and VMs
Subject Matter Expert support through Discord
Tips, tools, and techniques that can be applied immediately upon returning to work
Strengthen your skills by solving challenges within the Antisyphon Cyber Range
Become part of a community driven to educate and share knowledge