
This course allows students to gain fundamental knowledge of modern Windows and Linux host artifacts along with understanding the use cases for incident response host pivots and root cause analysis.
Course Length: 16 Hours
Includes a Certificate of Completion
Next scheduled date: WWHF Deadwood 2026 - Link at bottom.
Description
This course allows students to gain fundamental knowledge of modern Windows and Linux host artifacts along with understanding the use cases for incident response host pivots and root cause analysis.
For most security teams, high operational tempo (measured in dumpster fire lumens) incentivizes analysts to stick to well-tailored playbooks that prioritize remediation at the expense of proper incident scoping and root cause analysis. Though modern endpoint security products have significantly improved host visibility, most critical incidents will require the acquisition and analysis of additional endpoint data.
This course focuses on four core investigative competencies: endpoint data collection, investigative triage, incident response pivots, and root cause analysis.
-
System and Student Requirements:
- Stable Internet access
- x86 architecture CPU clocked at 2 GHz or higher that is capable of nested virtualization (Apple Silicon is currently not supported)
- A computer with at least 8 GB of RAM. 16 GB is recommended
- VMWare Workstation or VMWare Fusion (VirtualBox and other VM software is not supported)
- Windows 10/11, MacOSX+, or a currently supported Linux Distribution
- Full Administrator/root access to your computer or laptop
- System must also have at least 80GB of available disk space, 2 vCPUs, and be able to connect to a wireless network for Internet access
FAQ
Learning Objectives:
Gain fundamental knowledge of modern Windows and Linux host artifacts
Explain logical investigative workflows for host pivoting, data collection, and analysis
Develop an understanding of use cases for incident response host pivots and root cause analysis
Performance Objectives:
Develop host triage collection and analysis skills for effective investigations of Windows and Linux systems
Properly identify file system, OS, and memory artifacts to support timeline creation and attack path reconstruction
Build deductive reasoning and investigative prowess through hands-on exercises built around real-world scenarios
Security Operations/Incident Response Analysts
Threat Hunters
Tactical Threat Intel Analysts
Digital Forensics Investigators
Red teamers who want to perfect their operational discipline
Basic understanding of Windows and/or Linux OS fundamentals
Familiarity with attack path models, threat actor frameworks, and hunt methodologies
1-2 years of experience in security operations, incident response, or threat hunting
About the Instructor
Alissa Torres
Bio
Alissa Torres is passionate about security operations and empowering analysts to succeed in blue team ops. Her professional experience in various security roles over her career includes forensic investigations, enterprise incident response and threat hunting, security services consulting, and incident response management. Alissa currently serves as the Threat Intel manager at Cigna. Having taught as principal faculty for several pivotal cybersecurity training institutions over the last decade, Alissa has engaged hundreds of skilled professionals around the world, growing a legion of artifact hunters who share a common affinity for adversary tracking. An investigator at heart, she frequently shares accounts of her research discoveries and tales from the trenches at industry conferences.
This class is being taught at Wild West Hackin’ Fest – Deadwood 2026.
For more information about our conferences, visit Wild West Hackin’ Fest!
Clicking on the button above will take you to our registration page
Register for Upcoming
Wild West Hackin' Fest Deadwood 2026
Live Training Alissa Torres
Advanced Endpoint Investigations is being taught at Wild West Hackin’ Fest – Deadwood 2026.
For more information about our conferences, visit Wild West Hackin’ Fest!
Advanced Endpoint Investigations
On-Demand Alissa Torres
Attention: This is not a phish!
Antisyphon Training accounts have moved to learning.antisyphontraining.com. Training purchases will now be directed to that site. You can trust us.
Related products
-
Multiple InstructorsLiveOD8 Hrs
Attacking and Defending AI
View Course -
Multiple InstructorsLiveOD16 Hrs
Enterprise Security for All
View Course -
Bryan StrandLiveOD4 Hrs
Blue Team Foundations with Atomic Controls
View Course -
Multiple InstructorsLiveOD16 Hrs
Active Directory Security and Hardening
View Course

